BackVulnerability Management

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

Vulnerability Management

Google (2024)|LLM classified

Mitigation Taxonomy

2Organisation

2.3Operations & Security

2.3.3Monitoring & Logging

Runtime monitoring, observability, performance tracking, and anomaly detection in production.

Also in Operations & Security

2.3.1 Deployment Management2.3.2 Access & Security Controls2.3.4 Incident Response

Definition

Proactively and continually test and monitor production infrastructure and products for security and privacy regressions.

Additional Information

- **Who can implement:** - - Model Creators, Model Consumers - **Risk mapping:** - - [All](https://saif.google/secure-ai-framework/risks)

LLM Classification Details

Reasoning

Continuous runtime testing and monitoring of production infrastructure detects security and privacy regressions.

Code: 2.3.3Version: v0.5Classified: Jan 22, 2026

Other mitigations from Google (2024) (23)

Privacy Enhancing Technologies

Use technologies that minimize, de-identify, or restrict use of PII data in training or evaluating models.

1.1.1 Training Data

Lifecycle:Collect and Process DataActor:DeveloperAIRM:Manage

Training Data Management

Ensure that all data used to train and evaluate models is authorized for the intended purposes.

2.3.2 Access & Security Controls

Lifecycle:Collect and Process DataActor:DeveloperAIRM:Manage

Training Data Sanitization

Detect and remove or remediate poisoned or sensitive data in training and evaluation.

1.1.1 Training Data

Lifecycle:Collect and Process DataActor:DeveloperAIRM:Manage

User Data Management

Store, process, and use all user data (e.g. prompts and logs) from AI applications in compliance with user consent.

2.3.2 Access & Security Controls

Lifecycle:Operate and MonitorActor:Infrastructure ProviderAIRM:Manage

Model and Data Inventory Management

Ensure that all data, code, models, and transformation tools used in AI applications are inventoried and tracked.

2.3.2 Access & Security Controls

Lifecycle:Operate and MonitorActor:DeveloperAIRM:Manage

Model and Data Access Controls

Minimize internal access to models, weights, datasets, etc. in storage and in production use.

2.3.2 Access & Security Controls

Lifecycle:DeployActor:Infrastructure ProviderAIRM:Manage

View all 23 mitigations from this source →

Source Document

Google Secure AI Framework

Google (2024)

SAIF is Google’s Secure AI Framework, which offers guidance for building and deploying AI responsibly. As AI technology rapidly advances and threats continually evolve, the challenge of protecting AI systems, applications, and users at scale requires that developers have a high-level understanding of AI-specific privacy and security risks in addition to established secure coding best practices. SAIF describes Google’s approach for addressing AI risks—including security of data, models, infrastructure, and applications involved in building AI—and is aligned with Google's Responsible AI practices, to keep more people safe online. SAIF is designed to help mitigate risks specific to AI systems like model exfiltration, data poisoning, injecting malicious inputs through prompt injection, and sensitive data disclosure from training data.

View source

Classification

AI Lifecycle Stage

Operate and Monitor

Running, maintaining, and monitoring the AI system post-deployment

Responsible Actor

Deployer

Entity that integrates and deploys the AI system for end users

Infrastructure Provider

NIST AI RMF Function

Measure

Quantifying, testing, and monitoring identified AI risks

Risk Domains

Primary

2 Privacy & Security

Other

2.1 Compromise of privacy by leaking or correctly inferring sensitive information 2.2 AI system security vulnerabilities and attacks