Maintain an approved AI tool inventory with owners, business purpose, data access, and renewal dates. Define a written AI acceptable-use policy for employees, contractors, and privileged technical users. Classify what data may never be entered into public AI tools, including PHI, student data, credentials, source code, contracts, and financial records. Require security and legal review before any AI assistant connects to email, files, ticketing, CRM, EHR, SIS, ERP, or finance systems. Assign an executive owner for AI risk, exceptions, vendor approval, and quarterly control review. Train staff on prompt injection, deepfakes, AI phishing, hallucinations, data handling, and verification expectations.
Domain 2
Identity and access 0 / 6 complete
Enforce MFA for every user, with phishing-resistant MFA for administrators and high-risk roles. Use least-privilege access for AI tools, plugins, agents, service accounts, and automation workflows. Separate administrator accounts from daily-use accounts and monitor privileged sign-ins. Review AI platform permissions, OAuth grants, browser extensions, and connected apps at least quarterly. Block unmanaged devices from sensitive AI workflows unless they meet endpoint, encryption, and patch standards. Use conditional access policies that respond to impossible travel, risky sign-ins, stale sessions, and unmanaged locations.
Apply DLP or equivalent controls to prevent sensitive data from being pasted, uploaded, synced, or logged in AI tools. Retain prompt, response, and tool-use logs where business risk requires investigation and audit evidence. Encrypt sensitive data at rest and in transit across AI platforms, integrations, vector stores, backups, and logs. Confirm vendor terms for model training, data retention, tenant isolation, breach notice, subcontractors, and data deletion. Protect retrieval-augmented generation content with source permissions so AI search cannot reveal files users could not otherwise access. Redact secrets and regulated data from support tickets, chat transcripts, code repositories, and AI-generated documentation.
Domain 4
AI system security 0 / 6 complete
Threat-model AI applications for prompt injection, sensitive data disclosure, supply-chain risk, data poisoning, excessive agency, and unsafe outputs. Validate, filter, and constrain AI output before it can update records, run commands, send messages, approve transactions, or change configurations. Keep humans in the loop for high-impact decisions, security actions, financial approvals, patient/student/client data changes, and external communications. Test AI tools with adversarial prompts and malicious documents before production use and after major changes. Pin, scan, and review AI dependencies, models, plugins, browser extensions, APIs, datasets, and third-party connectors. Set usage limits, cost controls, rate limits, and alerting so AI tools cannot create runaway spend, denial of service, or uncontrolled automation.
Domain 5
Resilience and response 0 / 6 complete
Update the incident response plan for AI events: data leakage, malicious prompts, deepfake fraud, poisoned content, unsafe automation, and vendor compromise. Monitor for AI-assisted phishing, business email compromise, voice/video impersonation, credential theft, and abnormal data movement. Back up critical systems with immutable or isolated recovery copies and test restores for ransomware scenarios. Patch internet-facing systems, identity platforms, browsers, endpoints, firewalls, and remote access tools on risk-based timelines. Run tabletop exercises for AI-enabled fraud, compromised AI integrations, ransomware, vendor breach, and accidental sensitive-data exposure. Report AI security posture to leadership with open risks, remediation owners, exceptions, vendor exposure, and progress against this checklist.
Your score
Start the assessment
Check each control your organization has implemented and can prove with policy, configuration, logs, or repeatable process.
0 of 30 controls checked.
Use unchecked items as your first AI security action list.
Discuss your score with our team.
Datapath can help validate gaps, prioritize remediation, and build a practical roadmap for your industry and systems.
Discuss your score