AIP-07: Threat Model
Abstract#
Defines adversarial assumptions and residual risks.
Threat Classes#
-
Replay attacks
-
Prompt injection
-
Privilege escalation
-
Double execution
-
Compute inflation
-
Compromised host environment
-
Audit tampering
-
Identity spoofing
-
Tool server compromise
Normative Requirements#
-
Runtime MUST mitigate replay at remote boundaries.
-
Runtime MUST prevent double execution via lease/fencing or equivalent.
-
Runtime MUST detect audit chain breaks when hash-chaining is enabled.
-
Prompt injection MUST be mitigated per AIP-13.
-
Residual risks MUST be documented and acknowledged.