SAIL

/

AI Policy & Safe experimentation (Plan)

/

Unauthorized / Prohibited Component Usage

1.9

.

Unauthorized / Prohibited Component Usage

sail
1.9
Risk

Unauthorized / Prohibited Component Usage

Description

Experiment involves the use of unauthorized or prohibited components

Example

Teams import unvetted or disallowed models, datasets, or libraries during experimentation, creating vulnerability, licence, or export-control risks.

Assets Affected

AI Policy

Model files

Dataset / RAG

Framework

3rd-party AI integration

Mitigation
  • Generate AI SBOM/BOM at experiment start and on every change
  • Enforce allow-/deny-lists in sandbox environments
  • Use CI/CD gating for SCA and license scanning
Standards Mapping
  • ISO 42001: A.6.2.2 , A.10.3
  • NIST AI RMF: MAP 4.1, MANAGE 3.1
  • DASF v2: MODEL 7.3, ALGORITHMS 5.4