SAIL 2.0

/

Operate - Safe Execution Environment - Sandbox

/

Agentic System Self-Modification

6.8

.

Agentic System Self-Modification

sail
6.8
Risk

Agentic System Self-Modification

Description

Agent modifies its own source code, configuration, or operational memory to alter behavior, evade controls, or persist malicious changes.

Example

Agent rewrites its own code to disable logging or sandbox checks during runtime.

Assets Affected

Agentic Platform

Model Files

Agent Config

Mitigation
  • Write-protect agent code/config
  • use integrity verification and versioning
  • block self-modification at runtime
  • audit all changes to code/config and require approval.
Standards Mapping
  • ISO: A.6.2.6, A.9.3
  • OWASP agentic: ASI10, ASI05
  • OWASP LLM: LLM06:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.13, Agents-Core 13.7
  • AIUC-1: B006, B008