SAIL

/

Test - AI Red Teaming

/

Incomplete Red-Team Coverage

4.2

.

Incomplete Red-Team Coverage

sail
4.2
Risk

Incomplete Red-Team Coverage

Description

Only core model tested; agent/tool-calling, plugins, or system prompts excluded—leaving lateral or chained attack paths.

Example

Plugin flaw lets attacker hijack AI assistant.

Assets Affected

Framework

Tool / function

System Prompt

Mitigation
  • Inventory all tools/agents; include system-level attack paths in threat scenarios
  • Simulate multi-agent and tool misuse
Standards Mapping
  • ISO 42001: A.6.2.4, A.9.2
  • OWASP Top 10 for LLM: LLM06
  • NIST AI RMF: MEASURE 2.4, MAP 2.1
  • DASF v2: PLATFORM 12.2