Model Security
CSA AI Controls Matrix v1.1 domain
Protect model integrity, access, behavior, artifacts, and inference surfaces.
What this domain means for procurement
Model-specific threats include poisoning, manipulation, theft, unauthorized access, prompt injection, and insecure inference. Vendor evidence should cover the full model lifecycle.
How TrustAtlas dimensions support it
Security captures model defenses; IP exposure captures weights, training, and output rights; transparency captures evaluations; agent governance covers models acting through tools and delegated authority.
This is an interpretive TrustAtlas cross-walk, not an official CSA mapping or evidence of AICM conformity.
Questions to ask vendors
Use these procurement prompts alongside the official CSA AICM v1.1 materials. They name the domain but do not invent or paraphrase control identifiers.
- How do you protect model weights, training pipelines, fine-tunes, and deployment artifacts from unauthorized change or extraction?
- Which evaluations cover poisoning, prompt injection, model theft, unsafe tool use, and adversarial inputs?
- How are model provenance, version, evaluation results, known limitations, and material changes disclosed?
- What controls constrain models or agents from taking high-impact actions without appropriate approval?
Related
- Back to all 18 CSA AICM v1.1 domains
- Official CSA AICM v1.1 artifact
- NIST AI RMF cross-walk
- TrustAtlas methodology — how the nine risk dimensions are scored