Definition
A timing-based vulnerability where an attacker exploits the gap between the moment a system checks a condition and the moment it acts on that check. By modifying data between these two moments, the attacker can bypass the security check.
Why it matters
In AI agent workflows, TOCTOU gaps become broader because agents operate asynchronously across multiple systems. An agent may check permission at step one, but by step three the permissions have changed—allowing unauthorized access.