Risk
Covert Channel Use/Evasion
Description
Agent uses hidden channels (e.g. DNS tunneling, encoding in filenames) to exfiltrate information or communicate with external entities undetected.
Example
Agent encodes data in file names or DNS queries sent to an external server.
Assets Affected
Agentic platform (no code)
Mitigation
- Monitor for covert channel signatures
- Restrict outbound communications to approved destinations
- Enable anomaly detection on output/file/network patterns
- Audit logs for suspicious activity
Standards Mapping
- ISO 42001: A.6.2.8, A.8.3
- NIST AI RMF: MEASURE 2.7, MEASURE 3.1