Risk
Unmonitored AI experimentation
Description
Unauthorized/hidden "shadow" experimentation environments bypass controls, risking regulatory, security, and data exposure.
Example
Data scientist runs LLM playground on personal VM with customer data.
Assets Affected
AI platform
Notebook
Model files
Mitigation
- Require registration/approval of experiment sandboxes
- Asset inventory
- Alert on new/rogue environments
- Periodic discovery scans
- Log analysis
Standards Mapping
- ISO 42001: A.3.2, A.6.1.3
- NIST AI RMF: GOVERN 1.6, GOVERN 4.3