AI Governance
How we frame governance, risk, and policy for AI-assisted work. Last updated: March 2025.
In short
We treat AI governance as part of the deliverable: security, IP, compliance, and auditability built into how teams adopt AI tools. This page summarizes the risk frameworks we align with and points you to our Data Handling & Security and Privacy policies.
OWASP Top 10 for LLM Applications
The OWASP Top 10 for Large Language Model Applications (v1.1) lists the most critical security risks in LLM applications. We use it in talks and bootcamps so teams know their threat surface. Summary:
- LLM01 Prompt Injection — Crafted inputs can lead to unauthorized access or compromised decisions.
- LLM02 Insecure Output Handling — Unvalidated outputs can cause downstream exploits (e.g. code execution).
- LLM03 Training Data Poisoning — Tampered training data can impair model security and accuracy.
- LLM04 Model Denial of Service — Resource-heavy operations can disrupt service and increase cost.
- LLM05 Supply Chain Vulnerabilities — Compromised components or datasets undermine integrity.
- LLM06 Sensitive Information Disclosure — Failure to protect sensitive data in outputs.
- LLM07 Insecure Plugin Design — Plugins with untrusted inputs and weak access control.
- LLM08 Excessive Agency — Unchecked autonomy can harm reliability, privacy, and trust.
- LLM09 Overreliance — Not critically assessing outputs leads to bad decisions and liability.
- LLM10 Model Theft — Unauthorized access to proprietary models.
Policy and governance mapping as a deliverable
In engagements (talks, bootcamps, pilots), we can deliver a governance mapping: how your use of AI tools lines up with OWASP LLM Top 10 and frameworks like the NIST AI RMF GenAI profile. That gives you a clear view of your threat surface and control points before leadership or auditors ask. It is one of the tangible deliverables we offer—see the Programs section on the homepage.
Security and data handling
For how we handle your data, code, and confidential information, see our Data Handling & Security page. For website privacy, see our Privacy Policy. For terms of use, see our Terms.
Contact
Questions about AI governance, risk mapping, or compliance: use the contact form or email on this site. We can discuss scope for your organization.