1. Plan: AI Policy & Safe Experimentation
2. Code/No Code: AI Asset Discovery
3. Build: AI Security Posture Management
4. Test: AI Red Teaming
5. Deploy: Runtime Guardrails
6. Operate: Safe Execution Environment (Sandbox)
7. Monitor: AI Activity Tracing
Risk
Insufficient Multimodal Security Testing
Description
Red-team testing misses risks unique to models handling images, audio, or video.
Example
Malicious image or audio triggers model to leak data or bypass controls.
Assets Affected
Model Inference Endpoint
Mitigation
- Add multimodal attack simulations to red-team scope
- test for injection and content abuse in all formats
- require manual review for high-risk outputs.
Standards Mapping
- ISO: A.6.2.4, A.7.2
- OWASP agentic: ASI01
- OWASP LLM: LLM01:2025
- EU AI Act: Art. 15
- DASF: Platform 12.2
- AIUC-1: B001, C010