Risk
Discovery of Outdated or Orphaned AI Assets
Description
Identifying AI models, datasets, or tools that are no longer actively maintained, supported, or have clear ownership, posing unmonitored security, compliance, or operational risks.
Example
A data science team built an experimental model two years ago; the team members have left, and the model is still running on an old server with unpatched vulnerabilities.
Assets Affected
Model files
Dataset / RAG
Notebook
AI platform
Mitigation
- Establish clear ownership and lifecycle management for all AI assets from discovery
- Implement processes for decommissioning or archiving orphaned assets
- Regularly review asset inventory for outdated components
Standards Mapping
- ISO 42001: A.6.2.6, A.3.2
- NIST AI RMF: GOVERN 1.7, MANAGE 2.2