SAIL

/

Deploy - Runtime Guardrails

/

Insecure Memory & Logging

5.10

.

Insecure Memory & Logging

sail
5.10
Risk

Insecure Memory & Logging

Description

Sensitive data or context is stored insecurely in memory, cache, or logs, risking disclosure or tampering.

Example

User prompts and model responses containing PII or confidential data are stored unencrypted in application or system logs.

Assets Affected

Agent Memory/cache

App Usage log

Notebook

User Prompt

Mitigation
  • Encrypt in-memory/cache data and logs
  • Restrict log content
  • Access controls
  • Regular log review
Standards Mapping
  • ISO 42001: A.6.2.8, A.8.2
  • OWASP Top 10 for LLM: LLM02
  • NIST AI RMF: MEASURE 2.10, GOVERN 4.2