BackLeast Privilege access

This page is still being polished. If you have thoughts, please share them via the feedback form.

Data on this page is preliminary and may change. Please do not share or cite these figures publicly.

Least Privilege access

Gipiskis (2024)|LLM classified

Mitigation Taxonomy

1AI System

1.2Non-Model

1.2.2Runtime Environment

Containment, isolation, and control mechanisms for system execution.

Also in Non-Model

1.2.1 Guardrails & Filtering1.2.3 Monitoring & Detection1.2.4 Security Infrastructure1.2.5 Provenance & Watermarking

Definitionp. 43

Deployers of an AI system can restrict its permissions to a whitelisted set of predetermined options, such that all options not on the whitelist are not accessible to the AI [200, 146]. The entries on the whitelist can be chosen to be as small as possible for the AI system to fulfill its intended purpose, to reduce the attack surface of external attackers, and to decrease the probability that the AI system accidentally takes actions with large unintended side-effects

Additional Informationp. 43

For example, such whitelisting can apply to network connections, execution of other programs, access to knowledge bases, and the action space of the AI system. It can be implemented through running the AI system on an OS-level virtualization, on networks behind a firewall, and in extreme cases on air-gapped machines

LLM Classification Details

Reasoning

Restricts system access to authorized users through permission controls, an operational security practice.

Code: 2.3.2Version: v0.6Classified: Feb 6, 2026

Part of

Cybersecurity

Other mitigations from Gipiskis (2024) (112)

Model development

2.4 Engineering & Development

Lifecycle:Build and Use ModelActor:DeveloperAIRM:Unable to classify

Model development > Data-related

1.1 Model

Lifecycle:Collect and Process DataActor:Unable to classifyAIRM:Unable to classify

Model evaluations

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

Model evaluations > General evaluations

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

Model evaluations > Benchmarking

3.2.1 Benchmarks & Evaluation

Lifecycle:Other (outside lifecycle)Actor:DeveloperAIRM:Measure

Model evaluations > Red teaming

2.2.2 Testing & Evaluation

Lifecycle:Verify and ValidateActor:DeveloperAIRM:Measure

View all 112 mitigations from this source →

Source Document

Risk Sources and Risk Management Measures in Support of Standards for General-Purpose AI Systems

Gipiškis, Rokas; San Joaquin, Ayrton; Chin, Ze Shen; Regenfuß, Adrian; Gil, Ariel; Holtman, Koen (2024)

Organizations and governments that develop, deploy, use, and govern AI must coordinate on effective risk mitigation. However, the landscape of AI risk mitigation frameworks is fragmented, uses inconsistent terminology, and has gaps in coverage. This paper introduces a preliminary AI Risk Mitigation Taxonomy to organize AI risk mitigations and provide a common frame of reference. The Taxonomy was developed through a rapid evidence scan of 13 AI risk mitigation frameworks published between 2023-2025, which were extracted into a living database of 831 distinct AI risk mitigations.

View source DOI: 10.48550/arXiv.2410.23472

Classification

AI Lifecycle Stage

Deploy

Releasing the AI system into a production environment

Operate and Monitor

Responsible Actor

Deployer

Entity that integrates and deploys the AI system for end users

NIST AI RMF Function

Manage

Prioritising, responding to, and mitigating AI risks

Risk Domains

Primary

7.2 AI possessing dangerous capabilities

Other

2.2 AI system security vulnerabilities and attacks