nerdexam
Isaca

AAISM · Question #123

Which of the following mitigation control strategies would BEST reduce the risk of introducing hidden backdoors during model fine-tuning via third-party components?

The correct answer is B. Performing threat modeling and integrity checks. Threat modeling identifies where in the fine-tuning pipeline a malicious third-party component could introduce a backdoor, while integrity checks (e.g., cryptographic hashes, software bill of materials verification, and code audits) confirm that components have not been tampered

AI Security Risk Management

Question

Which of the following mitigation control strategies would BEST reduce the risk of introducing hidden backdoors during model fine-tuning via third-party components?

Options

  • ALeveraging open-source models and packages
  • BPerforming threat modeling and integrity checks
  • CDisabling runtime logs during model training
  • DImplementing unsupervised learning methods

How the community answered

(55 responses)
  • A
    13% (7)
  • B
    76% (42)
  • C
    4% (2)
  • D
    7% (4)

Explanation

Threat modeling identifies where in the fine-tuning pipeline a malicious third-party component could introduce a backdoor, while integrity checks (e.g., cryptographic hashes, software bill of materials verification, and code audits) confirm that components have not been tampered with. Together they proactively surface and block hidden backdoors before they reach production. Option A (open-source) does not prevent backdoors-open-source code can still be malicious. Option C (disabling logs) eliminates visibility rather than reducing risk. Option D (unsupervised learning) is a training methodology unrelated to supply-chain backdoor prevention.

Topics

#AI Supply Chain Security#Threat Modeling#Integrity Checks#Model Backdoors

Community Discussion

No community discussion yet for this question.

Full AAISM Practice