[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-84348-en":3,"doc-seo-84348-105":29,"detail-sidebar-cat-0-en-105":91},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":20,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},84348,1099514068365,"Aurelia","https://ap-avatar.wpscdn.com/avatar/10000253d8d9f28188e?_k=1776742907772140068",6,"Technology","From Legacy Documentation to OSCAL: An MCP-Based Agent Pipeline for Threat-Informed Continuous Compliance in Critical Infrastructure","Critical infrastructure operational technology often cannot be actively scanned, yet continuous risk assessment and compliance still require evidence. This paper introduces a non-invasive, MCP-grounded multi-agent pipeline that converts natural-language system descriptions into source-verified knowledge graphs and audit-ready artifacts in NIST OSCAL. The design decouples LLM reasoning from deterministic retrieval against authoritative threat intelligence, reducing fabricated vulnerabilities and hallucinated attack paths. In a water-utility scenario, the pipeline achieves 0.90 CVE recall and perfect D3FEND recall, producing schema-valid System Security Plan and Security Assessment Report outputs.","From Legacy Documentation to OSCAL: An MCP-Based Agent Pipeline for Threat-Informed Continuous Compliance in Critical Infrastructure  \nLea Muth  \nDepartment of Mathematics and Computer Science Freie Universitt Berlin Berlin, Germany [Lea.Muth@fu-berlin.de](Lea.Muth@fu-berlin.de)  \nMarian Margraf  \nDepartment of Mathematics and Computer Science Freie Universitt Berlin Berlin, Germany [Marian.Margraf@fu-berlin.de](Marian.Margraf@fu-berlin.de)  \narXiv :2607 .08288v 1 [ cs .CR] 9 Jul 2026  \nAbstract—In critical infrastructure, operational technology environments often cannot be actively scanned, and yet active system feedback is needed for risk assessment and compliance. This paper presents a non-invasive, MCP-grounded multi-agent pipeline that converts natural-language system descriptions into source-verified knowledge graph and audit-ready artifacts in the NIST OSCAL format for continuous automated compliance management. The architecture decouples LLM-based reasoning from deterministic knowledge retrieval against authoritative threatintelligence sources, reducing the risk of fabricated vulnerabilities and hallucinated attack paths.  \nIn an evidence-based synthetic scenario of a water utility, the pipeline achieves 0.90 CVE recall and perfect D3FEND recall. It generates a schema-valid OSCAL System Security Plan and an OSCAL Security Assessment Report. Nevertheless, the core insight is not that grounding via MCP eliminates errors (e.g., hallucinations) entirely from the pipeline, but that it shifts errors into the first phase of asset extraction from the natural language description. Here, a single incorrectly extracted entity can lead to genuine but irrelevant CVEs in subsequent stages of the pipeline, which consumes time and resources. However, it makes the remaining risk visible, verifiable, and suitable for a timeefficient manual review, since the infrastructure (e.g., version numbers, OS, etc.) is typically known.  \nIndex Terms—BSI Grundschutz, compliance as code, Industrial Control Systems, Cyber Threat Intelligence (CTI), Model Context Protocol (MCP), Open Security Controls Assessment Language (OSCAL)  \nI. INTRODUCTION  \nIn mid-September 2025, the global cybersecurity landscape underwent a significant tactical escalation. Anthropic’s Threat Intelligence team disclosed a sophisticated AI-orchestrated espionage campaign, presumably executed by the statesponsored group GTG-1002 [1] . For the first time in documented history, threat actors leveraged an autonomous framework based on Anthropic’s Claude Code and the Model Context Protocol (MCP) to execute complex cyber operations with  \n© 2026 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.  \nminimal human intervention (80%-90% automated tactical operations), demonstrating that the primary threat of AI lies not in generating novel zero-day exploits, but in accelerating the overall attack lifecycle [1] . This acceleration poses a severe systemic risk to critical infrastructure, where the defensive posture is often constrained by operational technology. critical infrastructure sectors such as energy and water management rely on legacy Industrial Control Systems (ICS) with life cycles that span decades. Given the fragility of these legacy operational technology environments, standard security measures (e.g., active vulnerability scanning) pose unacceptable availability risks [26] . Consequently, while attackers already use Multi-Agent Systems with MCP, defenders still lack real-time visibility and often rely on fragmented static asset documentation. While AI-powered tools promise to close this gap, they also introduce fundamental reliability problems, as they h","cbCaitGDBnNiN4nH","https://ap.wps.com/l/cbCaitGDBnNiN4nH","pdf",178474,1,8,"English","en",105,"# Abstract\n# Index Terms\n# Introduction\n## Motivation and problem context\n## Proposed solution overview","[{\"question\":\"Why is threat-informed continuous compliance difficult in critical infrastructure operational technology?\",\"answer\":\"Operational technology in critical infrastructure often cannot be actively scanned, so defenders lack real-time visibility. They also face reliability issues such as hallucinated CVEs/CVSS and fabricated attack paths when using AI tools, while regulators demand rigorous, well-documented risk management.\"},{\"question\":\"How does the proposed pipeline reduce hallucinations when generating OSCAL artifacts?\",\"answer\":\"The pipeline grounds agent reasoning with MCP and uses deterministic knowledge retrieval against authoritative CTI sources. This decouples LLM-based reasoning from retrieval and iteratively enriches a knowledge graph before converting it into OSCAL artifacts.\"},{\"question\":\"What outputs does the pipeline generate for compliance workflows?\",\"answer\":\"It produces schema-valid NIST OSCAL artifacts, specifically a System Security Plan and a Security Assessment Report, derived from the enriched knowledge graph built from the natural-language description.\"}]",1784194976,20,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":86,"head_meta":88,"extra_data":90,"updated_unix":27},"from-legacy-documentation-to-oscal-an-mcp-based-agent-pipeline-for-threat-informed-continuous-compliance-in-critical-infrastructure","",{"@graph":35,"@context":85},[36,53,68],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/technology/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/from-legacy-documentation-to-oscal-an-mcp-based-agent-pipeline-for-threat-informed-continuous-compliance-in-critical-infrastructure/84348/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":62,"encodingFormat":60,"isAccessibleForFree":63,"interactionStatistic":64},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-17","2026-07-16",true,{"@type":65,"interactionType":66,"userInteractionCount":20},"InteractionCounter",{"@type":67},"ViewAction",{"@type":69,"mainEntity":70},"FAQPage",[71,77,81],{"name":72,"@type":73,"acceptedAnswer":74},"Why is threat-informed continuous compliance difficult in critical infrastructure operational technology?","Question",{"text":75,"@type":76},"Operational technology in critical infrastructure often cannot be actively scanned, so defenders lack real-time visibility. They also face reliability issues such as hallucinated CVEs/CVSS and fabricated attack paths when using AI tools, while regulators demand rigorous, well-documented risk management.","Answer",{"name":78,"@type":73,"acceptedAnswer":79},"How does the proposed pipeline reduce hallucinations when generating OSCAL artifacts?",{"text":80,"@type":76},"The pipeline grounds agent reasoning with MCP and uses deterministic knowledge retrieval against authoritative CTI sources. This decouples LLM-based reasoning from retrieval and iteratively enriches a knowledge graph before converting it into OSCAL artifacts.",{"name":82,"@type":73,"acceptedAnswer":83},"What outputs does the pipeline generate for compliance workflows?",{"text":84,"@type":76},"It produces schema-valid NIST OSCAL artifacts, specifically a System Security Plan and a Security Assessment Report, derived from the enriched knowledge graph built from the natural-language description.","https://schema.org",{"og:url":51,"og:type":87,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":89,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":92},[93,97,101,105,110,113,118,122,126,129,133],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":94,"show_sort_weight":95,"slug":96},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":98,"show_sort_weight":99,"slug":100},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":102,"show_sort_weight":103,"slug":104},"Exam",70,"exam",{"id":106,"doc_module":4,"doc_module_name":45,"category_name":107,"show_sort_weight":108,"slug":109},5,"Comic",60,"comic",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":111,"slug":112},50,"technology",{"id":114,"doc_module":4,"doc_module_name":45,"category_name":115,"show_sort_weight":116,"slug":117},7,"Healthcare",40,"healthcare",{"id":21,"doc_module":4,"doc_module_name":45,"category_name":119,"show_sort_weight":120,"slug":121},"Research & Report",30,"research-report",{"id":123,"doc_module":4,"doc_module_name":45,"category_name":124,"show_sort_weight":28,"slug":125},9,"Religion & Spirituality","religion-spirituality",{"id":28,"doc_module":4,"doc_module_name":45,"category_name":127,"show_sort_weight":28,"slug":128},"World Cup","world-cup",{"id":130,"doc_module":4,"doc_module_name":45,"category_name":131,"show_sort_weight":130,"slug":132},10,"Lifestyle","lifestyle",{"id":134,"doc_module":4,"doc_module_name":45,"category_name":135,"show_sort_weight":106,"slug":136},19,"General","general"]