An observed identity deliberately crafts prompts or inputs intended to override configured AI safety controls, attempting to bypass alignment restrictions and policy guardrails in order to obtain prohibited outputs.

An observed identity initiates autonomous AI agent workflows without the required oversight or approval, removing safeguards designed to keep critical decision-making under human supervision.

An observed identity executes AI-driven workflows with elevated access rights but disables or omits logging, preventing security teams from monitoring actions or reconstructing events in case of misuse.

An observed identity provisions AI agents with overly broad access—such as entire file systems or sensitive APIs—expanding the attack surface and introducing unnecessary pathways for misuse or compromise.

An observed identity provides AI agents with write-level access to sensitive systems when read-only rights would suffice, increasing the likelihood of unintentional changes, data corruption, or malicious misuse.

An observed identity modifies AI agent configurations in ways that disable or weaken safety controls, such as removing content filters or alignment constraints, elevating the risk of harmful or unapproved outputs.

An observed identity deliberately alters AI model parameters, weights, or memory to skew results toward biased or self-serving outcomes, undermining trustworthiness and introducing ethical and compliance risks.

An observed identity keeps fine-tuned AI agents running in production without monitoring or periodic retraining, allowing outdated models to behave unpredictably or expose the enterprise to new vulnerabilities.

An observed identity configures AI agents to run recurring or long-lived tasks without periodic oversight, creating risks if conditions change or the workflow scope expands unnoticed.

An observed identity deactivates audit logging or alerting in AI workflows, removing forensic visibility and preventing detection of unauthorized or risky agent actions.

An observed identity employs AI agents to make decisions in domains beyond their authority, such as financial approvals or HR actions, creating governance, compliance, and accountability risks.

An observed identity identifies and reports anomalous or unsafe AI agent behaviors, helping security teams detect and address potential malfunctions, policy violations, or adversarial exploitation.

An observed identity assigns only the minimal access necessary for AI agents to perform their tasks, adhering to least-privilege principles and reducing the potential blast radius of compromise.

An observed identity regularly audits execution logs and activity trails from AI agents, ensuring accountability, early detection of misbehavior, and ongoing compliance with enterprise policies.

An observed identity obtains necessary approvals before enabling autonomous AI workflows, ensuring human oversight is maintained and preventing unvetted tasks from running unchecked in production environments.

An observed identity configures monitoring systems to generate real-time alerts on sensitive AI agent actions, ensuring that deviations, anomalies, or unsafe behaviors are quickly identified and addressed.

An observed identity terminates AI agents promptly after they complete assigned tasks, preventing unintended persistence, unauthorized activity, or ongoing consumption of system resources.