Reference lines for AI security. One catalog, crosswalked to SAIF, ATLAS, NIST AI RMF, OWASP LLM, OWASP Agentic, CSA AICM, SANS AISMM, ISO/IEC 42001, NIST 800-53, NIST AI 600-1, the EU AI Act, GDPR, and OWASP AISVS.
A distinct class of risk is taking shape that MERIDIAN deliberately does not crosswalk yet: the prospect of a misaligned AI agent operating as an insider inside the systems that run it. This is the inverse of the catalog's posture. Every control here defends an AI system you build, acquire, or use against external attack. The emerging "AI control" work instead asks how an organization would detect, contain, and shut down its own deployed agents if those agents could not be trusted.
The early public blueprints are worth tracking: Google DeepMind's AI Control Roadmap and its TRAIT&R taxonomy of rogue-agent tactics, Anthropic's agent containment work, and Redwood Research's control protocols. They share a real insight for any security team — that agentic systems can distribute an attack across many instances so each step looks benign in isolation, which is a detection-engineering problem you will meet well before anyone runs a rogue superintelligence.
Why it isn't in the catalog: these are threat models and lab-internal research roadmaps, not stable control frameworks. The leading example is labelled v0.1 by its own authors and expected to change substantially. The mitigations are frontier-lab engineering programs, not testable controls a typical organization implements and an assessor verifies. Pinning a verified crosswalk to a moving draft would break the one promise MERIDIAN makes — that every mapping is checked and version-pinned. When this work stabilizes into something an organization can be assessed against, it will earn a crosswalk. Until then it lives here, named but not claimed.