Risk
Goal Hijacking / Intent Manipulation
Description
An attacker subtly redirects the agent's interpretation of its goal mid-task so the agent executes the attacker's intent while functional checks pass.
Example
A poisoned web page subtly shifts the agent's understanding of its task across several turns; the agent ends up wiring funds to an attacker-controlled account while the SOC sees only legitimate-looking tool calls.
Assets Affected
AI Agent
System Prompt
User Prompt
Model Response
Agent Memory / Cache
Mitigation
- Goal-anchoring each turn
- intent-level guardrails
- reasoning-trace observability
- alert on reasoning divergence
- require human approval for high-impact actions.
Standards Mapping
- ISO: A.6.2.6, A.9.4
- OWASP agentic: ASI01, ASI06
- OWASP LLM: LLM01:2025
- EU AI Act: Art. 14, Art. 15(5)
- DASF: Agents-Core 13.6
- AIUC-1: B001, C008