SAIL 2.0

/

AI Policy & Safe experimentation (Plan)

/

Insecure Experiment Logging & Monitoring

1.5

.

Insecure Experiment Logging & Monitoring

sail
1.5
Risk

Insecure Experiment Logging & Monitoring

Description

Experiment logs are world-readable, disabled, or stored insecurely, risking untraceable incidents or leakage. Treat harness transcripts/history like secret material: don't persist secrets in agent logs, scan local agent history, apply secrets hygiene to the harness store.

Example

Debug logs from an experiment include real user data and are accessible to all users.

Assets Affected

App Usage Log

Notebook

Mitigation
  • Enforce log access control
  • redact/mask sensitive data
  • enable log monitoring/tamper detection
  • regular log review.
Standards Mapping
  • ISO: A.6.2.8
  • OWASP LLM: LLM02:2025
  • EU AI Act: Art. 12, Art. 19
  • DASF: Raw Data 1.10
  • AIUC-1: E015, B009