diff --git a/Document/content/2.1.2_Identify_RAI_threats.md b/Document/content/2.1.2_Identify_RAI_threats.md index 328ec58..35937ea 100644 --- a/Document/content/2.1.2_Identify_RAI_threats.md +++ b/Document/content/2.1.2_Identify_RAI_threats.md @@ -19,7 +19,6 @@ Based on these concepts, we carefully revise your previous identification of thr RAI Threat Model

- ### **Responsible AI / Trustworthy AI Additions Only** #### **🟦 AI Application (4 additions):** @@ -46,8 +45,6 @@ Based on these concepts, we carefully revise your previous identification of thr 11. Toxic or Harmful Training Data 12. Data Privacy Violations ---- - The following tables provide a structured overview, facilitating clear visibility for identifying, managing, and mitigating critical Responsible AI and Trustworthy AI (RT) threats across your entire AI system architecture. ## **🟦 AI Application RT Threats** @@ -57,32 +54,24 @@ The following tables provide a structured overview, facilitating clear visibilit | 1 | Application & User Interaction | Hallucinations, Toxic Content Generation, Automation Bias, Lack of Explainability | | 2 | Agent/Plugin | Lack of Accountability in Agent/Plugin Actions | ---- - ## **🟪 AI Model RT Threats** | \# | Component | Responsible & Trustworthy AI Threats | | ----- | ----- | ----- | | 3 | Model (Inference & Training) | Bias and Discrimination, Overfitting and Generalization, Misalignment with Human Intent | ---- - ## **🟩 AI Infrastructure RT Threats** | \# | Component | Responsible & Trustworthy AI Threats | | ----- | ----- | ----- | | 4 | Infrastructure (Storage, Serving, Frameworks, Training & Evaluation) | Lack of Traceability & Auditability of Infrastructure Processes | ---- - ## **🟨 AI Data RT Threats** | \# | Component | Responsible & Trustworthy AI Threats | | ----- | ----- | ----- | | 5 | Data (Sources, Processing, Storage) | Non-representative Training Data, Toxic or Harmful Training Data, Data Privacy Violations | ---- - ## **Four Pillars of AI Testing** Artificial‑intelligence systems blend traditional software, complex data pipelines, and probabilistic models. This hybrid nature means that many well‑established security testing practices (e.g., network scanning, penetration testing, secure‑code review) remain indispensable, yet they are no longer sufficient on their own. AI brings new threat vectors—prompt manipulation, data poisoning, model extraction, and unintended agency, to name only a few—that require purpose‑built test strategies. @@ -117,8 +106,6 @@ For broader security assurance across networks, infrastructure, and traditional * User interface abuse (e.g., phishing via AI) * Interpretability & transparency evaluation ---- - ### **2\. AI Model Testing** * Scope: Model training, fine-tuning, inference behavior @@ -135,8 +122,6 @@ For broader security assurance across networks, infrastructure, and traditional * Membership inference testing * Alignment and behavior under edge cases ---- - ### **3\. AI Infrastructure Testing** * Scope: Hosting, serving, orchestration, APIs, plugin permissions @@ -152,8 +137,6 @@ For broader security assurance across networks, infrastructure, and traditional * Plugin/agent boundary testing * Environment security (CI/CD, containers) ---- - ### **4\. AI Data Testing** * Scope: Data collection, curation, storage, labeling, filtering @@ -168,7 +151,3 @@ For broader security assurance across networks, infrastructure, and traditional * Bias and diversity analysis * Data provenance validation * Filtering robustness (toxicity, duplication) - ---- - -##