docs: add advisory guidance for external tool connectors

ACKNOWLEDGEMENTS.md

@@ -23,7 +23,7 @@ Individuals who made a significant contribution to the project:
 | Name | Affiliation | Links |
 | --- | --- | --- |
 | Ramshath MM | [Astra Security](https://www.getastra.com) | [LinkedIn](https://www.linkedin.com/in/ramshath) |
-| Chia Min Jun Lennon | Independent Security Researcher | [GitHub](https://github.com/Hinotoi-agent) |
+| Chia Min Jun Lennon | Ernst & Young (EY)<br>(The views contributed are of the individual and do not represent the EY organization.) | [GitHub](https://github.com/Hinotoi-agent), [LinkedIn](https://www.linkedin.com/in/lennon-chia/) |
 | Josh Kotrous | [Pensar](https://pensarai.com) | [LinkedIn](https://www.linkedin.com/in/joshkotrous) |
 <!-- Add your name here via pull request. -->
 

README.md

@@ -32,7 +32,7 @@ APTS is not a testing methodology. It complements PTES, OWASP WSTG, and OSSTMM b
 - **Tier 2 (Verified)**: 85 additional (157 cumulative). Full transparency, tamper-proof audit trails, and independently verifiable findings.
 - **Tier 3 (Comprehensive)**: 16 additional (173 cumulative). Highest assurance for critical infrastructure and L4 autonomous operations.
 
-Ten additional advisory practices live exclusively in the [Advisory Requirements appendix](./standard/appendix/Advisory_Requirements.md) under the `APTS-<DOMAIN>-A0x` identifier pattern. Advisory practices are not counted toward any tier and do not affect conformance.
+Eleven additional advisory practices live exclusively in the [Advisory Requirements appendix](./standard/appendix/Advisory_Requirements.md) under the `APTS-<DOMAIN>-A0x` identifier pattern. Advisory practices are not counted toward any tier and do not affect conformance.
 
 APTS has no certification body, no mandatory third-party audit, and no fee. Platforms are assessed against the requirements and conformance is documented. The standard does not prescribe who performs the assessment; internal self-assessment, independent internal review, and external third-party assessment are all valid approaches, and the choice is left to the reader.
 

index.md

@@ -43,7 +43,7 @@ APTS is not a testing methodology. It complements PTES, OWASP WSTG, and OSSTMM b
 - **Tier 2 (Verified)**: 85 additional (157 cumulative). Full transparency, tamper-proof audit trails, and independently verifiable findings.
 - **Tier 3 (Comprehensive)**: 16 additional (173 cumulative). Highest assurance for critical infrastructure and L4 autonomous operations.
 
-Ten additional advisory practices live exclusively in the [Advisory Requirements appendix](./standard/appendix/Advisory_Requirements.md) under the `APTS-<DOMAIN>-A0x` identifier pattern. Advisory practices are not counted toward any tier and do not affect conformance.
+Eleven additional advisory practices live exclusively in the [Advisory Requirements appendix](./standard/appendix/Advisory_Requirements.md) under the `APTS-<DOMAIN>-A0x` identifier pattern. Advisory practices are not counted toward any tier and do not affect conformance.
 
 APTS has no certification body, no mandatory third-party audit, and no fee. Platforms are assessed against the requirements and conformance is documented. The standard does not prescribe who performs the assessment; internal self-assessment, independent internal review, and external third-party assessment are all valid approaches, and the choice is left to the reader.
 

standard/7_Supply_Chain_Trust/README.md

@@ -55,7 +55,7 @@ The 22 requirements in this domain fall into seven thematic groups:
 
 A platform claims conformance with this domain by satisfying all MUST requirements at the compliance tier it targets. APTS defines three cumulative compliance tiers (Tier 1 Foundation, Tier 2 Verified, Tier 3 Comprehensive) in the [Introduction](../Introduction.md); a Tier 2 platform satisfies every Tier 1 TP requirement plus every Tier 2 TP requirement, and a Tier 3 platform satisfies all three tiers. SHOULD-level requirements are interpreted per RFC 2119.
 
-Three appendix-only advisory requirements for this domain (APTS-TP-A01 Breach Notification and Regulatory Reporting, APTS-TP-A02 Privacy Regulation Compliance, APTS-TP-A03 Professional Liability and Engagement Agreements) are documented in the [Advisory Requirements appendix](../appendix/Advisory_Requirements.md). They are not required for conformance at any tier.
+Four appendix-only advisory requirements for this domain (APTS-TP-A01 Breach Notification and Regulatory Reporting, APTS-TP-A02 Privacy Regulation Compliance, APTS-TP-A03 Professional Liability and Engagement Agreements, APTS-TP-A04 External Tool Connector Trust Boundaries and Credential Isolation) are documented in the [Advisory Requirements appendix](../appendix/Advisory_Requirements.md). They are not required for conformance at any tier.
 
 Every requirement in this domain includes a Verification subsection listing the verification procedures a reviewer uses to confirm implementation.
 

standard/Frontispiece.md

@@ -72,4 +72,4 @@ Licensed under [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/).
 
 | Version | Date | Notes |
 |---------|------|-------|
-| 0.1.0 | April 2026 | Initial release. Eight domains, 173 tier-required requirements across three compliance tiers, plus 10 advisory practices in the appendix. |
+| 0.1.0 | April 2026 | Initial release. Eight domains, 173 tier-required requirements across three compliance tiers, plus 11 advisory practices in the appendix. |

standard/Getting_Started.md

@@ -81,7 +81,7 @@ Depending on your role:
 ## Common Questions
 
 **Q: Do I need to implement all 173 requirements?**
-No. Start with Tier 1 (72 requirements). Tier 2 and Tier 3 add requirements progressively for cumulative totals of 157 and 173. An additional 10 advisory practices live in the [Advisory Requirements appendix](appendix/Advisory_Requirements.md) under the `APTS-<DOMAIN>-A0x` identifier pattern; advisory practices are not required for conformance at any tier. See [Introduction: Compliance Tiers](Introduction.md#compliance-tiers) for details.
+No. Start with Tier 1 (72 requirements). Tier 2 and Tier 3 add requirements progressively for cumulative totals of 157 and 173. An additional 11 advisory practices live in the [Advisory Requirements appendix](appendix/Advisory_Requirements.md) under the `APTS-<DOMAIN>-A0x` identifier pattern; advisory practices are not required for conformance at any tier. See [Introduction: Compliance Tiers](Introduction.md#compliance-tiers) for details.
 
 **Q: What if my platform meets most but not all Tier 1 requirements?**
 APTS does not award partial credit. A platform must meet 100% of requirements for its claimed tier. Address gaps before claiming a tier.

standard/Introduction.md

@@ -44,7 +44,7 @@ APTS does not prescribe who performs the assessment. The choice of internal self
 | 7 | Third-Party & Supply Chain Trust | TP | 22 | AI providers, cloud dependencies, data handling, foundation model disclosure |
 | 8 | Reporting | RP | 15 | Finding validation, confidence scoring, coverage disclosure |
 
-**Total: 173 tier-required requirements** (Tier 1 + Tier 2 + Tier 3) across the eight domains. An additional **10 advisory practices** live exclusively in the [Advisory Requirements](appendix/Advisory_Requirements.md) appendix using the `APTS-<DOMAIN>-A0x` identifier pattern; advisory practices are not counted toward any tier and do not affect conformance.
+**Total: 173 tier-required requirements** (Tier 1 + Tier 2 + Tier 3) across the eight domains. An additional **11 advisory practices** live exclusively in the [Advisory Requirements](appendix/Advisory_Requirements.md) appendix using the `APTS-<DOMAIN>-A0x` identifier pattern; advisory practices are not counted toward any tier and do not affect conformance.
 
 ---
 

standard/README.md

@@ -1,6 +1,6 @@
 # OWASP Autonomous Penetration Testing Standard
 
-This is the full OWASP Autonomous Penetration Testing Standard. It defines 173 tier-required requirements across 8 domains (plus 10 advisory practices in the [Advisory Requirements appendix](appendix/Advisory_Requirements.md)) that autonomous penetration testing platforms must meet to operate safely, transparently, and within defined boundaries, whether delivered by vendors, operated as a service, or built in-house by enterprise security teams.
+This is the full OWASP Autonomous Penetration Testing Standard. It defines 173 tier-required requirements across 8 domains (plus 11 advisory practices in the [Advisory Requirements appendix](appendix/Advisory_Requirements.md)) that autonomous penetration testing platforms must meet to operate safely, transparently, and within defined boundaries, whether delivered by vendors, operated as a service, or built in-house by enterprise security teams.
 
 ## Getting Started
 

standard/appendix/Advisory_Requirements.md

@@ -151,6 +151,22 @@ Establish a continuous improvement framework for autonomous pentesting operation
 
 ---
 
+### APTS-TP-A04: External Tool Connector Trust Boundaries and Credential Isolation (Advisory)
+
+**Rationale:** Autonomous pentest platforms increasingly rely on external tool connectors such as remote browser agents, model tool servers, plugins, and data connectors that run outside the core platform trust boundary. These integrations can introduce new instruction channels, expand available actions, and inherit broad customer credentials. APTS already covers dependency inventory, provider vetting, action allowlists, and runtime containment, but it does not yet give implementation guidance specific to externally hosted tool connectors and protocol bridges.
+
+**Value:** Platforms that treat external tool connectors as distinct trust zones reduce the risk of tool-poisoning, over-privileged connector credentials, silent capability expansion, and connector-driven cross-tenant leakage. This is especially useful for platforms that integrate remote browsers, agent plugins, retrieval connectors, or Model Context Protocol-style tool servers.
+
+**Practice Description:**
+
+Document every external connector that can execute actions, access customer data, or supply context into the agent runtime. For each connector, define the approved capability scope, credential scope, network reachability, and data classes it may access. Route connector requests through an enforcement layer outside the model that validates connector identity, denies undeclared actions, and records connector invocation provenance. Connector credentials should be isolated per engagement or customer wherever operationally feasible, and high-impact connectors should require explicit operator approval before first use in an engagement. Connector output should be treated as untrusted input subject to the same validation and sanitization controls applied to target-side content.
+
+**Recommendation:** Start with a short connector inventory and per-connector approval profile rather than a heavyweight framework. Prioritize connectors that can execute code, browse arbitrary URLs, retrieve private documents, or introduce new action surfaces at runtime.
+
+**Related normative requirements:** APTS-TP-006, APTS-TP-017, APTS-SC-020, APTS-MR-022, APTS-MR-023.
+
+---
+
 ## Relationship to Conformance Tiers
 
 | Tier | Scope | Advisory Practices |

standard/appendix/Glossary.md

@@ -79,7 +79,7 @@ Notation for specifying IP address ranges using a base address and prefix length
 Alternative security measures that mitigate vulnerability when the primary control is missing. Example: Two-factor authentication compensates for weak passwords.
 
 **Compliance Tier**
-One of three progressive levels of APTS conformance. Tier 1 (Foundation) requires 72 core requirements (MUST | Tier 1). Tier 2 (Verified) adds 85 requirements for a cumulative 157 (MUST | Tier 2 + SHOULD | Tier 2). Tier 3 (Comprehensive) adds 16 requirements for a cumulative 173 (MUST | Tier 3 + SHOULD | Tier 3). A platform must meet 100% of requirements assigned to its claimed tier (both MUST and SHOULD). An additional 10 advisory practices in the Advisory Requirements appendix are recommended for highest-assurance engagements but are not counted toward any tier.
+One of three progressive levels of APTS conformance. Tier 1 (Foundation) requires 72 core requirements (MUST | Tier 1). Tier 2 (Verified) adds 85 requirements for a cumulative 157 (MUST | Tier 2 + SHOULD | Tier 2). Tier 3 (Comprehensive) adds 16 requirements for a cumulative 173 (MUST | Tier 3 + SHOULD | Tier 3). A platform must meet 100% of requirements assigned to its claimed tier (both MUST and SHOULD). An additional 11 advisory practices in the Advisory Requirements appendix are recommended for highest-assurance engagements but are not counted toward any tier.
 
 **Confidence Score**
 A numeric value on a 0-100% scale indicating the platform's certainty in a scope boundary determination, target legitimacy assessment, asset classification, or finding validity. Scores below 75% for scope-related decisions trigger mandatory human escalation. See APTS-HO-013, APTS-RP-003.

standard/appendix/Vendor_Evaluation_Guide.md

@@ -12,7 +12,7 @@ Decide your minimum compliance tier based on your risk tolerance:
 
 - **Tier 2 (Verified):** 157 cumulative requirements (72 + 85). The platform is fully transparent about what it did and why, protects your data with tamper-proof audit trails, handles incidents with formal response procedures, and provides independently verifiable findings. **Choose Tier 2 when:** you are testing production environments, operating in regulated industries, or need full accountability for audit or compliance purposes. This is the recommended minimum for most production deployments.
 
-- **Tier 3 (Comprehensive):** 173 cumulative requirements (157 + 16). The platform meets the highest assurance bar for critical infrastructure, fully autonomous (L4) operations, and the strictest regulatory requirements. **Choose Tier 3 when:** you are deploying fully autonomous testing against critical infrastructure, financial systems, or healthcare environments with minimal human oversight. An additional 10 advisory practices in the [Advisory Requirements appendix](Advisory_Requirements.md) are recommended for highest-assurance engagements but are not counted toward any tier.
+- **Tier 3 (Comprehensive):** 173 cumulative requirements (157 + 16). The platform meets the highest assurance bar for critical infrastructure, fully autonomous (L4) operations, and the strictest regulatory requirements. **Choose Tier 3 when:** you are deploying fully autonomous testing against critical infrastructure, financial systems, or healthcare environments with minimal human oversight. An additional 11 advisory practices in the [Advisory Requirements appendix](Advisory_Requirements.md) are recommended for highest-assurance engagements but are not counted toward any tier.
 
 > **Minimum tier guidance:** Tier 1 is appropriate for supervised testing of non-critical systems in non-regulated environments. Organizations in financial services, healthcare, critical infrastructure, or any regulated industry SHOULD require Tier 2 as a minimum. Tier 3 is recommended for critical infrastructure, fully autonomous (L4) operations, and environments with the strictest regulatory requirements.