A security engineer needs to monitor an AI-based system for runtime operations. The engineer is mostly concerned about the visibility of internal activity.
Which of the following is the most appropriate monitoring solution?
A disgruntled employee changed the company policies that a chatbot references in order to create confusion and disrupt the business.
Which of the following AI-generated vulnerabilities is the employee exploiting?
An AI security team must assess the probability of an attack on its new system and the impact associated with such an attack.
Which of the following threat-modeling resources best addresses the threat landscape for machine learning (ML)?
A security analyst is preparing a presentation for the sales team that describes the most common vulnerabilities that are specific to AI applications.
Which of the following is the best source for the analyst to consult?
Which of the following is a risk addressed by responsible AI?
A security analyst needs to conduct a security assessment of the output from an AI-enabled development tool.
Which of the following should the analyst do first?
A detection engineering team wants to use AI to automatically prevent vulnerable code from reaching production.
Which of the following is the most effective way to accomplish this task?
A company is adopting AI and wants to create policies and procedures that include a structure for evaluating, publishing, and approving patterns for AI usage.
Which of the following should the company establish to meet this goal?
Which of the following is an example of how a security analyst uses generative AI in the triage process?
An organization deploys an application programming interface (API) to allow external customers to perform tasks supported by internally developed AI models. Some customers require limited use of sensitive data. After the API is deployed, customers report that the API returns sensitive data to all customers. Which of the following is the best action to take with the API?