genai-security-crosswalk 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. package/LICENSE.md +28 -0
  2. package/README.md +618 -0
  3. package/data/entries/ASI01.json +911 -0
  4. package/data/entries/ASI02.json +850 -0
  5. package/data/entries/ASI03.json +854 -0
  6. package/data/entries/ASI04.json +759 -0
  7. package/data/entries/ASI05.json +764 -0
  8. package/data/entries/ASI06.json +817 -0
  9. package/data/entries/ASI07.json +789 -0
  10. package/data/entries/ASI08.json +788 -0
  11. package/data/entries/ASI09.json +754 -0
  12. package/data/entries/ASI10.json +833 -0
  13. package/data/entries/DSGAI01.json +779 -0
  14. package/data/entries/DSGAI02.json +728 -0
  15. package/data/entries/DSGAI03.json +671 -0
  16. package/data/entries/DSGAI04.json +752 -0
  17. package/data/entries/DSGAI05.json +689 -0
  18. package/data/entries/DSGAI06.json +673 -0
  19. package/data/entries/DSGAI07.json +680 -0
  20. package/data/entries/DSGAI08.json +698 -0
  21. package/data/entries/DSGAI09.json +687 -0
  22. package/data/entries/DSGAI10.json +627 -0
  23. package/data/entries/DSGAI11.json +663 -0
  24. package/data/entries/DSGAI12.json +695 -0
  25. package/data/entries/DSGAI13.json +688 -0
  26. package/data/entries/DSGAI14.json +703 -0
  27. package/data/entries/DSGAI15.json +655 -0
  28. package/data/entries/DSGAI16.json +716 -0
  29. package/data/entries/DSGAI17.json +690 -0
  30. package/data/entries/DSGAI18.json +613 -0
  31. package/data/entries/DSGAI19.json +638 -0
  32. package/data/entries/DSGAI20.json +671 -0
  33. package/data/entries/DSGAI21.json +881 -0
  34. package/data/entries/LLM01.json +975 -0
  35. package/data/entries/LLM02.json +868 -0
  36. package/data/entries/LLM03.json +817 -0
  37. package/data/entries/LLM04.json +797 -0
  38. package/data/entries/LLM05.json +761 -0
  39. package/data/entries/LLM06.json +848 -0
  40. package/data/entries/LLM07.json +749 -0
  41. package/data/entries/LLM08.json +750 -0
  42. package/data/entries/LLM09.json +760 -0
  43. package/data/entries/LLM10.json +763 -0
  44. package/data/incidents-schema.json +121 -0
  45. package/data/incidents.json +1484 -0
  46. package/data/schema.json +134 -0
  47. package/dist/index.d.ts +97 -0
  48. package/dist/index.d.ts.map +1 -0
  49. package/dist/index.js +124 -0
  50. package/dist/index.js.map +1 -0
  51. package/dist/index.test.d.ts +2 -0
  52. package/dist/index.test.d.ts.map +1 -0
  53. package/dist/index.test.js +97 -0
  54. package/dist/index.test.js.map +1 -0
  55. package/package.json +62 -0
package/data/entries/DSGAI16.json ADDED
@@ -0,0 +1,716 @@
1
+ {
2
+ "id": "DSGAI16",
3
+ "name": "Endpoint and Browser Overreach",
4
+ "source_list": "DSGAI-2026",
5
+ "version": "2026-Q1",
6
+ "severity": "High",
7
+ "aivss_score": null,
8
+ "audience": [
9
+ "red-teamer",
10
+ "security-engineer",
11
+ "ciso",
12
+ "compliance",
13
+ "ml-engineer",
14
+ "ot-engineer",
15
+ "auditor",
16
+ "developer",
17
+ "data-engineer"
18
+ ],
19
+ "mappings": [
20
+ {
21
+ "framework": "MITRE ATLAS",
22
+ "control_id": "AML.T0013",
23
+ "control_name": "Discover ML Model Ontology",
24
+ "tier": "Foundational",
25
+ "scope": "Both",
26
+ "notes": "Adversary learns what data the browser assistant can access across open applications"
27
+ },
28
+ {
29
+ "framework": "MITRE ATLAS",
30
+ "control_id": "AML.T0057",
31
+ "control_name": "Data from Information Repositories",
32
+ "tier": "Foundational",
33
+ "scope": "Both",
34
+ "notes": "Browser assistant accesses sensitive data across tabs and applications — adversary controls assistant to exfiltrate"
35
+ },
36
+ {
37
+ "framework": "MITRE ATLAS",
38
+ "control_id": "AML.T0035",
39
+ "control_name": "Exfiltrate via ML Inference API",
40
+ "tier": "Foundational",
41
+ "scope": "Both",
42
+ "notes": "Compromised browser assistant used as exfiltration channel — sensitive data from accessible applications transmitted"
43
+ },
44
+ {
45
+ "framework": "NIST AI RMF 1.0",
46
+ "control_id": "GV-1.7",
47
+ "control_name": "Policies for trustworthy AI",
48
+ "tier": "Foundational",
49
+ "scope": "Both",
50
+ "notes": "Endpoint AI agent governance policy — approved extensions, permission scoping, mandatory updates"
51
+ },
52
+ {
53
+ "framework": "NIST AI RMF 1.0",
54
+ "control_id": "MP-3.5",
55
+ "control_name": "AI system impact",
56
+ "tier": "Foundational",
57
+ "scope": "Both",
58
+ "notes": "Impact assessment of endpoint AI agents — data access scope, exfiltration paths, user risk"
59
+ },
60
+ {
61
+ "framework": "NIST AI RMF 1.0",
62
+ "control_id": "MS-2.5",
63
+ "control_name": "Testing — adversarial",
64
+ "tier": "Foundational",
65
+ "scope": "Both",
66
+ "notes": "Adversarial testing of approved browser extensions — prompt injection via web content scenarios"
67
+ },
68
+ {
69
+ "framework": "NIST AI RMF 1.0",
70
+ "control_id": "MG-2.2",
71
+ "control_name": "Risk response",
72
+ "tier": "Foundational",
73
+ "scope": "Both",
74
+ "notes": "Incident response for endpoint AI agent compromise — extension disable, data impact assessment"
75
+ },
76
+ {
77
+ "framework": "EU AI Act",
78
+ "control_id": "Endpoint AI agent risks identified and mitigated",
79
+ "control_name": "Art. 9 — Risk management",
80
+ "tier": "Foundational",
81
+ "scope": "Both",
82
+ "notes": "Browser and endpoint agent deployments assessed in Art. 9 risk management"
83
+ },
84
+ {
85
+ "framework": "EU AI Act",
86
+ "control_id": "High-risk AI designed to allow human oversight — users must be able to stop and override",
87
+ "control_name": "Art. 14 — Human oversight",
88
+ "tier": "Foundational",
89
+ "scope": "Both",
90
+ "notes": "Users must be able to pause and override endpoint AI agents — Art. 14 human oversight requirement"
91
+ },
92
+ {
93
+ "framework": "EU AI Act",
94
+ "control_id": "Deployers ensure human oversight as instructed by provider",
95
+ "control_name": "Art. 29 — Deployer obligations",
96
+ "tier": "Foundational",
97
+ "scope": "Both",
98
+ "notes": "Deployers responsible for ensuring endpoint AI agents operate within Art. 14 human oversight scope"
99
+ },
100
+ {
101
+ "framework": "ISO/IEC 27001:2022",
102
+ "control_id": "A.8.1",
103
+ "control_name": "Endpoint device management",
104
+ "tier": "Foundational",
105
+ "scope": "Both",
106
+ "notes": "Endpoint AI agents managed under device management policy — approved versions, permissions scoped"
107
+ },
108
+ {
109
+ "framework": "ISO/IEC 27001:2022",
110
+ "control_id": "A.8.7",
111
+ "control_name": "Protection against malware",
112
+ "tier": "Foundational",
113
+ "scope": "Both",
114
+ "notes": "Endpoint AI agents subject to malware protection — extension integrity verification"
115
+ },
116
+ {
117
+ "framework": "ISO/IEC 27001:2022",
118
+ "control_id": "A.5.10",
119
+ "control_name": "Acceptable use of assets",
120
+ "tier": "Foundational",
121
+ "scope": "Both",
122
+ "notes": "Policy governing permitted browser AI extensions and endpoint agent permissions"
123
+ },
124
+ {
125
+ "framework": "ISO/IEC 27001:2022",
126
+ "control_id": "A.8.12",
127
+ "control_name": "Data leakage prevention",
128
+ "tier": "Foundational",
129
+ "scope": "Both",
130
+ "notes": "DLP controls on endpoint AI agent data access and exfiltration paths"
131
+ },
132
+ {
133
+ "framework": "ISO/IEC 42001:2023",
134
+ "control_id": "Use of AI systems",
135
+ "control_name": "A.9.1",
136
+ "tier": "Foundational",
137
+ "scope": "Both",
138
+ "notes": "Foundational"
139
+ },
140
+ {
141
+ "framework": "ISO/IEC 42001:2023",
142
+ "control_id": "Lifecycle — design",
143
+ "control_name": "A.6.1.2",
144
+ "tier": "Foundational",
145
+ "scope": "Both",
146
+ "notes": "Foundational"
147
+ },
148
+ {
149
+ "framework": "ISO/IEC 42001:2023",
150
+ "control_id": "Policies",
151
+ "control_name": "A.2.2",
152
+ "tier": "Foundational",
153
+ "scope": "Both",
154
+ "notes": "Foundational"
155
+ },
156
+ {
157
+ "framework": "ISO/IEC 42001:2023",
158
+ "control_id": "Context",
159
+ "control_name": "Cl.4",
160
+ "tier": "Foundational",
161
+ "scope": "Both",
162
+ "notes": "Foundational"
163
+ },
164
+ {
165
+ "framework": "CIS Controls v8.1",
166
+ "control_id": "CIS 2",
167
+ "control_name": "2.6 — Allowlist authorised software",
168
+ "tier": "Foundational",
169
+ "scope": "Both"
170
+ },
171
+ {
172
+ "framework": "CIS Controls v8.1",
173
+ "control_id": "CIS 4",
174
+ "control_name": "4.1 — Secure configuration baseline",
175
+ "tier": "Foundational",
176
+ "scope": "Both"
177
+ },
178
+ {
179
+ "framework": "CIS Controls v8.1",
180
+ "control_id": "CIS 10",
181
+ "control_name": "10.1 — Deploy anti-malware",
182
+ "tier": "Foundational",
183
+ "scope": "Both"
184
+ },
185
+ {
186
+ "framework": "OWASP ASVS 4.0.3",
187
+ "control_id": "V4 Access Control",
188
+ "control_name": "V4.1.2 — Least privilege",
189
+ "tier": "Foundational",
190
+ "scope": "Both"
191
+ },
192
+ {
193
+ "framework": "OWASP ASVS 4.0.3",
194
+ "control_id": "V11 Business Logic",
195
+ "control_name": "V11.1.5 — Business logic prevents excess data access",
196
+ "tier": "Foundational",
197
+ "scope": "Both"
198
+ },
199
+ {
200
+ "framework": "OWASP ASVS 4.0.3",
201
+ "control_id": "V1 Architecture",
202
+ "control_name": "V1.1.2 — Secure architecture and design",
203
+ "tier": "Foundational",
204
+ "scope": "Both"
205
+ },
206
+ {
207
+ "framework": "ISA/IEC 62443",
208
+ "control_id": "SR 3.2",
209
+ "control_name": "Software and information integrity",
210
+ "tier": "Foundational",
211
+ "scope": "Both",
212
+ "notes": "Browser AI extensions assessed as third-party software — 62443-2-4 requirements before Zone 3 deployment"
213
+ },
214
+ {
215
+ "framework": "ISA/IEC 62443",
216
+ "control_id": "SR 1.2",
217
+ "control_name": "Human user authentication",
218
+ "tier": "Foundational",
219
+ "scope": "Both",
220
+ "notes": "Approved extensions only on Zone 3 workstations — unapproved AI extensions blocked at device management"
221
+ },
222
+ {
223
+ "framework": "ISA/IEC 62443",
224
+ "control_id": "SR 6.6",
225
+ "control_name": "Timely response to events",
226
+ "tier": "Foundational",
227
+ "scope": "Both",
228
+ "notes": "Browser AI anomalies on Zone 3 workstations treated as security events"
229
+ },
230
+ {
231
+ "framework": "NIST SP 800-82 Rev 3",
232
+ "control_id": "Supply chain risks",
233
+ "control_name": "§5.5",
234
+ "tier": "Foundational",
235
+ "scope": "Both",
236
+ "notes": "Third-party data in OT context"
237
+ },
238
+ {
239
+ "framework": "NIST SP 800-82 Rev 3",
240
+ "control_id": "Supply chain risk management",
241
+ "control_name": "§6.3",
242
+ "tier": "Foundational",
243
+ "scope": "Both",
244
+ "notes": "Data source assessment for OT GenAI"
245
+ },
246
+ {
247
+ "framework": "NIST SP 800-82 Rev 3",
248
+ "control_id": "Third-party management",
249
+ "control_name": "§8.4",
250
+ "tier": "Foundational",
251
+ "scope": "Both",
252
+ "notes": "Vendor programme for OT data suppliers"
253
+ },
254
+ {
255
+ "framework": "NIST CSF 2.0",
256
+ "control_id": "GV.SC-01",
257
+ "control_name": "Supply Chain Risk Management",
258
+ "tier": "Foundational",
259
+ "scope": "Both",
260
+ "notes": "Browser AI extension providers with sensitive data access treated as third-party suppliers"
261
+ },
262
+ {
263
+ "framework": "NIST CSF 2.0",
264
+ "control_id": "PR.PS-02",
265
+ "control_name": "Platform Security",
266
+ "tier": "Foundational",
267
+ "scope": "Both",
268
+ "notes": "Software managed to reduce risk — browser AI extensions version-controlled, patched, approved before deployment"
269
+ },
270
+ {
271
+ "framework": "NIST CSF 2.0",
272
+ "control_id": "DE.CM-01",
273
+ "control_name": "Continuous Monitoring",
274
+ "tier": "Foundational",
275
+ "scope": "Both",
276
+ "notes": "AI assistant access to sensitive data on endpoints monitored"
277
+ },
278
+ {
279
+ "framework": "NIST CSF 2.0",
280
+ "control_id": "ID.AM-08",
281
+ "control_name": "Asset Management",
282
+ "tier": "Foundational",
283
+ "scope": "Both",
284
+ "notes": "Approved browser AI extensions inventoried — data access scope, security assessment status"
285
+ },
286
+ {
287
+ "framework": "SOC 2",
288
+ "control_id": "Approved AI assistants with scoped permissions — permission minimisation documented and enforced",
289
+ "control_name": "CC6.1 — Logical access",
290
+ "tier": "Foundational",
291
+ "scope": "Both"
292
+ },
293
+ {
294
+ "framework": "SOC 2",
295
+ "control_id": "Browser AI extension providers assessed in vendor risk programme — data handling, telemetry, update security",
296
+ "control_name": "CC9.1 — Vendor risk",
297
+ "tier": "Foundational",
298
+ "scope": "Both"
299
+ },
300
+ {
301
+ "framework": "SOC 2",
302
+ "control_id": "Endpoint AI acceptable use procedures — approved extension list, prohibited data access, employee acknowledgement",
303
+ "control_name": "CC5.2 — Control activities",
304
+ "tier": "Foundational",
305
+ "scope": "Both"
306
+ },
307
+ {
308
+ "framework": "SOC 2",
309
+ "control_id": "Endpoint AI overreach risks identified — data access scope, exfiltration paths assessed",
310
+ "control_name": "CC3.2 — Risk assessment",
311
+ "tier": "Foundational",
312
+ "scope": "Both"
313
+ },
314
+ {
315
+ "framework": "PCI DSS v4.0",
316
+ "control_id": "Req 12.8.1",
317
+ "control_name": "TPSP programme",
318
+ "tier": "Foundational",
319
+ "scope": "Both",
320
+ "notes": "Browser AI extension providers with CDE access are TPSPs — add to TPSP list, initiate compliance process"
321
+ },
322
+ {
323
+ "framework": "PCI DSS v4.0",
324
+ "control_id": "Req 6.3.3",
325
+ "control_name": "Vulnerability management",
326
+ "tier": "Foundational",
327
+ "scope": "Both",
328
+ "notes": "Browser AI extensions patched and version-controlled — vulnerable extensions are Req 6.3 findings in CDE"
329
+ },
330
+ {
331
+ "framework": "PCI DSS v4.0",
332
+ "control_id": "Req 10.2.1",
333
+ "control_name": "Logging",
334
+ "tier": "Foundational",
335
+ "scope": "Both",
336
+ "notes": "AI assistant access to CDE data on endpoint logged — Req 10 audit trail requirement"
337
+ },
338
+ {
339
+ "framework": "PCI DSS v4.0",
340
+ "control_id": "Req 12.3.2",
341
+ "control_name": "Targeted risk analysis",
342
+ "tier": "Foundational",
343
+ "scope": "Both",
344
+ "notes": "Targeted risk analysis for endpoint AI assistant scope in CDE — data accessible, exfiltration paths"
345
+ },
346
+ {
347
+ "framework": "ENISA Multilayer Framework",
348
+ "control_id": "L2",
349
+ "control_name": "AI System Integrity (ASI)",
350
+ "tier": "Foundational",
351
+ "scope": "Both",
352
+ "notes": "Endpoint AI assistants operate under explicit, minimal permissions — scope defined and enforced by the underlying platform"
353
+ },
354
+ {
355
+ "framework": "ENISA Multilayer Framework",
356
+ "control_id": "L2",
357
+ "control_name": "Governance and Risk (GOV)",
358
+ "tier": "Foundational",
359
+ "scope": "Both",
360
+ "notes": "Privacy policy explicitly covers endpoint AI assistant data collection — user consent, scope disclosure, and opt-out mechanism required"
361
+ },
362
+ {
363
+ "framework": "ENISA Multilayer Framework",
364
+ "control_id": "MON",
365
+ "control_name": "Monitoring and Detection",
366
+ "tier": "Foundational",
367
+ "scope": "Both",
368
+ "notes": "Endpoint AI assistant activity logged — data access, network calls, and file operations monitored"
369
+ },
370
+ {
371
+ "framework": "ENISA Multilayer Framework",
372
+ "control_id": "L1",
373
+ "control_name": "General ICT — Access Control",
374
+ "tier": "Foundational",
375
+ "scope": "Both",
376
+ "notes": "Endpoint AI assistants installed with least-privilege permissions — no broad file system or browser data access without per-action authorisation"
377
+ },
378
+ {
379
+ "framework": "OWASP SAMM v2.0",
380
+ "control_id": "G-PC",
381
+ "control_name": "Governance / Policy & Compliance",
382
+ "tier": "Foundational",
383
+ "scope": "Both",
384
+ "notes": "Approved vendor list for all external data sources"
385
+ },
386
+ {
387
+ "framework": "OWASP SAMM v2.0",
388
+ "control_id": "I-SB",
389
+ "control_name": "Implementation / Secure Build",
390
+ "tier": "Foundational",
391
+ "scope": "Both",
392
+ "notes": "Inventory of all external data sources with security contact and last-verified date"
393
+ },
394
+ {
395
+ "framework": "OWASP SAMM v2.0",
396
+ "control_id": "V-AA",
397
+ "control_name": "Verification / Architecture Assessment",
398
+ "tier": "Foundational",
399
+ "scope": "Both",
400
+ "notes": "Architecture review validates all external data dependencies against policy"
401
+ },
402
+ {
403
+ "framework": "OWASP SAMM v2.0",
404
+ "control_id": "O-OM",
405
+ "control_name": "Operations / Operational Management",
406
+ "tier": "Foundational",
407
+ "scope": "Both",
408
+ "notes": "Track security advisories and availability for all integrated data sources"
409
+ },
410
+ {
411
+ "framework": "CWE/CVE",
412
+ "control_id": "CWE-668",
413
+ "control_name": "CWE-668",
414
+ "tier": "Foundational",
415
+ "scope": "Both",
416
+ "url": "https://cwe.mitre.org/data/definitions/668.html"
417
+ },
418
+ {
419
+ "framework": "CWE/CVE",
420
+ "control_id": "CWE-272",
421
+ "control_name": "CWE-272",
422
+ "tier": "Foundational",
423
+ "scope": "Both",
424
+ "url": "https://cwe.mitre.org/data/definitions/272.html"
425
+ },
426
+ {
427
+ "framework": "CWE/CVE",
428
+ "control_id": "CWE-284",
429
+ "control_name": "CWE-284",
430
+ "tier": "Foundational",
431
+ "scope": "Both",
432
+ "url": "https://cwe.mitre.org/data/definitions/284.html"
433
+ },
434
+ {
435
+ "framework": "MAESTRO",
436
+ "control_id": "L4",
437
+ "control_name": "Deployment & Infrastructure",
438
+ "tier": "Foundational",
439
+ "scope": "Both"
440
+ },
441
+ {
442
+ "framework": "MAESTRO",
443
+ "control_id": "L2",
444
+ "control_name": "Data Operations",
445
+ "tier": "Foundational",
446
+ "scope": "Both"
447
+ },
448
+ {
449
+ "framework": "MAESTRO",
450
+ "control_id": "L6",
451
+ "control_name": "Security & Compliance",
452
+ "tier": "Foundational",
453
+ "scope": "Both"
454
+ },
455
+ {
456
+ "framework": "AIUC-1",
457
+ "control_id": "B001",
458
+ "control_name": "Third-party adversarial robustness testing",
459
+ "tier": "Foundational",
460
+ "scope": "Both",
461
+ "notes": "Foundational"
462
+ },
463
+ {
464
+ "framework": "AIUC-1",
465
+ "control_id": "B003",
466
+ "control_name": "Third-party security assessment",
467
+ "tier": "Foundational",
468
+ "scope": "Both",
469
+ "notes": "Hardening"
470
+ },
471
+ {
472
+ "framework": "AIUC-1",
473
+ "control_id": "B008",
474
+ "control_name": "Third-party NHI controls",
475
+ "tier": "Foundational",
476
+ "scope": "Both",
477
+ "notes": "Hardening"
478
+ },
479
+ {
480
+ "framework": "OWASP NHI Top 10",
481
+ "control_id": "Third-party data source API keys with excessive scope",
482
+ "control_name": "NHI-3 Vulnerable Third-Party NHI",
483
+ "tier": "Foundational",
484
+ "scope": "Both",
485
+ "notes": "Review all third-party credentials; reduce to minimum"
486
+ },
487
+ {
488
+ "framework": "OWASP NHI Top 10",
489
+ "control_id": "Third-party development credentials used in production",
490
+ "control_name": "NHI-8 Environment Isolation Failure",
491
+ "tier": "Foundational",
492
+ "scope": "Both",
493
+ "notes": "Enforce environment isolation for third-party credentials"
494
+ },
495
+ {
496
+ "framework": "OWASP NHI Top 10",
497
+ "control_id": "Third-party credentials embedded in shared config",
498
+ "control_name": "NHI-2 Secret Leakage",
499
+ "tier": "Foundational",
500
+ "scope": "Both",
501
+ "notes": "Vault all third-party data source credentials"
502
+ },
503
+ {
504
+ "framework": "NIST SP 800-218A",
505
+ "control_id": "PW.1.1-PS",
506
+ "control_name": "Define security requirements — privacy preservation requirements",
507
+ "tier": "Foundational",
508
+ "scope": "Both",
509
+ "notes": "Define security requirements that mandate privacy impact assessments, privacy-preserving techniques, and limits on inference of sensitive attributes for all AI systems"
510
+ },
511
+ {
512
+ "framework": "NIST SP 800-218A",
513
+ "control_id": "PW.2.1-PS",
514
+ "control_name": "Design software — privacy-preserving AI architecture",
515
+ "tier": "Foundational",
516
+ "scope": "Both",
517
+ "notes": "Design AI systems with privacy preservation as a core architectural principle; embed differential privacy, federated learning, or secure computation where appropriate"
518
+ },
519
+ {
520
+ "framework": "NIST SP 800-218A",
521
+ "control_id": "PS.1.1-PS",
522
+ "control_name": "Protect all code from unauthorised access — privacy boundary enforcement",
523
+ "tier": "Foundational",
524
+ "scope": "Both",
525
+ "notes": "Implement access controls that prevent cross-context data combination enabling re-identification or sensitive attribute inference"
526
+ },
527
+ {
528
+ "framework": "FedRAMP",
529
+ "control_id": "SC-28",
530
+ "control_name": "Protection of Information at Rest — privacy-preserving storage",
531
+ "tier": "Foundational",
532
+ "scope": "Both",
533
+ "notes": "Encrypt AI data at rest; implement privacy-preserving storage techniques to prevent inference and re-identification"
534
+ },
535
+ {
536
+ "framework": "FedRAMP",
537
+ "control_id": "AC-3",
538
+ "control_name": "Access Enforcement — privacy-aligned access",
539
+ "tier": "Foundational",
540
+ "scope": "Both",
541
+ "notes": "Enforce access controls that account for inference and aggregation risk; restrict access based on combined sensitivity"
542
+ },
543
+ {
544
+ "framework": "FedRAMP",
545
+ "control_id": "PM-9",
546
+ "control_name": "Risk Management Strategy — privacy risk assessment",
547
+ "tier": "Foundational",
548
+ "scope": "Both",
549
+ "notes": "Include AI privacy erosion in risk management; assess inference, aggregation, and memorisation risks for AI systems"
550
+ },
551
+ {
552
+ "framework": "FedRAMP",
553
+ "control_id": "SI-4",
554
+ "control_name": "System Monitoring — privacy erosion detection",
555
+ "tier": "Foundational",
556
+ "scope": "Both",
557
+ "notes": "Monitor for privacy erosion indicators; detect inference capabilities, re-identification risk, and memorisation patterns"
558
+ },
559
+ {
560
+ "framework": "DORA",
561
+ "control_id": "Art. 5–7",
562
+ "control_name": "ICT Risk Management — privacy risk governance",
563
+ "tier": "Foundational",
564
+ "scope": "Both",
565
+ "notes": "Include AI privacy erosion in ICT risk management; assess inference, aggregation, and memorisation risks for financial AI systems"
566
+ },
567
+ {
568
+ "framework": "DORA",
569
+ "control_id": "Art. 9",
570
+ "control_name": "Protection and Prevention — privacy-preserving controls",
571
+ "tier": "Foundational",
572
+ "scope": "Both",
573
+ "notes": "Implement privacy-preserving controls for AI systems; prevent inference, re-identification, and memorisation-based privacy erosion"
574
+ },
575
+ {
576
+ "framework": "DORA",
577
+ "control_id": "Art. 10",
578
+ "control_name": "Detection — privacy degradation monitoring",
579
+ "tier": "Foundational",
580
+ "scope": "Both",
581
+ "notes": "Monitor for privacy degradation indicators; detect inference attacks, re-identification attempts, and memorisation in model outputs"
582
+ }
583
+ ],
584
+ "tools": [
585
+ {
586
+ "name": "LayerX Security",
587
+ "type": "commercial",
588
+ "url": "https://layerxsecurity.com"
589
+ },
590
+ {
591
+ "name": "Microsoft Intune",
592
+ "type": "commercial",
593
+ "url": "https://www.microsoft.com/en-us/security/business/endpoint-management"
594
+ },
595
+ {
596
+ "name": "Carbon Black",
597
+ "type": "commercial",
598
+ "url": "https://www.vmware.com/products/carbon-black-cloud.html"
599
+ },
600
+ {
601
+ "name": "osquery",
602
+ "type": "open-source",
603
+ "url": "https://github.com/osquery/osquery"
604
+ },
605
+ {
606
+ "name": "OpenDLP",
607
+ "type": "open-source",
608
+ "url": "https://github.com/ezarko/opendlp"
609
+ },
610
+ {
611
+ "name": "CrowdStrike Falcon",
612
+ "type": "commercial",
613
+ "url": "https://www.crowdstrike.com"
614
+ },
615
+ {
616
+ "name": "OpenDP",
617
+ "type": "open-source",
618
+ "url": "https://opendp.org"
619
+ },
620
+ {
621
+ "name": "PySyft",
622
+ "type": "open-source",
623
+ "url": "https://github.com/OpenMined/PySyft"
624
+ },
625
+ {
626
+ "name": "TensorFlow Privacy",
627
+ "type": "open-source",
628
+ "url": "https://github.com/tensorflow/privacy"
629
+ },
630
+ {
631
+ "name": "Flower (Federated Learning)",
632
+ "type": "open-source",
633
+ "url": "https://flower.ai"
634
+ },
635
+ {
636
+ "name": "Microsoft Presidio",
637
+ "type": "open-source",
638
+ "url": "https://github.com/microsoft/presidio"
639
+ },
640
+ {
641
+ "name": "ARX Data Anonymization",
642
+ "type": "open-source",
643
+ "url": "https://arx.deidentifier.org"
644
+ },
645
+ {
646
+ "name": "Opacus",
647
+ "type": "open-source",
648
+ "url": "https://opacus.ai"
649
+ },
650
+ {
651
+ "name": "OneTrust",
652
+ "type": "commercial",
653
+ "url": "https://www.onetrust.com"
654
+ }
655
+ ],
656
+ "incidents": [
657
+ {
658
+ "name": "Italy Garante orders ChatGPT GDPR enforcement — consent and data minimization failures",
659
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
660
+ "year": 2025,
661
+ "incident_id": "INC-035"
662
+ },
663
+ {
664
+ "name": "Synthetic data re-identification — de-anonymized patients from synthetic health records",
665
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
666
+ "year": 2025,
667
+ "incident_id": "INC-040"
668
+ },
669
+ {
670
+ "name": "TikTok EU data localization enforcement — Project Clover + EUR 345M GDPR fine",
671
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
672
+ "year": 2023,
673
+ "incident_id": "INC-043"
674
+ },
675
+ {
676
+ "name": "Scale AI / Sama contractor data exposure — third-party AI labeling workforce privacy violations",
677
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
678
+ "year": 2024,
679
+ "incident_id": "INC-044"
680
+ },
681
+ {
682
+ "name": "OpenAI ChatGPT data retention GDPR challenge — right to erasure vs model training",
683
+ "url": "https://github.com/emmanuelgjr/GenAI-Security-Crosswalk/blob/main/data/incidents.json",
684
+ "year": 2024,
685
+ "incident_id": "INC-050"
686
+ }
687
+ ],
688
+ "crossrefs": {
689
+ "agentic_top10": [
690
+ "ASI10",
691
+ "ASI02",
692
+ "ASI03",
693
+ "ASI07",
694
+ "ASI09"
695
+ ],
696
+ "dsgai_2026": [
697
+ "DSGAI03",
698
+ "DSGAI17"
699
+ ],
700
+ "llm_top10": [
701
+ "LLM06",
702
+ "LLM03",
703
+ "LLM08",
704
+ "LLM01",
705
+ "LLM02"
706
+ ]
707
+ },
708
+ "changelog": [
709
+ {
710
+ "date": "2026-03-27",
711
+ "version": "1.0.0",
712
+ "change": "Initial entry — generated from GenAI Security Crosswalk v1.5.1 mapping files",
713
+ "author": "emmanuelgjr"
714
+ }
715
+ ]
716
+ }