AI Security Standards
CIS Controls, CIS Benchmarks, AI Companion Guides, MCP Benchmark work, and practical control mapping for emerging AI systems.
Open to AI security standards & enablement roles
Andrew Dannenberger
AI Security Standards & Enablement
Securing the space between AI capability and real-world action.
I help organizations adopt AI safely by translating LLM, agentic AI, MCP, and RAG risks into practical security guidance, benchmarks, tools, and enablement programs.
profile — zsh
$ whoami andrew-dannenberger $ cat profile.json { "focus": "AI Security Standards & Enablement", "standards": "Principal Co-author, CIS v8.1 MCP Guide", "specialties": ["MCP", "CIS Controls", "Agentic AI"], "based": "Chicago Area / Remote", "currently": "Building a CIS MCP Benchmark" }
Highlights
Principal Co-author CIS Controls v8.1 MCP Companion Guide
Collaborator CIS Controls v8.1 AI/LLM Companion Guide
Collaborator CIS Controls v8.1 AI Agents Companion Guide
CIS Webinar From Prompts to Protocols: The Security Blueprint for Enterprise AI
Upcoming TopCyberPro Podcast
How AI Systems Work
The AI Action Pipeline
Modern AI systems move from model inference through agentic reasoning, MCP tool calls, and data retrieval — gated by human review — before taking real-world action. Understanding this flow is the foundation of AI security.
AI System Flow
Model Context Protocol Input Model LLM inference
Logic Agent reasoning
Protocol MCP Tools dispatch
Context Data retrieval
Control Gate Human Review approval
Output Action execute
Observe Audit Log record
Human control gate
MCP Protocol boundary
Action output
Note —
This diagram is a simplified educational overview of how AI, agents, and MCP interact. Real
deployments vary significantly.
Point of View
How I Think About AI Security
A few convictions that shape how I approach standards, tools, and enablement.
Controls beat principles
Principles tell teams what to care about; controls tell them what to configure, check, and audit. Risk only drops when guidance gets specific enough to act on — which is why I work in benchmarks and control mappings, not abstractions.
Most AI failures happen at a boundary
Prompt injection, confused-deputy access, over-scoped tools — the dangerous failures live at the seams between instruction and data, model and tool, agent and action. Securing those boundaries matters more than hardening the model alone.
Enablement is a security strategy
The fastest way to create shadow AI is to make the safe path the hard path. Giving people usable, well-governed ways to adopt AI prevents more real-world risk than a strict policy that quietly gets ignored.
Human approval is a control, not a speed bump
Human-in-the-loop is most valuable exactly when an agent can take an action it cannot take back. Designed deliberately, it is a control point worth keeping — not friction to engineer away.
Expertise
What I Work On
Bridging the gap between AI capability and responsible adoption — through standards, benchmarks, and practical enablement.
MCP & Agentic AI Security
Tool governance, least privilege, prompt and resource exposure, approval flows, confused deputy risk, and auditability across MCP ecosystems.
Secure AI Enablement
AI Office Hours, leadership briefings, customer education, practical adoption guidance, and security-aware AI workflows for all skill levels.
Applied AI Systems
Chatbots, RAG, knowledge systems, SecureSuite Platform MCP concepts, and secure AI implementation patterns.
Published Work
Selected Work
Standards authorship, benchmarks leadership, and enablement programs.
Published Principal Co-Author
CIS Controls v8.1 MCP Companion Guide
Center for Internet Security · April 2026
Translated MCP-specific risks — tool invocation, authorization, confused-deputy patterns, and third-party server governance — into practical CIS Controls-aligned guidance across all 18 Controls.
MCP Security CIS Controls Authorship
Ongoing Lead
CIS AI Benchmarks Community
Center for Internet Security · Ongoing
Leading community work to advance practical guidance for emerging AI technologies, including scope definition, coordination, feedback cycles, and publication strategy.
CIS Benchmarks Standards Community
Ongoing Lead
AI Office Hours & Enablement Programs
Center for Internet Security · Ongoing
Designed and leads AI enablement sessions for beginner and advanced users, turning complex AI security topics into practical workflows and adoption guidance.
Enablement Training Adoption
Open to AI security standards and enablement roles
Interested in conversations about AI security advisory, standards authorship, enablement leadership, and organizations building serious AI security programs.