Basic Concept: Threat modeling for AI systems requires a framework specifically designed to address AI-specific attack techniques, tactics, and procedures. General cybersecurity or governance frameworks do not capture the unique adversarial attack surface of AI and ML systems. CompTIA SecAI+ Exam Objectives identify MITRE ATLAS as the primary AI threat modeling resource.

Why B is Correct: MITRE ATLAS (Adversarial Threat Landscape for AI Systems) is specifically designed as an AI and ML threat modeling framework. It catalogs real-world adversarial tactics, techniques, and procedures targeting AI systems, enabling security architects to identify and assess threats unique to ML models such as data poisoning, model extraction, and evasion attacks. It is the industry standard for AI-specific threat modeling.

Why A is Wrong: Responsible AI is a set of ethical principles and governance guidelines for developing and deploying AI systems fairly and safely. It addresses ethics and fairness, not technical adversarial threat modeling.

Why C is Wrong: The OECD provides non-binding policy recommendations and principles for AI governance at an international level. It does not provide technical threat modeling taxonomies or AI-specific attack catalogs.

Why D is Wrong: ISO standards such as ISO 42001 establish management system requirements for AI governance. They are compliance and management frameworks, not threat modeling tools for identifying adversarial AI attack vectors.