AAISM · Question #48
An organization is deploying a large language model (LLM) and is concerned that input manipulations may compromise its integrity. Which of the following is the MOST effective way to determine an accep
The correct answer is D. Assess the business impact of known threats. Assessing the business impact of known threats is the correct approach because risk thresholds must be grounded in organizational context-specifically, how much harm a successful input manipulation attack (e.g., prompt injection) would cause to the business. This links the techni
Question
An organization is deploying a large language model (LLM) and is concerned that input manipulations may compromise its integrity. Which of the following is the MOST effective way to determine an acceptable risk threshold?
Options
- ARestrict all user inputs containing special characters
- BDeploy a real-time logging and monitoring system
- CImplement a static risk threshold by limiting LLM outputs
- DAssess the business impact of known threats
How the community answered
(22 responses)- A5% (1)
- B9% (2)
- C5% (1)
- D82% (18)
Explanation
Assessing the business impact of known threats is the correct approach because risk thresholds must be grounded in organizational context-specifically, how much harm a successful input manipulation attack (e.g., prompt injection) would cause to the business. This links the technical threat to business risk appetite, enabling a meaningful and defensible threshold. Restricting all inputs with special characters (A) is an overly blunt technical control that would break legitimate use cases and does not help define a risk threshold. Deploying real-time logging (B) is a detection and monitoring control, not a method for determining risk thresholds. Implementing a static threshold by limiting outputs (C) is an arbitrary control that is not calibrated to actual business risk and lacks the flexibility needed for a dynamic threat environment.
Topics
Community Discussion
No community discussion yet for this question.