AGENT_DATA_EGRESS
Verify DLP controls exist for AI agent data flows — PII redaction before model calls, data classification enforcement, approved routing rules.
Framework Mappings
AIUC-1 A001 — Data PolicySOC 2 CC6.1 — Logical & Physical AccessOWASP Agentic ASI01 — Agent Behaviour Hijack
Agent Frameworks Scanned
Claude CodeLangChainCrewAIAutoGenMCP
Evaluation Facets
01
PII Redaction
RequiredWeight: 0.3
Pass:Redaction middleware with pattern rules for sensitive data
Partial:Limited patterns covering only some PII types
Fail:No redaction middleware
02
Data Classification
Weight: 0.25
Pass:Classification scheme defined with enforcement rules
Partial:Defined but not enforced
Fail:No classification scheme
03
Model Routing Rules
RequiredWeight: 0.25
Pass:Routing rules per data class with approved provider restrictions
Partial:Incomplete data class coverage
Fail:No routing restrictions
04
Output Filtering
Weight: 0.2
Pass:Output filtering scans for leaked PII before returning to users
Fail:No output filtering
Remediation Steps
- 1Add PII redaction middleware before all model API calls
- 2Define a data classification scheme with enforcement rules
- 3Configure model routing rules per data classification level
- 4Add output filtering to catch PII in model responses
Evaluate this control automatically
Connect your repos and Brigs evaluates AGENT_DATA_EGRESS across all your agent configurations.
Get Started — Free