🔍AI RiskAtlas
← Risk taxonomy

Oversight & Audit-Trail Tampering

highOversight
Also known as: log tampering, log injection, anti-forensics, monitor evasion

Definition

The flight recorder and the alarms can themselves be attacked. If logs can be erased or rewritten, fake entries slipped in, or the monitors quietly evaded, the one record you'd rely on to notice and investigate an incident is no longer trustworthy.

Where it attaches

The system components this risk arises at.

📝 Audit Logging📈 Monitoring & Evals

Detection signals

  • Gaps, resets, or out-of-order timestamps in audit logs
  • Log entries whose content breaks dashboards/parsers (injected markup or control chars)
  • Anomaly-detector or eval scores that flatline or never trip on known-bad input
  • Disabled, downgraded, or unusually-permissioned logging/monitoring config

Controls & guardrails that address this

3

Grouped by control function, with the AI lifecycle stage(s) to apply each and the other risks it addresses. Filter by control category below.

Control category
Open these in the Control Library →

Framework mappings

OWASP LLM Top 10
MITRE ATLAS
  • AML.T0015 Evade ML Model
  • AML.T0031 Erode ML Model Integrity
NIST AI RMF
  • MEASURE 2.7
  • MANAGE 4.1

AI RiskAtlas is an educational model of how GenAI & agentic systems work and fail. Architectures and payloads are illustrative and simplified for learning — not operational guidance. Real-world cases are summarised from public reporting.

Sources & further reading →·Built by Shi Yuan ↗