1. Plan: AI Policy & Safe Experimentation
2. Code/No Code: AI Asset Discovery
3. Build: AI Security Posture Management
4. Test: AI Red Teaming
5. Deploy: Runtime Guardrails
6. Operate: Safe Execution Environment (Sandbox)
4.7
.
Insufficient Multimodal Security Testing
sail
4.7
Risk
Insufficient Multimodal Security Testing
Description
Red-team testing misses risks unique to models handling images, audio, or video.
Example
Malicious image or audio triggers model to leak data or bypass controls.
Assets Affected
Model Inference endpoint
Mitigation
- Add multimodal attack simulations to red-team scope
- Test for injection and content abuse in all formats
- Require manual review for high-risk outputs
Standards Mapping
- ISO 42001: A.6.2.4, A.7.2
- NIST AI RMF: MEASURE 2.3, MEASURE 2.5
