1.2 Verified Ownership

Description

Every agent MUST have a verified human or organizational owner responsible for its behavior, security, and compliance.

Rationale

Agents that cannot be traced to a responsible party create accountability gaps. When incidents occur, there must be a clear escalation path.

Audit Procedure

1. Check for SECURITY.md or CODEOWNERS file
2. Verify ownership claims in DNS TXT records
3. Check agent manifest for owner information

Remediation

1. Create SECURITY.md with owner and contact info
2. Add DNS TXT record for ownership
3. Register ownership in AIM registry

Framework Mappings