Merge pull request #18 from mmorana1/patch-8

Update 2.1_Identify_AI_Threats.md

Document/content/2.1_Identify_AI_Threats.md

@@ -4,7 +4,7 @@ In this work, we present an architectural high-level scoped threat modeling appr
 
 This threat model is structured around the components defined by Google’s [Secure AI Framework (SAIF)](https://saif.google/secure-ai-framework/components), ensuring a holistic risk driven approach from the perspective of threats directly and indirectly affected by threat which includes both the exposed components as well as the vulnerable components that might have known or assumed weaknesses (CWEs). When performing threat modeling driven vulnerability testing the notion of the components directly and indirectly affected by threat and the vulnerable components help to map these threats to the specific tests.
 
-Identifying which components of the architecture are exposed to specific threats enables security teams to prioritize them for assessment. Initial testing may include configuration validation and vulnerability scanning of components that are potentially vulnerable, while later-stage assessments can involve adversarial attack simulations where specific components are targeted in threat scenarios. To support adversarial threat analysis, we incorporate AI-specific threat taxonomies from OWASP such as \[3\] OWASP Top 10 for Large Language Models (LLMs) and OWASP Foundation. OWASP AI Exchange. OWASP Foundation, 2024\. Available from [https://owasp.org/www-project-ai-exchange/](https://owasp.org/www-project-ai-exchange/)  \[5\] as well as tactics and techniques from frameworks such as MITRE ATLAS \[11\]. As GenAI threat testing continues to evolve, it’s natural for taxonomies to specialize over time, especially as new tools and techniques emerge to address distinct threat classes. For example, in the case of Prompt Injection (PJI), more granular taxonomies and classifications—like those being developed by [Pangea](https://pangea.cloud/securebydesign/aiapp-pi-taxonomy) \[23\] help clarify further where and how attacks occur (e.g., direct vs. indirect injection), supporting more targeted testing strategies for specific LLM threats like Prompt Injection (PIJ) threats. This guide aims to provide a comprehensive, threat-driven approach to AI testing by establishing a structured foundation for realistic adversary modeling, incorporating AI-specific threat taxonomies (such as those for prompt injection), and enabling the simulation of attack paths that should be included within the testing scope.
+Identifying which components of the architecture are exposed to specific threats enables security teams to prioritize them for assessment. Initial testing may include configuration validation and vulnerability scanning of components that are potentially vulnerable, while later-stage assessments can involve adversarial attack simulations where specific components are targeted in threat scenarios. To support adversarial threat analysis, we incorporate AI-specific threat taxonomies from OWASP such as OWASP Top 10 for Large Language Models (LLMs) \[3\] available from [https://owasp.org/www-project-top-10-for-large-language-model-applications/](https://owasp.org/www-project-top-10-for-large-language-model-applications/) and OWASP AI Exchange \[5\] available from [https://owasp.org/www-project-ai-exchange/](https://owasp.org/www-project-ai-exchange/) as well as tactics and techniques from frameworks such as MITRE ATLAS \[11\] available from  [https://atlas.mitre.org/](https://atlas.mitre.org/). As GenAI threat testing continues to evolve, it’s natural for taxonomies to specialize over time, especially as new tools and techniques emerge to address distinct threat classes. For example, in the case of Prompt Injection (PJI), more granular taxonomies and classifications—like those being developed by [Pangea](https://pangea.cloud/securebydesign/aiapp-pi-taxonomy) \[23\] help clarify further where and how attacks occur (e.g., direct vs. indirect injection), supporting more targeted testing strategies for specific LLM threats like Prompt Injection (PIJ) threats. This guide aims to provide a comprehensive, threat-driven approach to AI testing by establishing a structured foundation for realistic adversary modeling, incorporating AI-specific threat taxonomies (such as those for prompt injection), and enabling the simulation of attack paths that should be included within the testing scope.
 
 In our context, a comprehensive AI threat model is focused on identifying and assessing threats at the final stages of the AI lifecycle, specifically during QA and staging environments prior to production deployment, as well as in assessing baselines of AI systems already operating in production. The model serves as a foundation for security assurance by performing a high-level attack surface analysis across the AI pipeline and integrations, followed by a vulnerability mapping that ties identified weaknesses to realistic and testable threat vectors. Threats are prioritized based on their exploitability and potential business impact, ensuring focus on the most critical risks. The model also includes an evaluation of existing technical, architectural, and procedural controls, highlights any security gaps, and proposes actionable mitigations. Importantly, all threat modeling outputs are mapped back to business objectives and compliance requirements, such as NIST AI RMF and GDPR to ensure alignment with organizational goals and regulatory mandates.