AAISM · Question #21
An organization develops and implements an AI-based plug-in for users that summarizes their individual emails. Which of the following is the GREATEST risk associated with this application?
The correct answer is D. Inadequate controls over parameters. An AI email summarization plugin has access to sensitive personal communications. The greatest risk is inadequate controls over parameters (D) - if the plugin's behavior, scope, or inputs can be manipulated (e.g., through prompt injection in a malicious email), an attacker could
Question
An organization develops and implements an AI-based plug-in for users that summarizes their individual emails. Which of the following is the GREATEST risk associated with this application?
Options
- ALack of application vulnerability scanning
- BData format incompatibility
- CInsufficient rate limiting for APIs
- DInadequate controls over parameters
How the community answered
(57 responses)- A11% (6)
- B4% (2)
- C4% (2)
- D82% (47)
Explanation
An AI email summarization plugin has access to sensitive personal communications. The greatest risk is inadequate controls over parameters (D) - if the plugin's behavior, scope, or inputs can be manipulated (e.g., through prompt injection in a malicious email), an attacker could redirect the AI to exfiltrate content, summarize beyond the intended scope, or perform unintended actions. This is a direct control failure over what the AI does with privileged data. Lack of vulnerability scanning (A) is a general security hygiene issue, not the greatest specific risk here. Data format incompatibility (B) is a technical/operational risk, not a security risk. Insufficient rate limiting (C) is a concern for API abuse but does not address the core risk of the AI itself being manipulated. Parameter control (D) is the most consequential risk given the sensitive data access.
Topics
Community Discussion
No community discussion yet for this question.