SAIL

/

Test - AI Red Teaming

/

Lack of Risk Assessment Process

4.3

.

Lack of Risk Assessment Process

sail
4.3
Risk

Lack of Risk Assessment Process

Description

Inconsistent methodology, coverage, and severity scoring across teams; evidence may be incomplete or non-comparable.

Example

One team only tests bias; another only jailbreaks.

Assets Affected

No core AI components directly affected - relates to testing process

Mitigation
  • Adopt a red-team playbook/checklist (e.g., MITRE ATLAS, OWASP)
  • Maintain severity taxonomy; train red-team staff
Standards Mapping
  • ISO 42001: A.5.2, A.6.2.4
  • NIST AI RMF: MEASURE 1.1, GOVERN 1.3