SAIL

/

AI Policy & Safe experimentation (Plan)

/

Insecure Experiment Logging & Monitoring

1.6

.

Insecure Experiment Logging & Monitoring

sail
1.6
Risk

Insecure Experiment Logging & Monitoring

Description

Experiment logs are world-readable, disabled, or stored insecurely, risking untraceable incidents or leakage.

Example

Debug logs from an experiment include real user data and are accessible to all users.

Assets Affected

App Usage log

Notebook

Mitigation
  • Enforce log access control
  • Redact/mask sensitive data
  • Enable log monitoring/tamper detection
  • Regular log review
Standards Mapping
  • ISO 42001: A.2.3
  • NIST AI RMF: GOVERN 1.2, GOVERN 1.4