Risk
Incomplete Asset Inventory
Description
Not all AI assets are identified and cataloged, leading to security blind spots.
Example
An undocumented AI model processing customer data exists in a development environment, unknown to security teams.
Assets Affected
All assets
Mitigation
- Conduct regular, comprehensive AI asset discovery audits
- Implement automated discovery tools
- Maintain a centralized AI asset registry
Standards Mapping
- ISO 42001: A.4.2, A.6.2.3
- NIST AI RMF: GOVERN 1.6, MAP 1.1