G-EA-A-1: Is there initial informal training or general awareness about AI security risks within the organization?
Ad-Hoc Learning: Security and ethics topics appear sporadically in general tech training or after incidents.
Limited Reach: Only core engineering teams receive any AI-security guidance; business and risk stakeholders rarely included.
Informal Materials: Slide decks or wiki pages exist but are not curated or kept up to date.
Description
Ad-Hoc Learning: Security and ethics topics appear sporadically in general tech training or after incidents.
Limited Reach: Only core engineering teams receive any AI-security guidance; business and risk stakeholders rarely included.
Informal Materials: Slide decks or wiki pages exist but are not curated or kept up to date.
G-EA-A-2
G-EA-A-2: Is communication about AI security risks sporadic or ad hoc?
Documented Curriculum: Mandatory courses cover AI-specific threats, privacy, bias, and incident response; electives address deeper topics like adversarial ML or model interpretability.
Role Tailoring: Distinct learning paths for developers, data scientists, product owners, and executives.
Guidance Library: Curated playbooks, checklists, and coding examples are integrated into day-to-day tools (e.g., notebooks, IDE extensions).
Description
Documented Curriculum: Mandatory courses cover AI-specific threats, privacy, bias, and incident response; electives address deeper topics like adversarial ML or model interpretability.
Role Tailoring: Distinct learning paths for developers, data scientists, product owners, and executives.
Guidance Library: Curated playbooks, checklists, and coding examples are integrated into day-to-day tools (e.g., notebooks, IDE extensions).
G-EA-A-3
G-EA-A-3: Are formal training programs on AI security established, targeting key stakeholders and teams?
Just-In-Time Micro-Learning: Contextual tips and secure-by-design snippets appear in pipelines, notebooks, and code reviews.
Community and Mentorship: Internal forums, guilds, and brown-bag sessions foster knowledge sharing; external conferences encouraged.
Automated Guidance Updates: New threat intel or policy changes automatically trigger content refresh and notification to affected roles.
Description
Just-In-Time Micro-Learning: Contextual tips and secure-by-design snippets appear in pipelines, notebooks, and code reviews.
Community and Mentorship: Internal forums, guilds, and brown-bag sessions foster knowledge sharing; external conferences encouraged.
Automated Guidance Updates: New threat intel or policy changes automatically trigger content refresh and notification to affected roles.