Isaca ISACA Advanced in AI Audit (AAIA) AAIA Question # 74 Topic 8 Discussion
AAIA Exam Topic 8 Question 74 Discussion:
Question #: 74
Topic #: 8
An organization shares an AI model with external partners. One partner reports that sensitive data has been inadvertently exposed through the model’s outputs. Which of the following is the IS auditor ' s BEST recommendation?
A.
Limit the model ' s outputs to anonymized results while investigating further.
B.
Audit the data pipelines of all partners to identify the source of the leak.
C.
Disable the shared model and notify partners of the potential breach.
D.
Retrain the model immediately and implement privacy-preserving techniques.
In the case of a potential data exposure through AI model outputs, the first and most responsible action from an auditing and risk standpoint is to halt further risk propagation. According to the AAIA™ Study Guide, immediate containment is vital, especially when regulatory and reputational risks are high.
“Upon detection of a data breach risk, AI models should be immediately disabled from public or partner use, and all relevant parties should be notified as part of a responsible disclosure and containment strategy.”
While options A and D are longer-term remediation steps and B is investigative, none of them provide the urgent containment that is best practice in such a breach context.
[Reference: ISACA Advanced in AI Audit™ (AAIA™) Study Guide, Section: “Ethical and Legal Considerations in AI,” Subsection: “AI Data Breach and Disclosure Management”]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit