Security Policies
Automated policy enforcement across AI systems
Total Policies
10
Active
10
Default
10
Custom
0
Unregistered AI Models in Production
AI models deployed to production without proper registration in asset inventory system
Applies to: All AI Models
OWASP:
MITRE:
Remediation
Implement automated discovery agents; enforce deployment gates requiring asset registration
Shadow AI Deployments
Departments using unapproved AI tools or services without security review
Applies to: All AI Services
OWASP:
MITRE:
Remediation
Deploy CASB with AI service detection; establish AI usage policies
Direct Prompt Injection Vulnerability
System vulnerable to direct manipulation through user inputs that override instructions
Applies to: All LLM Applications
OWASP:
MITRE:
Remediation
Implement input validation; use structured prompts; apply output filtering; deploy prompt firewall
Indirect Prompt Injection via RAG
RAG system vulnerable to injection through poisoned documents or websites
Applies to: RAG Systems
OWASP:
MITRE:
Remediation
Sanitize ingested content; implement document validation; use retrieval filtering
System Prompt Leakage
System prompts or instructions exposed through crafted queries
Applies to: All LLM Applications
OWASP:
MITRE:
Remediation
Implement output filtering for system prompt content; use prompt decomposition
Hardcoded Credentials in Prompts
API keys, database passwords, or other secrets embedded in system prompts
Applies to: All LLM Applications
OWASP:
MITRE:
Remediation
Implement secrets management; use environment variables; apply secret scanning
Missing Model Cards
AI models deployed without required documentation or model cards
Applies to: All AI Models
OWASP:
Remediation
Require model cards in deployment pipeline; provide templates; automate documentation generation
Missing Fairness & Bias Assessment
No evaluation of model fairness or bias across protected characteristics
Applies to: Decision-Making Models
OWASP:
Remediation
Implement bias testing frameworks; use fairness metrics; regular audits
GDPR Data Residency Violations
Personal data processed in non-compliant geographic locations
Applies to: All AI Systems
OWASP:
Remediation
Implement data residency controls; use EU regions; validate third-party locations
EU AI Act High-Risk Violations
High-risk AI systems not meeting EU AI Act requirements
Applies to: High-Risk AI Systems
Remediation
Conduct AI Act impact assessment; implement required controls; maintain technical documentation
Policies are enforced in real-time by the Sentinel agent
Focus sentinelFocus sentinel
Create Security Policy
Focus sentinel
Focus sentinel