Review data handling for compliance
AI agents call compliance_review to retrieve information from Thales Cdsp Crdp without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
This tool appears to perform a compliance audit or review of data handling processes. The verb 'review' and the compliance context suggest it reads and analyzes data handling configuration and logs to provide compliance assessment, similar to a compliance report generator. No evidence suggests it modifies data (Write), executes arbitrary operations (Execute), deletes data (Destructive), or moves money (Financial).
From the tool's definition Tool named 'compliance_review' with description 'Review data handling for compliance' indicates a querying/auditing function that examines existing data handling practices without modifying, executing operations on, or deleting data.
Attacks that exploit this kind of access
Review data handling for compliance. It is categorised as a Read tool in the Thales Cdsp Crdp MCP Server, which means it retrieves data without modifying state.
Register the Thales Cdsp Crdp MCP server in PolicyLayer and add a rule for compliance_review: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Thales Cdsp Crdp. Nothing to install.
compliance_review is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the compliance_review rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for compliance_review. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
compliance_review is provided by the Thales Cdsp Crdp MCP server (sanyambassi/thales-cdsp-crdp-mcp-server). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →