SAIL

/

Build - AI Security Posture Management

/

Insufficient Understanding of AI System Boundaries

3.13

.

Insufficient Understanding of AI System Boundaries

sail
3.13
Risk

Insufficient Understanding of AI System Boundaries

Description

Failure to clearly define the complete boundaries of a discovered AI system, including all its components, interfaces, and direct dependencies.

Example

An AI-powered recommendation engine is identified, but its reliance on a separate, less secure microservice for data ingestion is missed.

Assets Affected

AI App

Model Inference endpoint

Pipeline Job

3rd-party AI integration

Mitigation
  • For each AI system, meticulously map its architecture, components, and all internal/external interfaces
  • Document system, computing resources, and tooling resources
Standards Mapping
  • ISO 42001: A.6.2.3, A.4.2
  • NIST AI RMF: MAP 2.1, MAP 4.1