nerdexam
Isaca

AAISM · Question #168

An organization is implementing AI agent development across engineering teams. What should AI-specific training focus on?

The correct answer is A. Prompt injection, agent memory control, insecure tool execution. AI agent development introduces unique, agent-specific attack vectors that differ from general AI concerns. Training engineering teams should focus on prompt injection (attackers hijacking agent instructions), agent memory control (preventing sensitive context from leaking across

AI Security Design and Implementation

Question

An organization is implementing AI agent development across engineering teams. What should AI-specific training focus on?

Options

  • APrompt injection, agent memory control, insecure tool execution
  • BDataset bias, explainability, fairness
  • COutput moderation, hallucination handling, policy alignment
  • DAPI abuse, data leakage, third-party plug-in risk

How the community answered

(49 responses)
  • A
    90% (44)
  • B
    2% (1)
  • C
    6% (3)
  • D
    2% (1)

Explanation

AI agent development introduces unique, agent-specific attack vectors that differ from general AI concerns. Training engineering teams should focus on prompt injection (attackers hijacking agent instructions), agent memory control (preventing sensitive context from leaking across sessions or being manipulated), and insecure tool execution (ensuring agents cannot be tricked into calling dangerous tools or APIs). Dataset bias and explainability (B) are ML ethics concerns. Output moderation and hallucination handling (C) are runtime safety concerns. API abuse and third-party plug-in risk (D) are relevant but describe integration security, not core agent security development practices.

Topics

#AI agent security#Prompt injection#Secure AI development#Insecure tool execution

Community Discussion

No community discussion yet for this question.

Full AAISM Practice