SAIL

/

Build - AI Security Posture Management

/

Failure to Specify or Enforce Secure Model Requirements

3.12

.

Failure to Specify or Enforce Secure Model Requirements

sail
3.12
Risk

Failure to Specify or Enforce Secure Model Requirements

Description

Security, privacy, or operational requirements are not specified or enforced for models being built, resulting in insecure-by-default models.

Example

A model is trained without any requirements for robustness, leading to easy adversarial evasion after deployment.

Assets Affected

Model files

Dataset / RAG

Framework

Mitigation
  • Specify and document clear AI system requirements including security, privacy, and robustness
  • Validate model against requirements during build
  • Involve AppSec and GRC in requirements review
Standards Mapping
  • ISO 42001: A.6.2.2, A.6.1.2
  • NIST AI RMF: MAP 1.6, GOVERN 1.2