Context was accurate at retrieval but has since decayed. Customer profile from 9 AM is stale by 1 PM. Market data from 15 minutes ago misses a flash event.
When an agent retrieves data (customer profile, account balance, market data, risk assessment) at time T, the data is accurate at that moment. However, as time passes, the data validity decays. A customer profile retrieved at 9 AM may be stale by 1 PM if the customer just received a large deposit or opened a new credit account. Market data from 15 minutes ago misses a flash event that occurred in the last 5 minutes.
The agent continues to operate from the stale data without awareness that time has passed or that the data has decayed. Unlike a human, who might naturally ask "is this information still current?" an agent has no mechanism to assess data age and validity.
This is fundamentally agentic because agents are designed to make decisions autonomously based on whatever data is available, without pausing to verify freshness. A human user, by contrast, would naturally check data timestamps and refresh stale data before making a consequential decision.
A bank's fraud detection agent analyzes transactions in real time. When a transaction arrives at 10:30 AM, the agent retrieves the customer's profile (last updated 10:15 AM, which is 15 minutes old) and analyzes the transaction against that profile.
The customer profile includes: account balance ($50,000), recent transaction velocity (2 transactions in past 30 days, both for normal business purposes), risk score (low), and geographic pattern (primary account activity in US).
At 10:25 AM, a major event occurred: the customer's primary business account received a large deposit (a client payment) of $200,000. This updated the account balance to $250,000, and updated the account activity data. However, the agent's customer profile snapshot from 10:15 AM does not include this large deposit.
At 10:30 AM, the customer initiates a wire transfer for $180,000 to an international beneficiary. The agent analyzes this transaction using the stale profile. From the agent's perspective, a $180,000 wire is 3.6x the account balance shown in the profile ($50,000), which is unusual. The agent flags the transaction as high-risk, potentially fraudulent, and recommends blocking it.
In reality, the transaction is legitimate: it is the customer using the recently deposited funds to pay an international supplier. The transaction was only unusual because the agent's profile was stale.
The wire is blocked. The customer, frustrated by the block on a legitimate business transaction, files a complaint with the regulator. The regulator's investigation finds that the agent made a fraud decision based on stale data, violating the bank's fraud detection procedures (which require current data).
| Dimension | Score | Rationale |
|---|---|---|
| D - Detectability | 4 | Temporal drift is invisible unless data timestamps are explicitly checked. |
| A - Autonomy Sensitivity | 4 | Agent operates from stale data without awareness of data age. |
| M - Multiplicative Potential | 4 | Impact scales with frequency of transactions and speed of data change. |
| A - Attack Surface | 5 | Any agent that uses retrieved data without timestamp checking is vulnerable. |
| G - Governance Gap | 5 | No standard framework (NIST, OWASP, EU AI Act) requires agents to validate data recency. |
| E - Enterprise Impact | 3 | False fraud blocks, customer complaints, regulatory finding on fraud detection procedures. |
| Composite DAMAGE Score | 3.5 | High. Requires targeted controls and monitoring. Should not be accepted without mitigation. |
How severity changes across the agent architecture spectrum.
| Agent Type | Impact | How This Risk Manifests |
|---|---|---|
| Digital Assistant | Low | Human checks data recency before using it. |
| Digital Apprentice | Medium | Apprentice governance requires data freshness validation. |
| Autonomous Agent | High | Agent operates from retrieved data without recency validation. |
| Delegating Agent | High | Agent invokes tools with stale data; tools make decisions based on stale inputs. |
| Agent Crew / Pipeline | Critical | Multiple agents in sequence operate from stale data; staleness compounds. |
| Agent Mesh / Swarm | Critical | Agents share stale data; staleness propagates through mesh. |
| Framework | Coverage | Citation | What It Addresses | What It Misses |
|---|---|---|---|---|
| SR 11-7 / MRM | Addressed | Fraud Detection and Prevention (Section 3) | Expects fraud systems to operate on timely data. | Does not address data freshness requirements for agents. |
| NIST AI RMF 1.0 | Partial | MEASURE.1 | Recommends monitoring AI system inputs. | Does not specify data freshness requirements. |
| GLBA | Partial | 16 CFR Part 314 (Safeguards Rule) | Requires effective fraud controls. | Does not address data timeliness. |
In banking, fraud detection must operate on current data. A fraud detection system that operates 15 minutes behind real-time misses fraud events that occur in the intervening window. Regulators expect fraud systems to have minimal data latency and to be designed to catch fraud as it happens.
When an agent operates on stale data without awareness of staleness, it is making fraud decisions based on outdated context. Under SR 11-7, this is a control deficiency in fraud detection procedures.
Temporal Validity Drift requires data freshness controls that go beyond what existing frameworks provide. Our advisory engagements are purpose-built for banks, insurers, and financial institutions subject to prudential oversight.
Schedule a Briefing