SAIL 2.0

/

Build - AI Security Posture Management

/

Vulnerable AI Frameworks, Harnesses, and Agentic Platforms

3.1

.

Vulnerable AI Frameworks, Harnesses, and Agentic Platforms

sail
3.1
Risk

Vulnerable AI Frameworks, Harnesses, and Agentic Platforms

Description

Use of AI frameworks, agent harnesses, or agentic platforms with known or unknown vulnerabilities that can be exploited to compromise the agent or underlying infrastructure.

Example

An attacker leverages a deserialization vulnerability in an agent harness to execute arbitrary code on the agent runtime.

Assets Affected

Framework

Agent Harness

Agentic Platform

Mitigation
  • Regularly scan/patch frameworks, harnesses, and agentic platforms
  • maintain a Software Bill of Materials (SBOM) including agentic components
  • use trusted sources
  • minimize attack surface by enabling only necessary modules.
Standards Mapping
  • ISO: A.10.3, A.4.4
  • OWASP agentic: ASI04
  • OWASP LLM: LLM03:2025
  • EU AI Act: Art. 15(5), Art. 25
  • DASF: Model 7.3, Algorithms 5.4
  • AIUC-1: B008, E006