FREE ENTERPRISE PLAYBOOK

AI Security
Playbook

Deterministic Controls for AI Attack Surface Management

Comprehensive framework aligned with NIST AI RMF, ISO 42001, OWASP Top 10 for LLMs, and MITRE ATLAS

2 Tiers

Executive + Tactical

10 Threats

Attack Categories

4 Frameworks

Compliance Mapping

150+ Tests

Adversarial Suite

What's Inside the Playbook

Tier 1: Executive Brief

Strategic overview for Board and C-Suite leadership

AI Security Imperative: Why AI differs from traditional security (speed gap, emergent behavior, instruction boundary ambiguity)
Threat Taxonomy: 10 critical attack categories from prompt injection to third-party vendor risks
Risk Tier Framework: T0-T3 classification with proportionate controls
KPIs & Escalation: Leading/lagging indicators and board-level questions

Tier 2: Tactical Guide

Operational procedures for SecOps, TPMs, and DevSecOps teams

Policy Templates: Tooling Scope Contract, Instruction Boundary Policy, Release Gate Decision Tree
Data Security: Domain allowlists, corpus signing, poison screening procedures
Model Controls: Input normalization, structured intent schema, adversarial testing (150+ prompts)
Technical Brief: Code samples, SIEM rules, TPM delivery checklist (L1-L6)

10 Critical Threat Categories

Prompt Injection & Indirect Injection

Malicious inputs overriding system instructions

Jailbreaks & Safety Bypass

Circumventing safety guardrails

Encoding & Unicode Obfuscation

Homographs, Base64, emoji smuggling

RAG Poisoning & Corpus Contamination

Injecting malicious content into retrieval data

Tool & Function-Call Abuse

Exploiting API access capabilities

Over-Scoped API Keys & RBAC Gaps

Excessive permissions enabling lateral movement

Multi-Agent Chain Abuse

Exploiting agent-to-agent interactions

System-Prompt & Memory Leakage

Extracting internal instructions

Output Over-Trust

Treating outputs as verified truth

Third-Party AI Vendor Risks

Opacity in external AI services

Framework Alignment & Compliance Mapping

EU AI Act

• Risk Management (Art. 9)
• Data Governance (Art. 10)
• Record-Keeping (Art. 12)
• Human Oversight (Art. 14)

NIST AI RMF 1.0

• GOVERN-1.1 (Risk)
• MAP-1.5 (Third-Party)
• MEASURE-2.3 (Testing)
• MANAGE-1.1 (Oversight)

ISO 42001:2023

• 6.1 Risk Assessment
• 7.4 Documentation
• 8.5 Testing & Validation
• 8.7 Human Oversight

Colorado AI Act

• Affirmative Defense
• Impact Assessments
• Consumer Notices
• Reasonable Care Duty

Colorado AI Act Affirmative Defense

This playbook aligns with NIST AI RMF and ISO 42001, providing evidentiary foundation for affirmative defense under Colorado SB 24-205. Organizations implementing these controls demonstrate good-faith compliance efforts, strengthening legal defense position.

Download Your Free Playbook

Get instant access to both Executive Brief and Tactical Guide. PDF will be sent to your email.

Need Help Implementing These Controls?

HAIEC provides deterministic compliance engines and behavioral monitoring for AI systems

AI SecurityPlaybook