From 1893c374d73f7adc32332e4095694e2abcf71068 Mon Sep 17 00:00:00 2001 From: Matteo Meucci Date: Sun, 16 Nov 2025 16:40:41 +0100 Subject: [PATCH] Update 2.0_Threat_Modeling_for_AI_Systems.md --- Document/content/2.0_Threat_Modeling_for_AI_Systems.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Document/content/2.0_Threat_Modeling_for_AI_Systems.md b/Document/content/2.0_Threat_Modeling_for_AI_Systems.md index f775a46..16fb66e 100644 --- a/Document/content/2.0_Threat_Modeling_for_AI_Systems.md +++ b/Document/content/2.0_Threat_Modeling_for_AI_Systems.md @@ -37,7 +37,7 @@ In Stage II of PASTA, we define the architectural scope by aligning it with the Description

-**Fig 1.1 SAIF Architecture Layers & Components** +**Fig 1 SAIF Architecture Layers & Components** The SAIF Map organizes AI security into four key areas: Application, Model, Infrastructure and Data, allowing scope AI protection across the full AI development lifecycle. The top half highlights the model’s path to deployment and user interaction, focusing on risks and controls most relevant to Model Consumers building AI-powered applications. The bottom half of the SAIF Map illustrates the process of developing a model, focusing on Model Creators, those who train or fine-tune models for their own use or for others. Depending on how AI is used, different risks may have greater relevance. The SAIF Risk Map illustrates where risks are introduced during the AI development lifecycle, often as a result of weaknesses in people, processes, or tools, where they are exposed (i.e., observable or testable by security teams), and where they can ultimately be mitigated through the implementation of appropriate controls. Some of these risk paths manifest primarily in the model usage layers (Application and Model) and relative AI components, others emerge in the model creation layers (Infrastructure and Data), and many span both, underscoring the need for comprehensive security coverage across the entire AI system lifecycle.