From b6d6de9aad1bd3cee88ca79e36841a9eb6cef3f1 Mon Sep 17 00:00:00 2001 From: Matteo Meucci Date: Sun, 16 Nov 2025 16:42:53 +0100 Subject: [PATCH] Update 2.0_Threat_Modeling_for_AI_Systems.md --- Document/content/2.0_Threat_Modeling_for_AI_Systems.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Document/content/2.0_Threat_Modeling_for_AI_Systems.md b/Document/content/2.0_Threat_Modeling_for_AI_Systems.md index 16fb66e..9c4b19e 100644 --- a/Document/content/2.0_Threat_Modeling_for_AI_Systems.md +++ b/Document/content/2.0_Threat_Modeling_for_AI_Systems.md @@ -31,13 +31,13 @@ Choose a methodology that best aligns with your organization’s objectives, sys ### AI System Architecture It’s important to map threats to a comprehensive AI architecture. (*) As threats depend on system design, different parts of the AI system (data ingestion, training pipeline, model API, monitoring system) have different vulnerabilities. Without full architecture visibility, critical attack surfaces can be missed. Mapping threats to specific components also allows you to identify where threats can realistically occur, helping to prioritize risks instead of treating the system as a black box. When threats are mapped to the full architecture, layered security controls can be designed at each critical boundary (data, model, APIs, infrastructure), not just at the perimeter. Mapping threats systematically supports structured threat modeling (like STRIDE, PASTA, or LINDDUN for AI) making it easier to design specific, actionable countermeasures. Since threat modeling relies heavily on scope and context, it is crucial to select an architectural scope that reflects the most prevalent AI threats and aligns with the technical and business use cases that underpin most AI applications today. -In Stage II of PASTA, we define the architectural scope by aligning it with the Secure AI Framework (SAIF) [12], establishing a structured view of the AI system’s core security-relevant components. SAIF serves as a publicly available model for securing AI systems at scale, offering a practical, adaptable, and business-aligned framework that connects AI system security with broader risk management and operational resilience objectives. Specifically, the SAIF Risk Map [13] serves as a visual guide for navigating AI security and is central to understanding SAIF as a comprehensive security framework. It highlights many risks that may be unfamiliar to developers, such as prompt injection, data poisoning, and rogue actions. By mapping the AI development process, the SAIF Map helps identify where these risks emerge and, critically, where corresponding security controls can be applied. In Fig 1.1. we provide the visual of the SAIF components. +In Stage II of PASTA, we define the architectural scope by aligning it with the Secure AI Framework (SAIF) [12], establishing a structured view of the AI system’s core security-relevant components. SAIF serves as a publicly available model for securing AI systems at scale, offering a practical, adaptable, and business-aligned framework that connects AI system security with broader risk management and operational resilience objectives. Specifically, the SAIF Risk Map [13] serves as a visual guide for navigating AI security and is central to understanding SAIF as a comprehensive security framework. It highlights many risks that may be unfamiliar to developers, such as prompt injection, data poisoning, and rogue actions. By mapping the AI development process, the SAIF Map helps identify where these risks emerge and, critically, where corresponding security controls can be applied. In Fig. 1 we provide the visual of the SAIF components.

Description

-**Fig 1 SAIF Architecture Layers & Components** +**Fig. 1 SAIF Architecture Layers & Components** The SAIF Map organizes AI security into four key areas: Application, Model, Infrastructure and Data, allowing scope AI protection across the full AI development lifecycle. The top half highlights the model’s path to deployment and user interaction, focusing on risks and controls most relevant to Model Consumers building AI-powered applications. The bottom half of the SAIF Map illustrates the process of developing a model, focusing on Model Creators, those who train or fine-tune models for their own use or for others. Depending on how AI is used, different risks may have greater relevance. The SAIF Risk Map illustrates where risks are introduced during the AI development lifecycle, often as a result of weaknesses in people, processes, or tools, where they are exposed (i.e., observable or testable by security teams), and where they can ultimately be mitigated through the implementation of appropriate controls. Some of these risk paths manifest primarily in the model usage layers (Application and Model) and relative AI components, others emerge in the model creation layers (Infrastructure and Data), and many span both, underscoring the need for comprehensive security coverage across the entire AI system lifecycle.