SAIL

/

Operate - Safe Execution Environment - Sandbox

/

Covert Channel Use/Evasion

6.9

.

Covert Channel Use/Evasion

sail
6.9
Risk

Covert Channel Use/Evasion

Description

Agent uses hidden channels (e.g. DNS tunneling, encoding in filenames) to exfiltrate information or communicate with external entities undetected.

Example

Agent encodes data in file names or DNS queries sent to an external server.

Assets Affected

Agentic platform (no code)

Mitigation
  • Monitor for covert channel signatures
  • Restrict outbound communications to approved destinations
  • Enable anomaly detection on output/file/network patterns
  • Audit logs for suspicious activity
Standards Mapping
  • ISO 42001: A.6.2.8, A.8.3
  • NIST AI RMF: MEASURE 2.7, MEASURE 3.1