SAIL

/

Test - AI Red Teaming

/

Missing Documented Evidence of Red Teaming/Risk Assessment

4.4

.

Missing Documented Evidence of Red Teaming/Risk Assessment

sail
4.4
Risk

Missing Documented Evidence of Red Teaming/Risk Assessment

Description

Test findings, attack data, and replay steps not centrally stored; compliance cannot be demonstrated.

Example

Critical vuln discussed in Slack but never logged.

Assets Affected

App Usage log

Mitigation
  • Store all engagements in version-controlled repo
  • Tag with model/date/tester
  • Enforce retention policy
Standards Mapping
  • ISO 42001: A.5.3, A.6.2.7
  • NIST AI RMF: MEASURE 2.1, GOVERN 4.2