← Scenario library
The Compromised Flight Recorder
The forensic record is itself the attack surface — an agent's log is poisoned, then quietly rewritten
Technique first revealed 07 Nov 2005
Tool-Using Agent
InstructionsDataActionsControl / decisionFeedback / logs
👆 Click a component to inspectSetupStep 1 / 6
An ordinary research task
A support agent is asked to look up a vendor's status page and summarise it. Routine work — it will browse a webpage and write down what it did in its log, like always.
⚙️Task & logging configconfig
task: "Fetch https://status.vendor.example and summarise outages" logging: capture: full_trace # prompts, tool args, fetched content, outputs store: app_db.audit_log # same database the agent can write to format: line_per_event # newline-delimited, parsed by dashboard integrity: none # NOT append-only, NOT signed redact_secrets: false # tool arguments logged as-is
← / → keys