Free Enterprise Playbook
AI Security Playbook
Deterministic Controls for AI Attack Surface Management
Comprehensive framework aligned with NIST AI RMF, ISO 42001, OWASP Top 10 for LLMs, and MITRE ATLAS
2 Tiers
Executive + Tactical
10 Threats
Attack Categories
4 Frameworks
Compliance Mapping
150+ Tests
Adversarial Suite
What's Inside the Playbook
Tier 1: Executive Brief
Strategic overview for Board and C-Suite leadership
- AI Security Imperative: Why AI differs from traditional security (speed gap, emergent behavior, instruction boundary ambiguity)
- Threat Taxonomy: 10 critical attack categories from prompt injection to third-party vendor risks
- Risk Tier Framework: T0-T3 classification with proportionate controls
- KPIs & Escalation: Leading/lagging indicators and board-level questions
Tier 2: Tactical Guide
Operational procedures for SecOps, TPMs, and DevSecOps teams
- Policy Templates: Tooling Scope Contract, Instruction Boundary Policy, Release Gate Decision Tree
- Data Security: Domain allowlists, corpus signing, poison screening procedures
- Model Controls: Input normalization, structured intent schema, adversarial testing (150+ prompts)
- Technical Brief: Code samples, SIEM rules, TPM delivery checklist (L1-L6)
10 Critical Threat Categories
Prompt Injection & Indirect Injection
Malicious inputs overriding system instructions
Jailbreaks & Safety Bypass
Circumventing safety guardrails
Encoding & Unicode Obfuscation
Homographs, Base64, emoji smuggling
RAG Poisoning & Corpus Contamination
Injecting malicious content into retrieval data
Tool & Function-Call Abuse
Exploiting API access capabilities
Over-Scoped API Keys & RBAC Gaps
Excessive permissions enabling lateral movement
Multi-Agent Chain Abuse
Exploiting agent-to-agent interactions
System-Prompt & Memory Leakage
Extracting internal instructions
Output Over-Trust
Treating outputs as verified truth
Third-Party AI Vendor Risks
Opacity in external AI services
Framework Alignment & Compliance Mapping
EU AI Act
- • Risk Management (Art. 9)
- • Data Governance (Art. 10)
- • Record-Keeping (Art. 12)
- • Human Oversight (Art. 14)
NIST AI RMF 1.0
- • GOVERN-1.1 (Risk)
- • MAP-1.5 (Third-Party)
- • MEASURE-2.3 (Testing)
- • MANAGE-1.1 (Oversight)
ISO 42001:2023
- • 6.1 Risk Assessment
- • 7.4 Documentation
- • 8.5 Testing & Validation
- • 8.7 Human Oversight
Colorado AI Act
- • Affirmative Defense
- • Impact Assessments
- • Consumer Notices
- • Reasonable Care Duty
Colorado AI Act Affirmative Defense
This playbook aligns with NIST AI RMF and ISO 42001, providing evidentiary foundation for affirmative defense under Colorado SB 24-205. Organizations implementing these controls demonstrate good-faith compliance efforts, strengthening legal defense position.
Download Your Free Playbook
Get instant access to both Executive Brief and Tactical Guide. PDF will be sent to your email.
Need Help Implementing These Controls?
HAIEC provides deterministic compliance engines and behavioral monitoring for AI systems