5.2
.
Unauthorized Agent Config or System Prompt Tampering at Runtime
sail
5.2
Risk
Unauthorized Agent Config or System Prompt Tampering at Runtime
Description
Unauthorized or erroneous changes to live agent configs, rules files, or system prompts that alter behavior or introduce vulnerabilities.
Example
An unapproved "hotfix" to a live agent's system prompt or rules file introduces a prompt-injection vector for every subsequent invocation.
Assets Affected
System Prompt
Agent Config
Agent Harness
Mitigation
- Version control prompts and configs
- change management with approval gates
- runtime integrity checks
- alert on out-of-band changes.
Standards Mapping
- ISO: A.6.2.6
- OWASP agentic: ASI01
- OWASP LLM: LLM01:2025, LLM07:2025
- EU AI Act: Art. 15(5)
- DASF: Model Serving 9.1
- AIUC-1: E004, B008