Risk
Missing Agent-Specific Anomaly Detection
Description
No behavioral baselines per agent or per agent class β anomalies in tool usage, scope, frequency, or inter-agent communication go undetected because monitoring uses generic application baselines.
Example
A coding agent's normal pattern is 5 tool calls per session; a compromised session generates 200 β but the SIEM has no agent-specific baseline and the spike doesn't trigger.
Assets Affected
AI Agent
Agent Usage Log
App Usage Log
Mitigation
- Establish per-agent and per-agent-class behavioral baselines
- alert on deviations in tool use, scope, frequency, A2A patterns
- integrate baselines into SIEM/SOAR
- periodic baseline refresh.
Standards Mapping
- ISO: A.6.2.6, A.8.4
- OWASP agentic: ASI08, ASI10
- EU AI Act: Art. 15(5), Art. 72
- DASF: Agents-Core 13.5, Algorithms 5.2
- AIUC-1: C008, B002