SAIL

/

Code/ No Code - AI Asset Discovery

/

Overlooked Embedded or Inherited AI Functionality

2.6

.

Overlooked Embedded or Inherited AI Functionality

sail
2.6
Risk

Overlooked Embedded or Inherited AI Functionality

Description

Failing to identify AI capabilities embedded within larger, non-AI-explicit commercial off-the-shelf (COTS) software or managed services.

Example

A newly procured CRM system has an undocumented AI-powered predictive analytics feature that processes sensitive customer data.

Assets Affected

AI App

3rd-party AI integration

Mitigation
  • Scrutinize documentation and conduct technical assessments of all software/services to identify embedded AI
  • Include AI considerations in vendor procurement and assessment processes
Standards Mapping
  • ISO 42001: A.10.3, A.4.2
  • OWASP Top 10 for LLM: LLM03
  • NIST AI RMF: MAP 2.1, GOVERN 6.1