Risk
Untracked Agent Decommissioning
Description
Agents reach end-of-life without identity revocation, scoped credentials still active, scheduled tasks still running, and memory/RAG stores still accessible โ leaving residual attack surface.
Example
A pilot agent is deprecated but its workload identity, MCP server connections, and scheduled nightly task remain active for months.
Assets Affected
AI Agent
Agent Identity
AI Provider Access Credentials
Agentic Tasks / Schedule
Agent Memory / Cache
Mitigation
- Define agent decommissioning procedure
- revoke identities and credentials at end-of-life
- archive logs and memory stores per retention policy
- shut down scheduled tasks
- remove MCP server access
- close lifecycle loop.
Standards Mapping
- ISO: A.6.2.6, A.4.6
- OWASP agentic: ASI10
- DASF: Governance 4.2, Agents-Core 13.13
- AIUC-1: E004, E015