SAIL 2.0

/

Deploy - Runtime Guardrails

/

Insecure Memory and Telemetry Storage

5.7

.

Insecure Memory and Telemetry Storage

sail
5.7
Risk

Insecure Memory and Telemetry Storage

Description

Sensitive data stored insecurely in memory, cache, logs, or telemetry, risking disclosure, tampering, or cross-session leakage.

Example

Persistent agent memory retains a user's PII across sessions and is accessible to other users; logs and telemetry leak prompt content to unauthorized observers.

Assets Affected

Agent Memory / Cache

App Usage Log

Agent Usage Log

Mitigation
  • Encrypt memory and logs at rest and in transit
  • partition session vs persistent with retention rules
  • filter PII from telemetry
  • restrict log access.
Standards Mapping
  • ISO: A.6.2.8
  • OWASP agentic: ASI06
  • OWASP LLM: LLM02:2025, LLM08:2025
  • EU AI Act: Art. 12, Art. 15(5)
  • DASF: Agents-Core 13.1, Agents-MCP Client 13.34
  • AIUC-1: E015, A006 B009