New Framework Helps Classify and Secure AI Apps
-
The Generative AI Security Scoping Matrix classifies apps into 5 scopes based on what components you control vs the provider. Security controls depend on the scope.
-
For consumer apps (Scope 1), enforce policies on corporate network egress to block unauthorized usage.
-
For enterprise apps (Scope 2), review provider agreements regarding data usage and IP rights.
-
For apps using pre-trained models (Scope 3), secure access to inference endpoints and implement input/output filtering.
-
For apps with fine-tuned models (Scope 4), carefully select fine-tuning data and control access to model artifacts.