Risk
Autonomous Policy / Compliance Violation
Description
Agent autonomously takes actions violating data retention, privacy, access, or ethical policy due to lack of integrated runtime controls.
Example
Agent copies PII to unauthorized location or outputs restricted data.
Assets Affected
Agentic Platform
Model Response
Dataset / RAG
Mitigation
- Implement real-time policy enforcement at runtime
- output filtering, data loss prevention (DLP), and automated compliance checks
- audit and alert on policy breaches.
Standards Mapping
- ISO: A.5.4, A.9.3
- OWASP agentic: ASI10, ASI02
- OWASP LLM: LLM06:2025
- EU AI Act: Art. 14, Art. 15
- DASF: Model Serving 9.13, Agents-Core 13.7
- AIUC-1: C004