CSAI Foundation Announces RiskRubric V2 as the Next Key Milestone to Secure the Agentic Control Plane

2026-06-04 · Source: Cloud Security Alliance · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Emerging Technologies & Innovation · Depth: Intermediate, quick

Summary

The CSAI Foundation announced RiskRubric V2, a systematic methodology designed to quantify AI model risk, set to launch later in Q3 2026. This release marks a key milestone in the foundation's 2026 mission to secure the Agentic Control Plane. RiskRubric V2 expands upon the Cloud Security Alliance's evidence-based AI risk rating system, moving beyond traditional AI models to include MCP Servers. It will incorporate a multi-scanner ecosystem, powered by partners Deloitte Italy, PointGuardAI, and Tumeryk, alongside modernized evaluation pillars addressing emerging operational and autonomous AI risks. A new Confidence Scoring model will also be introduced to enhance transparency in assessment validation, aiming to provide a reproducible and transparent framework for evaluating complex agent-driven AI ecosystems.

Key takeaway

For AI Security Engineers tasked with securing agent-driven AI systems, yesterday's tools are insufficient. You should prepare to integrate RiskRubric V2 into your risk assessment workflows when it launches in Q3 2026. This framework offers an expanded, evidence-based approach to evaluate autonomous AI, including MCP Servers, and provides a Confidence Scoring model for greater transparency. Adopting RiskRubric V2 will enable you to measure the true boundary of modern AI systems and embed trust into complex agentic ecosystems.

Key insights

RiskRubric V2 provides a systematic, evidence-based framework for quantifying and securing risks in autonomous, agent-driven AI systems.

Principles

• AI security needs new tools for agentic era.
• Trust infrastructure is vital for agentic ecosystems.
• Transparency and reproducibility are core to AI risk assessment.

Method

RiskRubric V2 employs a multi-scanner ecosystem, expanded assessment coverage for MCP Servers, modernized evaluation pillars, and a Confidence Scoring model to quantify AI system risk.

In practice

• Evaluate AI systems using RiskRubric V2.
• Assess MCP Servers for agentic AI risks.
• Utilize Confidence Scoring for assessment transparency.

Topics

• AI Security
• Agentic AI
• RiskRubric V2
• Cloud Security Alliance
• AI Risk Assessment
• MCP Servers

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, MLOps Engineer, Director of AI/ML

Related on AIssential

• RiskRubric Updates: AI Risk Assessment for the Agentic Era — AI risk assessment must expand beyond models to encompass full system architectures and autonomous agents.
• [D] We found 18K+ exposed OpenClaw instances and ~15% of community skills contain malicious instructionsc — Autonomous agent frameworks like OpenClaw present novel and severe security risks, particularly from unreviewed community skills.
• Governing Security in the Age of Infinite Signal – From Discovery to Control — AI's accelerated vulnerability discovery mandates a critical shift from detection to robust control and governance to manage escalating systemic risk.
• MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems — MCPThreatHive automates end-to-end threat intelligence for Model Context Protocol agentic systems using AI and a specialized taxonomy.
• New tools and guidance: Announcing Zero Trust for AI — Zero Trust principles must extend to AI systems to manage new trust boundaries and emergent risks.
• What we learned mapping a year’s worth of AI-enabled cyber threats — AI-enabled cyberattacks are evolving rapidly, making traditional threat assessment and security frameworks inadequate.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Cloud Security Alliance.