1. Plan: AI Policy & Safe Experimentation
2. Code/No Code: AI Asset Discovery
3. Build: AI Security Posture Management
4. Test: AI Red Teaming
5. Deploy: Runtime Guardrails
6. Operate: Safe Execution Environment (Sandbox)
6.6
.
Autonomous Resource Provisioning/Abuse
sail
6.6
Risk
Autonomous Resource Provisioning/Abuse
Description
Agent autonomously creates cloud resources, files, or processes, causing cost overruns, security exposure, or denial-of-service.
Example
Agent launches many cloud VMs or uploads sensitive files to public storage.
Assets Affected
Agentic platform (no code)
AI platform
Mitigation
- Enforce quotas and resource limits
- Monitor and alert on resource creation
- Require approval for high-impact actions
- Audit resource usage regularly
Standards Mapping
- ISO 42001: A.4.5, A.9.3
- OWASP Top 10 for LLM: LLM10
- NIST AI RMF: MANAGE 2.1, GOVERN 3.2
- DASF v2: MODEL SERVING 9.7, 9.13
