SAIL

/

Deploy - Runtime Guardrails

/

Insecure Plugin/Tool Integration

5.15

.

Insecure Plugin/Tool Integration

sail
5.15
Risk

Insecure Plugin/Tool Integration

Description

Plugins or tools invoked by the AI system are insecure or misconfigured, leading to privilege escalation, code execution, or data leakage.

Example

Malicious plugin is loaded at runtime, allowing code injection or data exfiltration.

Assets Affected

Tool / function

3rd-party AI integration

Mitigation
  • Vet plugins/tools
  • Restrict allowed integrations
  • Privilege separation
  • Monitor plugin activity
  • Secure APIs
Standards Mapping
  • ISO 42001: A.10.3, A.6.2.6
  • OWASP Top 10 for LLM: LLM06
  • NIST AI RMF: GOVERN 6.1, MEASURE 2.7