Risk
Insecure API Endpoint Configuration
Description
Weak authentication, lack of encryption, misconfigured CORS, or other API security flaws, exposing the endpoint to unauthorized access or attacks.
Example
API endpoint deployed with HTTP instead of HTTPS, no authentication.
Assets Affected
Model Inference endpoint
AI access credentials
Mitigation
- Enforce strong authentication, HTTPS, proper CORS, WAFs
- Pre-deployment security checks
Standards Mapping
- ISO 42001: A.6.2.5, A.8.2
- NIST AI RMF: MEASURE 2.7, MANAGE 2.4
- DASF v2: MODEL SERVING 9.11