SAIL 2.0

/

Test - AI Red Teaming

/

Untested Tool Chain and Multi-Agent Workflows

4.8

.

Untested Tool Chain and Multi-Agent Workflows

sail
4.8
Risk

Untested Tool Chain and Multi-Agent Workflows

Description

Red team only tests single-agent behavior, not full orchestration paths โ€” multi-agent workflows, A2A handoffs, and tool-chain attacks remain unexamined.

Example

Each agent passes individual red-team review; an attacker chains them via A2A to escalate from a low-privilege agent into a high-privilege one (agent session smuggling pattern).

Assets Affected

AI Agent

Tool

Agent Communication Protocol (ACP)

Framework

Mitigation
  • Include multi-agent and A2A scenarios in red-team scope
  • test full tool chains and orchestration paths
  • simulate cross-agent privilege escalation
  • cover MCP-gateway routes.
Standards Mapping
  • ISO: A.6.2.4
  • OWASP agentic: ASI02, ASI07
  • OWASP LLM: LLM06:2025
  • EU AI Act: Art. 15
  • DASF: Agents-Core 13.2, Agents-Core 13.12
  • AIUC-1: B001, D004