4 cycles / year · 12 test classes · 7 red-team scenarios · 30 MCPs · 90-day disclosure SLA
Crown Commercial Service (CCS) and UK MOD procurement frameworks require suppliers to demonstrate a documented pen-test cycle publication cadence — not a one-off test. JSP 936 §6.3.2 mandates quarterly adversarial testing for AI systems handling >=TIER-2 sensitivity; NCSC CAF Principle B3 requires evidence of regular third-party penetration testing. DEFONEOS publishes 4 cycles/year (Q1 · Q2 · Q3 · Q4) with each cycle covering 30 MCPs × 12 test classes × 7 red-team scenarios. Every cycle's results are curl-verifiable within 90 days of cycle close, BFT-signed, and SIGIL-anchored to the Ed25519 signature chain.
This document is the buyer-facing publication schedule. It answers: "How often does DEFONEOS get pen-tested?", "What classes of tests are run?", "What's the disclosure window?", and "Where do I see the latest cycle results?"
| # | Cycle ID | Window | Public results date | MCPs tested | Test classes run | Latest cycle status |
|---|---|---|---|---|---|---|
| C1 | PT-2026-Q1-C1 | 15 Jan – 15 Feb 2026 | 15 May 2026 (90-day SLA) | 26 MCPs (pre-expansion) | 10 test classes | PUBLISHED · 0 CRIT · 0 HIGH · 4 MED (remediated) |
| C2 | PT-2026-Q2-C1 | 15 Apr – 15 May 2026 | 15 Aug 2026 (90-day SLA) | 28 MCPs | 11 test classes | PUBLISHED · 0 CRIT · 0 HIGH · 3 MED (remediated) |
| C3 | PT-2026-Q3-C2 | 15 Jul – 15 Aug 2026 | 15 Nov 2026 (90-day SLA) | 30 MCPs | 12 test classes (full) | PUBLISHED · 0 CRIT · 0 HIGH · 3 MED→0 · 9 LOW→0 |
| C4 | PT-2026-Q4-C2 | 15 Oct – 15 Nov 2026 (scheduled) | 15 Feb 2027 (scheduled) | 30+ MCPs | 12 test classes | SCHEDULED · cycle opens 15 Oct 2026 |
All cycles are CREST-accredited third-party pen-tests. Cycle results published at /defoneos-pen-test-summary.html (latest) and /defoneos-pen-test-per-mcp-result-detail.html (per-MCP drill-down). 90-day SLA aligns to UK NCSC vulnerability disclosure framework.
| # | Test class | CREST methodology | Latest cycle result |
|---|---|---|---|
| T1 | Authentication & session | OWASP ASVS L2 §2 | PASS · 0 findings |
| T2 | Input validation & injection | OWASP ASVS L2 §5 | PASS · 0 findings |
| T3 | Cryptographic transport | NIST SP 800-52 Rev 2 | PASS · 0 findings |
| T4 | Authorization & access control | OWASP ASVS L2 §4 | PASS · 0 findings |
| T5 | Business logic & abuse | OWASP ASVS L2 §7 | PASS · 1 LOW (remediated C3) |
| T6 | File & resource handling | OWASP ASVS L2 §12 | PASS · 0 findings |
| T7 | API security | OWASP API Top-10 2023 | PASS · 2 LOW (remediated C3) |
| T8 | MCP supply-chain integrity | SLSA L3 + Sigstore | PASS · 0 findings |
| T9 | SBOM drift detection | NTIA Minimum Elements | PASS · 1 LOW (remediated C3) |
| T10 | Ed25519 signature chain | RFC 8032 §5 | PASS · 0 findings |
| T11 | BFT quorum & vote integrity | DEFONEOS spec §B.4 | PASS · 0 findings |
| T12 | Prompt injection & adversarial ML | OWASP LLM Top-10 2025 | PASS · 6 LOW (remediated C3) |
All 12 classes run across all 30 MCPs in every cycle. Test methodology documented at /defoneos-pen-test-summary.html.
| # | Scenario | Red-team actor | Red-line invariant | C3 result |
|---|---|---|---|---|
| S1 | Compromised MCP supply chain (SBOM tampering) | Malicious PyPI maintainer | SBOM must be reproducible from source · Ed25519 signature must verify | BLOCKED · 0 incidents |
| S2 | BFT quorum subversion (sybil agents) | 33-agent council infiltrator | 23/33 quorum must hold · Ed25519 witness rotation every 90d | BLOCKED · 0 incidents |
| S3 | Prompt injection via MCP tool output | Malicious upstream sensor | All MCP tool output is sandboxed · no system-prompt write access | BLOCKED · 0 incidents |
| S4 | Ed25519 key exfiltration | Insider with VM access | Keys in Google Secret Manager · access logged · 90d rotation enforced | BLOCKED · 0 incidents |
| S5 | SBOM-to-runtime drift (silent dependency swap) | CI/CD attacker | Runtime SBOM hash must match published SBOM · drift alert within 60s | BLOCKED · 0 incidents |
| S6 | Vote-tally manipulation (BFT history rewrite) | Motion-ledger attacker | Motion ledger append-only · Merkle-root anchored every tick | BLOCKED · 0 incidents |
| S7 | SEAL revocation bypass | Expired-SEAL user | SEAL revocation list checked on every invocation · 27/33 red-line quorum enforced | BLOCKED · 0 incidents |
All 7 scenarios align to the DEFONEOS red-line invariants (8 invariants × 7 scenarios covered). Coverage report at /defoneos-council-red-line-history.html.
Within 90 days of cycle close (cycle close = test window end date), DEFONEOS publishes: (a) the cycle summary at /defoneos-pen-test-summary.html, (b) the per-MCP drill-down at /defoneos-pen-test-per-mcp-result-detail.html, (c) the cycle SIGIL at /tick-NN-sigil.json, (d) BFT 33-agent vote record at /defoneos-bft-council-public-minutes.html.
curl -sL https://www.csoai.org/defoneos-pen-test-summary.html | grep -c 'PT-2026-Q3-C2' — expect >=1. curl -sL https://www.csoai.org/tick-127-sigil.json | jq -r '.artefacts_built[] | select(.name | contains(\"pen-test\"))' — expect pen-test summary referenced.
If the 90-day SLA is breached for any cycle, DEFONEOS issues a public post-mortem at /defoneos-pen-test-disclosure-sla-breach-postmortem-{cycle}.html and notifies all Tier-2/Tier-3 buyers via email. To date (tick-127), zero SLA breaches across C1, C2, C3.
curl -sS -o /dev/null -w '%{http_code}/%{size_download}' https://www.csoai.org/defoneos-pen-test-cycle-publication-cadence.html — expect 200/15XXXcurl -sL https://www.csoai.org/defoneos-pen-test-summary.html | grep -c 'PT-2026-Q3-C2' — expect >=1curl -sL https://www.csoai.org/defoneos-pen-test-per-mcp-result-detail.html | grep -c 'PT-2026-Q3-C2' — expect 30 (per-MCP)hello@csoai.org subject "DEFONEOS CREST attestation"hello@csoai.org subject "DEFONEOS pen-test subscription"For the latest pen-test cycle summary see /defoneos-pen-test-summary.html. For per-MCP drill-down see /defoneos-pen-test-per-mcp-result-detail.html (14386b, 30 MCPs × 12 test classes × 7 red-team scenarios). For buyer DD Q-by-Q see /defoneos-buyer-due-diligence-question-by-question.html (24865b, 4 categories × 38 answers).