Time-of-Check-to-Time-of-Use (TOCTOU) Attack

Definition

A class of software vulnerability where the state of a system changes between when a security check is performed (time of check) and when the validated action is executed (time of use). In AI agent systems, TOCTOU attacks can occur when: the system state changes between evaluation and commit, policy rules are modified after approval, or agent context drifts between decision and execution.

Why It Matters

TOCTOU attacks are particularly dangerous in AI agent systems because agents operate asynchronously and at high speed. Between the moment an action is approved and the moment it executes, the database could have been modified, permissions could have changed, or constraints could have been added. Without state integrity verification, "approved" actions can execute against stale state.

How Exogram Addresses This

Exogram prevents TOCTOU attacks through SHA-256 state hashing. At evaluation time, the policy engine computes a hash of the relevant system state. At commit time, the hash is recomputed. If the hashes don't match (state drift), the commit is rejected with 409 Conflict. State integrity is guaranteed.

critical severityProduction Risk Level

Key Takeaways

→ TOCTOU = state changes between when you check and when you act
→ SHA-256 hashing detects any state drift between evaluation and commit
→ Without TOCTOU prevention, "approved" actions can execute against changed state
→ This is a class of vulnerability most AI frameworks completely ignore

Governance Checklist

0/6 — Vulnerable

State hash computed at evaluation timeState hash re-verified at commit timeHash mismatch triggers automatic rejection (409 Conflict)Execution tokens include state hash and TTL expiryNo action can commit against stale stateTOCTOU prevention is tested in red-team scenarios

Frequently Asked Questions

Try the Proving Ground 2-Minute Quickstart →