1. Plan: AI Policy & Safe Experimentation
2. Code/No Code: AI Asset Discovery
3. Build: AI Security Posture Management
4. Test: AI Red Teaming
5. Deploy: Runtime Guardrails
6. Operate: Safe Execution Environment (Sandbox)
7. Monitor: AI Activity Tracing
Risk
Insecure Storage of Red Teaming Artifacts
Description
Test payloads, exploit scripts, or reports are stored without proper security controls, creating insider or supply-chain risk.
Example
Sensitive exploit notebook remains accessible on a shared drive or repo after testing.
Assets Affected
Notebook
App Usage Log
Mitigation
- Ticket-based shred/archive
- artifact TTL
- store test artifacts in encrypted vault
- auto-cleanup.
Standards Mapping
- ISO: A.4.5
- EU AI Act: Art. 15(5)
- DASF: Datasets 3.2
- AIUC-1: E005, B008