Risk
Insecure Storage of Red Teaming Artifacts
Description
Test payloads, exploit scripts, or reports are stored without proper security controls, creating insider or supply-chain risk.
Example
Sensitive exploit notebook remains accessible on a shared drive or repo after testing.
Assets Affected
Notebook
App Usage log
Mitigation
- Ticket-based shred/archive
- Artefact TTL
- Store test Artifacts in encrypted vault
- Auto-cleanup
Standards Mapping
- ISO 42001: A.4.5, A.6.2.7
- NIST AI RMF: MEASURE 2.7, GOVERN 4.2