Skip to content

02 Hazards

A hazard is a system state that, combined with worst-case environment conditions, leads to a loss. Each maps to one or more losses (01-losses.md).

ID Hazard Leads to
H-1 A state-changing tool is invoked without validating operator intent (no HITL gate at T2 or above). L-1, L-2
H-2 An action executes before, or without, an immutable audit record being written. L-3
H-3 Tier classification under-rates an action (an irreversible action treated as reversible). L-1, L-2
H-4 Attacker-influenced content (collected host data, command output, a feed) is allowed to authorize or shape actuation in the same session as sensitive data and an actuation capability (the lethal trifecta). L-1, L-2, L-4
H-5 Actuation targets the wrong host type (for example an SSH path attempted against an immutable Talos node). L-2
H-6 A reconciliation applies a change derived from a stale or wrong desired-state, or against a misidentified target. L-2, L-5
H-7 The MCP surface is reachable without authentication, on a routable bind, or can be used to pivot into the private network (SSRF). L-6, L-4
H-8 A credential is over-scoped, non-revocable, or logged, or the kill switch does not stop execution. L-1, L-4
H-9 Output bodies, secrets, or unbounded attacker content are written into the audit log. L-4, L-3
H-10 A fact is mutated or deleted in place, so history (and therefore the as-of truth) is lost. L-3, L-5

Hazard-to-loss matrix

L-1 L-2 L-3 L-4 L-5 L-6
H-1 x x
H-2 x
H-3 x x
H-4 x x x
H-5 x
H-6 x x
H-7 x x
H-8 x x
H-9 x x
H-10 x x