{
  "purpose": "Security-buyer taxonomy alignment for the public demo. This is not a compliance claim.",
  "owasp_llm_top_10_alignment": [
    {
      "category": "LLM01 Prompt Injection",
      "demo_context": "Indirect injection through retrieved markdown and cross-modal instructions."
    },
    {
      "category": "LLM02 Sensitive Information Disclosure",
      "demo_context": "Policy-scoped synthetic PII and target-context leakage probes."
    },
    {
      "category": "LLM05 Improper Output Handling",
      "demo_context": "Tool-use and downstream action risk routed to the customer's scorer."
    },
    {
      "category": "LLM06 Excessive Agency",
      "demo_context": "Target facts declare tools, permissions, and deployment surface before generation."
    },
    {
      "category": "LLM08 Vector and Embedding Weaknesses",
      "demo_context": "Retrieval-source and embedding-change context feeds regression plans."
    }
  ],
  "nist_ai_rmf_alignment": {
    "use": "Evidence traceability for risk review workflows.",
    "non_claim": "K2 does not produce compliance attestation or replace governance tooling."
  },
  "recommended_first_vertical": {
    "name": "enterprise support copilot",
    "why": "Combines RAG, tools, uploaded images, PII scope, and regression history."
  }
}
