Risk
Insecure Experiment Logging & Monitoring
Description
Experiment logs are world-readable, disabled, or stored insecurely, risking untraceable incidents or leakage. Treat harness transcripts/history like secret material: don't persist secrets in agent logs, scan local agent history, apply secrets hygiene to the harness store.
Example
Debug logs from an experiment include real user data and are accessible to all users.
Assets Affected
App Usage Log
Notebook
Mitigation
- Enforce log access control
- redact/mask sensitive data
- enable log monitoring/tamper detection
- regular log review.
Standards Mapping
- ISO: A.6.2.8
- OWASP LLM: LLM02:2025
- EU AI Act: Art. 12, Art. 19
- DASF: Raw Data 1.10
- AIUC-1: E015, B009