Question 1

What is an MCP Server?

Accepted Answer

An MCP (Model Context Protocol) server is a software component that exposes tools, data sources, and APIs to AI agents and large language models. MCP servers act as structured interfaces that allow AI systems to read files, query databases, call APIs, and interact with enterprise systems. Because MCP servers grant AI agents access to critical business resources, their security, permissions, and data handling practices require independent assessment before enterprise deployment.

Question 2

What is an AI Trust Assessment?

Accepted Answer

An AI Trust Assessment is an independent evaluation of an AI agent, MCP server, or AI platform that produces a structured Trust Score and risk report. The assessment covers security posture, permission scope, data handling practices, abuse resistance, compliance alignment, and governance maturity. Metinc's AI Trust Assessments provide enterprises with independent evidence to approve, monitor, or block AI tools before connecting them to critical business systems.

Question 3

Why do AI agents require governance?

Accepted Answer

AI agents operate autonomously and can request access to sensitive systems, data, and APIs on behalf of users and organizations. Without governance, enterprises face risks including unauthorized data access, prompt injection attacks, tool poisoning, supply chain vulnerabilities, and compliance violations. AI agent governance frameworks define who can assess and approve AI tools, what access levels are permitted, how risks are monitored continuously, and how incidents are escalated.

Question 4

What is AI Safety?

Accepted Answer

AI Safety refers to the technical and operational practices that prevent AI systems from causing unintended harm to individuals, organizations, or society. In enterprise contexts, AI safety covers prompt injection prevention, jailbreak resistance, output validation, human oversight mechanisms, access controls, and alignment with acceptable use policies. Metinc evaluates AI safety as part of every trust assessment.

Question 5

What is AI Governance?

Accepted Answer

AI Governance is the set of policies, processes, roles, and controls an organization uses to manage AI systems responsibly. Enterprise AI governance addresses risk assessment, procurement approval, access management, compliance monitoring, audit logging, and incident response for AI tools and agents. As AI adoption accelerates, robust AI governance frameworks are becoming a regulatory and operational requirement.

Question 6

What is Agentic AI Risk?

Accepted Answer

Agentic AI Risk refers to the unique security and governance risks that arise when AI systems operate autonomously — taking sequences of actions, using tools, and accessing systems without step-by-step human approval. Key agentic AI risks include excessive tool permissions, prompt injection via external data sources, uncontrolled multi-agent delegation, data exfiltration, and the execution of unintended or harmful actions at machine speed.

Question 7

How does Metinc assess AI systems?

Accepted Answer

Metinc conducts independent, structured assessments of AI agents, MCP servers, and AI platforms. Each assessment evaluates security architecture, permission scope, data handling practices, abuse resistance, compliance alignment, and governance maturity. Assessments produce a quantitative Trust Score (0–100) across multiple risk dimensions, a detailed risk report, and a continuous monitoring plan. Verified systems are listed in the Metinc Trust Directory and receive a Trust Badge that enterprises can reference for procurement decisions.

Tomáš Novák

What this assessment indicates

Legal hard-blocker findings

Domain performance

Prioritized remediation roadmap

Turn these findings into a compliance plan