🔍AI RiskAtlas
← Scenario library

The Compromised Flight Recorder

The forensic record is itself the attack surface — an agent's log is poisoned, then quietly rewritten

Technique first revealed 07 Nov 2005

Tool-Using Agent
UntrustedAgent coreOversightThe real worldgoalcontext🧑User🎛️Orchestrator /Agent Loop🧠LLM🔐Identity &Permissions🔧Tool RuntimeHuman ApprovalGate🔌External APIs🗄️BusinessDatabase🌐UntrustedContent📝Audit Logging📈LLM log triage(watchtower)
InstructionsDataActionsControl / decisionFeedback / logs
👆 Click a component to inspect
SetupStep 1 / 6

An ordinary research task

A support agent is asked to look up a vendor's status page and summarise it. Routine work — it will browse a webpage and write down what it did in its log, like always.

⚙️Task & logging configconfig
task: "Fetch https://status.vendor.example and summarise outages"

logging:
  capture: full_trace        # prompts, tool args, fetched content, outputs
  store: app_db.audit_log    # same database the agent can write to
  format: line_per_event     # newline-delimited, parsed by dashboard
  integrity: none            # NOT append-only, NOT signed
  redact_secrets: false      # tool arguments logged as-is

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning — not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading →·Built by Shi Yuan ↗