The decision is human
AI can now draft the security review. Someone still has to sign it. That asymmetry is where governance lives.
ReadThreat models, governance evidence, and the decisions that hold up under scrutiny. Written for security architects and the committees they report to.
Threat modeling, governance evidence, and what AI Committees actually need — written for security architects and AI governance leads. No cadence promises.
ISO 42001 certification audits surface the same gaps repeatedly: incomplete risk registers, missing re-assessment triggers, and evidence that describes intent rather than practice. Here is what auditors look for and how to close the gaps before they find them.
Procurement teams are approving agentic AI systems without the security vocabulary to ask the right questions. This checklist covers the eight areas a security review must address before an agentic system reaches production.
Prompt injection and hallucination are symptoms. The root cause is missing output validation at the right lifecycle gates. This piece maps the validation controls that close the gap, with examples from assessed systems.
Most AI risk registers are either generic IT risk registers with 'AI' added, or threat lists with no ownership or treatment. This piece defines the five fields every AI risk entry needs and the common entries that do not belong.
RAG pipelines introduce three distinct attack surfaces that standard LLM threat models miss: the retrieval boundary, the context window, and the generation gate. Here is the full threat model with controls for each.
Data Protection Authorities are starting to ask about AI systems in DPA reviews. This piece maps what DPOs need to document, what regulators are looking for, and the gaps that appear most often in organisations that have not prepared.
CVE scores tell you a vulnerability exists. Attack path analysis tells you whether it is reachable, exploitable, and connected to a blast radius that matters. Here is how to apply it to AI system assessments.
AI incidents have three properties that standard IT incident response playbooks do not handle: non-deterministic reproduction, model-level root cause, and evidence that degrades over time. Here is what the playbook needs.
The EU AI Act's Annex III lists 8 categories of high-risk AI. Most AI teams don't know whether their system is in scope. Here's how to determine your risk tier — and what it means for what you need to build.
Most organisations conflate security clearance with business approval for AI systems. The distinction matters: clearance is a security gate, approval is a business decision. Conflating them produces systems that are approved but not cleared — or cleared but not governed.
Most AI risk dispositions are written for internal approval, not external scrutiny. When a regulator or auditor asks for the record, they look for different things — here is what must be in the disposition to hold up.
Fine-tuned models inherit the base model's risk profile and add their own. Training data provenance, alignment drift, and capability overhang are the three areas a security review must address that base model assessments typically skip.
Free resources
Practical templates for every framework covered here.
AI Security Review Template
Full review pack with threat model, controls, and evidence grading.
OWASP Agentic Top 10 Controls
Each risk mapped to required controls and lifecycle gates.
AI Risk Disposition Memo
Clearance decision template with rationale and sign-off log.
AI Go-Live Security Checklist
Production gate checklist for security architects and CISOs.