AI Security Compass

50 attack vectors documented across the full AI lifecycle, grounded in authoritative sources and designed to answer a single practical question at every point; what must the organisation have in place before this threat vector becomes a business impacting problem?

The interactive visual summary that follows is an insight into the comprehensive AI adoption security planning framework. The matrix presents broad terrain view, click-able threat vector nodes with detail. The chart presents a relationship perspective to explore context from wider terrain. Useful to internalise the threat vector terrain and serve as input into prioritisation of efforts.

System type
Lifecycle phase
LIFECYCLE PHASESecure Design9vSecure Development17vSecure Deployment26vSecure Maintenance25vSecure Endof Life7vIMPACT DOMAINData10 vectorsModel9 vectorsInfrastructure11 vectorsSupply Chain10 vectorsOutput and Behaviour12 vectorsHuman and Governance8 vectorsD1D1D2D3D4D4D5E2E2E2E2E2E2E5E5M1M1M2M2M3M3M4M5M5I1I1I2I3I4I4I5I5I5I6I6E3E3E3E3I7I7SC1SC1SC2SC3SC3SC4SC5SC6SC6O1O1O2O2O3O3O4O4O5O5O6O6E1E1E4E4E4E4O7O7O8O8In1In1In2In3In3In3In4In4In4In5In6In7In7EoL1EoL2EoL2EoL3EoL3EoL4EoL4EoL5EoL5EoL6EoL6EoL7EoL7
Key Concern
Confidentiality
Integrity
Availability
Influence

Each vector is assessed across six dimensions, including the four domains through which AI adoption introduces or amplifies safeguarding concerns; confidentiality, integrity, availability and influence. With the last of these representing a deliberate extension of conventional security thinking into the cognitive and governance territory that AI uniquely occupies.

The framework also makes a distinction that practitioners will find immediately useful. Not every vector applies equally depending on how an organisation relates to the AI system under assessment. Whether building from scratch, fine-tuning a third-party foundation model, or consuming AI capability through a vendor API, the attack surface is materially different and this framework reflects that throughout.

Get in touch to get a view of the complete AI Security Compass, the enriched framework enabling filtering based on aforementioned deployment context in addition to the visible dimensions in the visualisations. An enterprise grade artefact ready to be integrated into AI adoption initiatives.