3.1
.
Vulnerable AI Frameworks, Harnesses, and Agentic Platforms
sail
3.1
Risk
Vulnerable AI Frameworks, Harnesses, and Agentic Platforms
Description
Use of AI frameworks, agent harnesses, or agentic platforms with known or unknown vulnerabilities that can be exploited to compromise the agent or underlying infrastructure.
Example
An attacker leverages a deserialization vulnerability in an agent harness to execute arbitrary code on the agent runtime.
Assets Affected
Framework
Agent Harness
Agentic Platform
Mitigation
- Regularly scan/patch frameworks, harnesses, and agentic platforms
- maintain a Software Bill of Materials (SBOM) including agentic components
- use trusted sources
- minimize attack surface by enabling only necessary modules.
Standards Mapping
- ISO: A.10.3, A.4.4
- OWASP agentic: ASI04
- OWASP LLM: LLM03:2025
- EU AI Act: Art. 15(5), Art. 25
- DASF: Model 7.3, Algorithms 5.4
- AIUC-1: B008, E006