Risk
Insecure Experiment Logging & Monitoring
Description
Experiment logs are world-readable, disabled, or stored insecurely, risking untraceable incidents or leakage.
Example
Debug logs from an experiment include real user data and are accessible to all users.
Assets Affected
App Usage log
Notebook
Mitigation
- Enforce log access control
- Redact/mask sensitive data
- Enable log monitoring/tamper detection
- Regular log review
Standards Mapping
- ISO 42001: A.2.3
- NIST AI RMF: GOVERN 1.2, GOVERN 1.4