SAIL 2.0

/

Deploy - Runtime Guardrails

/

Goal Hijacking / Intent Manipulation

5.9

.

Goal Hijacking / Intent Manipulation

sail
5.9
Risk

Goal Hijacking / Intent Manipulation

Description

An attacker subtly redirects the agent's interpretation of its goal mid-task so the agent executes the attacker's intent while functional checks pass.

Example

A poisoned web page subtly shifts the agent's understanding of its task across several turns; the agent ends up wiring funds to an attacker-controlled account while the SOC sees only legitimate-looking tool calls.

Assets Affected

AI Agent

System Prompt

User Prompt

Model Response

Agent Memory / Cache

Mitigation
  • Goal-anchoring each turn
  • intent-level guardrails
  • reasoning-trace observability
  • alert on reasoning divergence
  • require human approval for high-impact actions.
Standards Mapping
  • ISO: A.6.2.6, A.9.4
  • OWASP agentic: ASI01, ASI06
  • OWASP LLM: LLM01:2025
  • EU AI Act: Art. 14, Art. 15(5)
  • DASF: Agents-Core 13.6
  • AIUC-1: B001, C008