SAIL 2.0

/

AI Policy & Safe experimentation (Plan)

/

Unauthorised / Prohibited Component Usage

1.8

.

Unauthorised / Prohibited Component Usage

sail
1.8
Risk

Unauthorised / Prohibited Component Usage

Description

Experiment or build involves the use of unauthorized or prohibited components including models, datasets, and libraries while permitting sandboxed experimentation under allowlists

Example

Team imports an unvetted model from a public marketplace into a production agent's project scope, introducing execution risk.

Assets Affected

AI Model

Model Files

Framework

Dataset / RAG

3rd-Party AI Integration

MCP Server

Agents Plugins

Agents Marketplaces

AI Policy

Mitigation
  • Generate AI SBOM/BOM at experiment start and on every change
  • enforce allow/deny-lists across model registries, MCP servers, plugins, and marketplaces
  • CI/CD gating for SCA and license scanning.
Standards Mapping
  • ISO: A.10.3, A.10.2
  • OWASP agentic: ASI04
  • OWASP LLM: LLM03:2025
  • EU AI Act: Art. 10, Art. 25
  • DASF: Model 7.3, Algorithms 5.4
  • AIUC-1: E006, E010