SAIL 2.0

/

Test - AI Red Teaming

/

Incomplete Red-Team Coverage

4.2

.

Incomplete Red-Team Coverage

sail
4.2
Risk

Incomplete Red-Team Coverage

Description

Only the core model is tested; agent reasoning, tool-calling, plugins, MCP servers, system prompts, and inter-agent paths are excluded

Example

Plugin flaw or MCP description poisoning lets an attacker hijack an AI assistant; the red team only tested the underlying model.

Assets Affected

Framework

Tool

Skill

System Prompt

MCP Server

Agentic Platform

AI Agent

Mitigation
  • Inventory all tools, agents, MCP servers, and inter-agent paths
  • include system-level and protocol-level attack scenarios in threat scenarios
  • simulate multi-agent and tool misuse
  • cover endpoint, SaaS, and code/pipeline zones.
Standards Mapping
  • ISO: A.6.2.4, A.5.2
  • OWASP agentic: ASI04, ASI07
  • EU AI Act: Art. 9(2)
  • DASF: Platform 12.2
  • AIUC-1: B001, C010