Risk
Insecure Memory and Telemetry Storage
Description
Sensitive data stored insecurely in memory, cache, logs, or telemetry, risking disclosure, tampering, or cross-session leakage.
Example
Persistent agent memory retains a user's PII across sessions and is accessible to other users; logs and telemetry leak prompt content to unauthorized observers.
Assets Affected
Agent Memory / Cache
App Usage Log
Agent Usage Log
Mitigation
- Encrypt memory and logs at rest and in transit
- partition session vs persistent with retention rules
- filter PII from telemetry
- restrict log access.
Standards Mapping
- ISO: A.6.2.8
- OWASP agentic: ASI06
- OWASP LLM: LLM02:2025, LLM08:2025
- EU AI Act: Art. 12, Art. 15(5)
- DASF: Agents-Core 13.1, Agents-MCP Client 13.34
- AIUC-1: E015, A006 B009