SAIL 2.0

/

Test - AI Red Teaming

/

Untested Endpoint Agent Behaviors

4.11

.

Untested Endpoint Agent Behaviors

sail
4.11
Risk

Untested Endpoint Agent Behaviors

Description

Endpoint coding agents, browser agents, and computer-use agents are not in red-team scope, leaving YOLO-mode, MCPoison, CurXecute-class, and browser-injection scenarios unexamined.

Example

A repo contains a crafted file that triggers RCE via an endpoint coding agent (CurXecute-style); the red team only tested the cloud-deployed agent.

Assets Affected

AI Agent

Agent Config

MCP Server

Agent Execution Sandbox

Mitigation
  • Include endpoint-agent scenarios in red-team scope
  • test YOLO/skip-permissions modes, wildcard tool allowlists, MCP description poisoning, and browser cross-origin abuse
  • validate endpoint agent sandboxes.
Standards Mapping
  • ISO: A.6.2.4, A.4.5
  • OWASP agentic: ASI05, ASI02
  • OWASP LLM: LLM01:2025
  • EU AI Act: Art. 15(5)
  • DASF: Agents-Core 13.11, Agents-MCP Client 13.32
  • AIUC-1: B001, D004