From 08e4ce6eed1be5d28bd08d03d7922a21646794a9 Mon Sep 17 00:00:00 2001 From: Matteo Meucci Date: Sun, 23 Nov 2025 12:10:01 +0100 Subject: [PATCH] Update 2.0_Threat_Modeling_for_AI_Systems.md --- Document/content/2.0_Threat_Modeling_for_AI_Systems.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Document/content/2.0_Threat_Modeling_for_AI_Systems.md b/Document/content/2.0_Threat_Modeling_for_AI_Systems.md index 7b9b814..8984574 100644 --- a/Document/content/2.0_Threat_Modeling_for_AI_Systems.md +++ b/Document/content/2.0_Threat_Modeling_for_AI_Systems.md @@ -43,7 +43,7 @@ In Stage II of PASTA, we define the architectural scope by aligning it with the Description

-*Fig. 1 SAIF Architecture Layers & Components* +*Fig. 1: SAIF Architecture Layers & Components* The SAIF Map organizes AI security into four key areas: Application, Model, Infrastructure and Data, allowing scope AI protection across the full AI development lifecycle. The top half highlights the model’s path to deployment and user interaction, focusing on risks and controls most relevant to Model Consumers building AI-powered applications. The bottom half of the SAIF Map illustrates the process of developing a model, focusing on Model Creators, those who train or fine-tune models for their own use or for others. Depending on how AI is used, different risks may have greater relevance. The SAIF Risk Map illustrates where risks are introduced during the AI development lifecycle, often as a result of weaknesses in people, processes, or tools, where they are exposed (i.e., observable or testable by security teams), and where they can ultimately be mitigated through the implementation of appropriate controls. Some of these risk paths manifest primarily in the model usage layers (Application and Model) and relative AI components, others emerge in the model creation layers (Infrastructure and Data), and many span both, underscoring the need for comprehensive security coverage across the entire AI system lifecycle.