SAIL

/

Code/ No Code - AI Asset Discovery

/

Incomplete Asset Inventory

2.1

.

Incomplete Asset Inventory

sail
2.1
Risk

Incomplete Asset Inventory

Description

Not all AI assets are identified and cataloged, leading to security blind spots.

Example

An undocumented AI model processing customer data exists in a development environment, unknown to security teams.

Assets Affected

All assets

Mitigation
  • Conduct regular, comprehensive AI asset discovery audits
  • Implement automated discovery tools
  • Maintain a centralized AI asset registry
Standards Mapping
  • ISO 42001: A.4.2, A.6.2.3
  • NIST AI RMF: GOVERN 1.6, MAP 1.1