SAIL 2.0

/

Build - AI Security Posture Management

/

Insecure ML, Data, and Agentic Pipeline Jobs

3.3

.

Insecure ML, Data, and Agentic Pipeline Jobs

sail
3.3
Risk

Insecure ML, Data, and Agentic Pipeline Jobs

Description

Misconfigurations or insufficient security in pipeline jobs leading to risks like code injection, unauthorized model promotion, or credential exposure.

Example

An ML pipeline job with overly permissive IAM roles allows a compromised AI-modified workflow file to exfiltrate model artifacts.

Assets Affected

Pipeline Job

Agent Config

Dataset / RAG

Model Files

Model Metadata

Mitigation
  • Enforce least privilege for pipeline jobs
  • implement artifact integrity checks
  • use secure coding for pipeline scripts
  • review AI-generated and AI-modified pipeline definitions before merge
  • audit and monitor pipeline activities and accesses.
Standards Mapping
  • ISO: A.6.2.6, A.7.2
  • OWASP agentic: ASI04
  • OWASP LLM: LLM03:2025
  • EU AI Act: Art. 15(5)
  • DASF: Operations 11.1, Model 7.4
  • AIUC-1: B008, E004