3.13 .

Insufficient Understanding of AI System Boundaries

sail

3.13

Risk

Insufficient Understanding of AI System Boundaries

Description

Failure to clearly define the complete boundaries of a discovered AI system, including all its components, interfaces, and direct dependencies.

Example

An AI-powered recommendation engine is identified, but its reliance on a separate, less secure microservice for data ingestion is missed.

Assets Affected

AI App

Model Inference endpoint

Pipeline Job

3rd-party AI integration

Mitigation

For each AI system, meticulously map its architecture, components, and all internal/external interfaces
Document system, computing resources, and tooling resources

Standards Mapping