1. Plan: AI Policy & Safe Experimentation
2. Code/No Code: AI Asset Discovery
3. Build: AI Security Posture Management
4. Test: AI Red Teaming
5. Deploy: Runtime Guardrails
6. Operate: Safe Execution Environment (Sandbox)
7. Monitor: AI Activity Tracing
Risk
Data Exfiltration via Monitoring / Telemetry
Description
Attackers abuse telemetry or monitoring endpoints to exfiltrate sensitive data.
Example
Malicious actor exploits insecure telemetry endpoint to siphon model outputs or logs.
Assets Affected
AI Platform
Mitigation
- Secure monitoring interfaces
- restrict telemetry content
- audit and monitor access
- alert on unusual data transfers.
Standards Mapping
- ISO: A.6.2.8
- OWASP agentic: ASI06
- OWASP LLM: LLM02:2025
- EU AI Act: Art. 15(5)
- DASF: Agents-MCP Server 13.23
- AIUC-1: A006, B009