nerdexam
Isaca

AAIA · Question #69

During an audit of an investment organization's AI-powered software, an IS auditor identifies a potential security risk. What is the GREATEST risk associated with staff exfiltrating organizational dat

The correct answer is B. Unauthorized data disclosure. Unauthorized data disclosure (B) is the greatest risk because when employees send organizational data-potentially including client records, financial data, trade secrets, or PII-to an external generative AI service, that data may be retained by the vendor, used for model training

AI Risk Management and Controls

Question

During an audit of an investment organization's AI-powered software, an IS auditor identifies a potential security risk. What is the GREATEST risk associated with staff exfiltrating organizational data to a generative AI tool?

Options

  • AData contamination due to biased AI model outputs
  • BUnauthorized data disclosure
  • CPotential business disruptions
  • DExcessive reliance on AI-generated insights

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    78% (21)
  • C
    11% (3)
  • D
    7% (2)

Explanation

Unauthorized data disclosure (B) is the greatest risk because when employees send organizational data-potentially including client records, financial data, trade secrets, or PII-to an external generative AI service, that data may be retained by the vendor, used for model training, or exposed to other users. This constitutes a confidentiality breach with potential legal, regulatory, and reputational consequences. Data contamination from biased outputs (A) and excessive reliance on AI insights (D) are concerns about AI output quality, not data security. Business disruptions (C) are a secondary consequence, not the primary risk of the exfiltration act itself.

Topics

#Data Security#Generative AI Risk#Data Exfiltration#Unauthorized Disclosure

Community Discussion

No community discussion yet for this question.

Full AAIA Practice