Isaca ISACA Advanced in AI Audit (AAIA) AAIA Question # 8 Topic 1 Discussion
AAIA Exam Topic 1 Question 8 Discussion:
Question #: 8
Topic #: 1
During an audit of an investment organization's AI-powered software, an IS auditor identifies a potential security risk. What is the GREATEST risk associated with staff exfiltrating organizational data to a generative AI tool?
The AAIA™ Study Guide stresses that inputting confidential or proprietary data into third-party generative AI tools may result in unauthorized data disclosure. These tools may store, process, or retrain on the input data, leading to privacy and intellectual property risks.
“When employees input sensitive data into external AI tools, organizations risk losing control over that information. This may result in regulatory non-compliance, legal exposure, and irreversible data leakage.”
While business disruption (C) and reliance (D) are notable, the most severe and immediate risk is B—unauthorized disclosure. Data contamination (A) impacts model reliability, not data security.
[Reference: ISACA Advanced in AI Audit™ (AAIA™) Study Guide, Section: “Ethical and Legal Considerations in AI,” Subsection: “Data Privacy and Use of External AI Tools”, ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit