1. Plan: AI Policy & Safe Experimentation
2. Code/No Code: AI Asset Discovery
3. Build: AI Security Posture Management
4. Test: AI Red Teaming
5. Deploy: Runtime Guardrails
6. Operate: Safe Execution Environment (Sandbox)
7.1
.
Insufficient AI Interaction Logging
sail
7.1
Risk
Insufficient AI Interaction Logging
Description
Failure to comprehensively log AI user/model interactions, queries, or responses, resulting in blind spots for investigation or compliance.
Example
ISO 42001 audit fails due to missing decision-making processes and user interactions
Assets Affected
App Usage log
Model Response
Mitigation
- Enforce detailed and consistent interaction logging
- Define log schemas for AI prompts/responses
- Regularly audit log completeness
Standards Mapping
- ISO 42001: A.6.2.8, A.8.3
- NIST AI RMF: MEASURE 3.1, GOVERN 1.5
- DASF v2: RAW DATA 1.10, MODEL SERVING 10.1
