Isaca ISACA Advanced in AI Audit (AAIA) AAIA Question # 38 Topic 4 Discussion
AAIA Exam Topic 4 Question 38 Discussion:
Question #: 38
Topic #: 4
During a walk-through, an IS auditor observes an AI engineer entering a prompt that manipulates the AI model’s behavior. Which of the following is the BEST control to prevent this?
The most direct and effective control for preventing prompt-based manipulation is to enforce a structured input/output template (option A). AAIA highlights prompt management as a key emerging control area because unstructured prompts can lead to:
Prompt injection
Model manipulation
Circumvention of rules
Unauthorized access to sensitive outputs
Safety violations
Templates constrain user input to predefined formats, reducing opportunities to embed hidden instructions or modify model behavior.
Adversarial training (B) strengthens robustness but does not prevent users from inserting manipulative prompts.
Encryption (C) protects data, not prompt integrity.
Immediate retraining (D) addresses performance, not misuse.
Templates ensure consistent, secure, and auditable prompt structure.
[References:, AAIA Domain 1: AI Governance, Prompt Controls, AAIA Domain 2: Security Controls for Generative AI, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit