Risk
Insufficient AI Interaction Logging
Description
Failure to comprehensively log AI user/model interactions, queries, or responses, resulting in blind spots for investigation or compliance.
Example
ISO 42001 audit fails due to missing decision-making processes and user interactions
Assets Affected
App Usage log
Model Response
Mitigation
- Enforce detailed and consistent interaction logging
- Define log schemas for AI prompts/responses
- Regularly audit log completeness
Standards Mapping
- ISO 42001: A.6.2.8, A.8.3
- NIST AI RMF: MEASURE 3.1, GOVERN 1.5
- DASF v2: RAW DATA 1.10, MODEL SERVING 10.1