D-TA-A-1: Is there basic awareness or informal identification of threats specific to AI systems?
High-Level Risks Identified: Initial identification and acknowledgment of broad risks (e.g., data leakage, unethical or harmful outputs).
Ad Hoc Documentation: Risks are documented informally, without standardized structures or severity ratings.
Limited Stakeholder Awareness: General awareness among stakeholders regarding potential risks, but no systematic tracking.
Description
High-Level Risks Identified: Initial identification and acknowledgment of broad risks (e.g., data leakage, unethical or harmful outputs).
Ad Hoc Documentation: Risks are documented informally, without standardized structures or severity ratings.
Limited Stakeholder Awareness: General awareness among stakeholders regarding potential risks, but no systematic tracking.
D-TA-A-2
D-TA-A-2: Are informal threat mitigation strategies occasionally discussed or implemented?
Centralized Risk Inventory: Established and maintained comprehensive risk inventory specific to LLM use cases, detailing vulnerabilities such as adversarial attacks, prompt manipulation, and ethical concerns.
Severity Scores: Risks assigned severity scores based on potential impact, likelihood, and organizational context.
Regular Updates: Risk inventories updated periodically or when significant changes in LLM use cases occur.
Description
Centralized Risk Inventory: Established and maintained comprehensive risk inventory specific to LLM use cases, detailing vulnerabilities such as adversarial attacks, prompt manipulation, and ethical concerns.
Severity Scores: Risks assigned severity scores based on potential impact, likelihood, and organizational context.
Regular Updates: Risk inventories updated periodically or when significant changes in LLM use cases occur.
D-TA-A-3
D-TA-A-3: Are threats systematically identified and documented for AI systems?
Automated Risk Monitoring: Continuous, automated detection and monitoring of LLM outputs for potentially harmful content, data leakage, and security anomalies.
Real-time Alerting: Automated alerts triggered by identified risks, facilitating immediate investigation and mitigation.
Continuous Improvement: Risks dynamically reassessed through continuous monitoring and real-time data analytics.
Description
Automated Risk Monitoring: Continuous, automated detection and monitoring of LLM outputs for potentially harmful content, data leakage, and security anomalies.
Real-time Alerting: Automated alerts triggered by identified risks, facilitating immediate investigation and mitigation.
Continuous Improvement: Risks dynamically reassessed through continuous monitoring and real-time data analytics.