Risk
Incomplete Red-Team Coverage
Description
Only core model tested; agent/tool-calling, plugins, or system prompts excluded—leaving lateral or chained attack paths.
Example
Plugin flaw lets attacker hijack AI assistant.
Assets Affected
Framework
Tool / function
System Prompt
Mitigation
- Inventory all tools/agents; include system-level attack paths in threat scenarios
- Simulate multi-agent and tool misuse
Standards Mapping
- ISO 42001: A.6.2.4, A.9.2
- OWASP Top 10 for LLM: LLM06
- NIST AI RMF: MEASURE 2.4, MAP 2.1
- DASF v2: PLATFORM 12.2