D-TA-B-1: Are documented mitigation strategies developed and periodically reviewed?
Use of Basic Checklists: Teams utilize basic threat checklists (e.g., OWASP Top 10 for LLM Applicationss) to identify common issues like prompt injection or sensitive data exposure.
Informal Approach: Threat identification relies primarily on manual, informal processes.
Limited Coverage: Threat assessments cover only selected or high-visibility LLM deployments.
Description
Use of Basic Checklists: Teams utilize basic threat checklists (e.g., OWASP Top 10 for LLM Applicationss) to identify common issues like prompt injection or sensitive data exposure.
Informal Approach: Threat identification relies primarily on manual, informal processes.
Limited Coverage: Threat assessments cover only selected or high-visibility LLM deployments.
D-TA-B-2
D-TA-B-2: Is comprehensive threat assessment consistently performed and integrated across AI lifecycle?
Standardized Threat Modeling Process: Organization-wide standardized approach to threat modeling, clearly mapping adversarial attack vectors such as prompt injection, unauthorized data disclosure, and unethical content generation.
Structured Documentation: Threat models documented systematically and reviewed regularly.
Integrated into Development: Threat modeling integrated into the design phase of LLM projects.
Description
Standardized Threat Modeling Process: Organization-wide standardized approach to threat modeling, clearly mapping adversarial attack vectors such as prompt injection, unauthorized data disclosure, and unethical content generation.
Structured Documentation: Threat models documented systematically and reviewed regularly.
Integrated into Development: Threat modeling integrated into the design phase of LLM projects.
D-TA-B-3
D-TA-B-3: Are proactive and comprehensive mitigation strategies continuously implemented and refined?
Full Automation of Threat Detection: AI-driven tools automatically detect adversarial attempts, prompt injection attacks, and other security threats in real-time.
Integrated Alerts into Operational Tools: Threat detection integrated into operational and incident response systems (e.g., SIEM, SOAR).
Predictive Analytics: AI-assisted predictive analytics anticipate new or evolving threats based on historical data and emerging trends.
Description
Full Automation of Threat Detection: AI-driven tools automatically detect adversarial attempts, prompt injection attacks, and other security threats in real-time.
Integrated Alerts into Operational Tools: Threat detection integrated into operational and incident response systems (e.g., SIEM, SOAR).
Predictive Analytics: AI-assisted predictive analytics anticipate new or evolving threats based on historical data and emerging trends.