SAIL 2.0

/

Build - AI Security Posture Management

/

Insecure Agent Memory and Vector Store Configuration

3.15

.

Insecure Agent Memory and Vector Store Configuration

sail
3.15
Risk

Insecure Agent Memory and Vector Store Configuration

Description

Agent memory caches and vector stores are deployed with insecure defaults β€” public-by-default, unencrypted, or shared across multiple agents and tenants β€” creating a poisoning and exfiltration surface.

Example

A shared vector store backing five agents is created without per-agent partitioning, allowing one agent's poisoned context to influence the others (RAGPoison-class).

Assets Affected

Agent Memory / Cache

Dataset / RAG

AI Agent

Mitigation
  • Encrypt memory and vector stores at rest
  • partition stores per agent or tenant
  • restrict access via scoped credentials
  • validate inputs before commitment to memory
  • periodic integrity checks of stored vectors.
Standards Mapping
  • IISO: A.7.4, A.4.5
  • OWASP agentic: ASI06
  • OWASP LLM: LLM08:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.1
  • AIUC-1: A005, B008