Risk
Insecure Memory & Logging
Description
Sensitive data or context is stored insecurely in memory, cache, or logs, risking disclosure or tampering.
Example
User prompts and model responses containing PII or confidential data are stored unencrypted in application or system logs.
Assets Affected
Agent Memory/cache
App Usage log
Notebook
User Prompt
Mitigation
- Encrypt in-memory/cache data and logs
- Restrict log content
- Access controls
- Regular log review
Standards Mapping
- ISO 42001: A.6.2.8, A.8.2
- OWASP Top 10 for LLM: LLM02
- NIST AI RMF: MEASURE 2.10, GOVERN 4.2