A race condition where a system validates something, then later acts on a value that can change in the meantime. In agent systems, this can turn a trusted file path or command into an unsafe action, creating escapes, tampering, or persistence.
Expanded Definition
A time-of-check/time-of-use flaw appears when a system checks a file, path, token, or command for safety, then acts on that same object after it can be altered. In NHI and agent workflows, the danger is often a trusted reference that becomes malicious between validation and execution.
Definitions vary across vendors, but the security meaning is consistent: the check and the use are separated by a window where an attacker, another process, or an agent can change state. That makes the flaw especially relevant to file handling, temporary directories, symlink resolution, container mounts, and tool execution paths used by autonomous software entities. The concept aligns with the least-privilege and verification expectations described in the NIST Cybersecurity Framework 2.0, even though no single standard governs this issue yet. In practice, secure design requires re-validation at the moment of use, not just at the start of a workflow.
The most common misapplication is assuming a one-time check is enough, which occurs when developers validate a resource before handing it to a delayed job, agent, or privileged helper.
Examples and Use Cases
Implementing time-of-check/time-of-use defenses rigorously often introduces latency and code complexity, requiring organisations to weigh stronger assurance against tighter performance and operational constraints.
- An AI agent validates a shell command template, then a plugin swaps the underlying file before execution, turning a safe action into an unsafe one.
- A service account checks that a temporary upload file is approved, but a symlink redirect changes the target before the privileged process opens it.
- A pipeline verifies that a secrets file belongs to the build workspace, then a concurrent process replaces the path with a different object before use.
- An automation bot inspects a directory for policy compliance, but a later rename or mount change causes it to act on an attacker-controlled location.
- A control loop validates an API endpoint and then reuses it after a configuration update, creating an unexpected trust boundary shift.
These patterns are especially dangerous where NHI governance is weak, as described in the Ultimate Guide to NHIs, because the same workflow often combines secrets, automation, and elevated execution. Standards guidance such as NIST Cybersecurity Framework 2.0 supports verification and continuous control monitoring, which are the practical countermeasures here.
Why It Matters in NHI Security
Time-of-check/time-of-use flaws matter in NHI security because agents, service accounts, and orchestration layers frequently act with privilege on behalf of other systems. A brief gap between validation and execution can become a full compromise when the target is a secret, a container volume, a workspace path, or a deployable command.
NHI risk is amplified by visibility and lifecycle gaps. NHI Mgmt Group reports that only 5.7% of organisations have full visibility into their service accounts, which makes it harder to see where a check-use gap exists and who can exploit it. The Ultimate Guide to NHIs also shows how broad privilege and weak secret hygiene increase exposure, especially when automation is trusted by default. In Zero Trust programs, the relevant question is not whether the object was safe during inspection, but whether it is still the same object at the instant of use, consistent with NIST Cybersecurity Framework 2.0 and NIST Cybersecurity Framework 2.0-aligned monitoring.
Organisations typically encounter this flaw only after an agent or privileged workflow has already executed a tampered path, at which point the issue becomes operationally unavoidable to address.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-06 | Check-use races are a common NHI execution-path weakness. |
| OWASP Agentic AI Top 10 | AGENT-04 | Agent tool use can be redirected if inputs change after validation. |
| NIST CSF 2.0 | PR.AC-4 | Least-privilege and access control reduce impact of race-based misuse. |
Bind agent actions to immutable references and verify tool targets immediately before use.
