Essay
Step-one deliverable: one named owner for every in-scope control across your AI supply chain — client, app, orchestrator, model, cloud.
3 June 2026 · 5 min read · Binu Chacko
Situation
Your AI provider “handles security” — it says so in the deck.
Complication
Nobody can name which controls are actually yours to evidence, so audit prep starts from zero every time.
The question
“Which controls do WE have to evidence, and which are the provider’s?”
The answer
Provider / shared / deployer per control — the SSRM read — so audit effort lands only on what is genuinely yours.
AI controls fail quietly in the gaps between organisations. Your app calls an orchestrator, the orchestrator calls a model, the model runs on someone else’s cloud — and a control everyone assumes “the platform” handles is owned by no one. The Shared Security Responsibility Model (SSRM) ownership map makes that chain explicit: for every in-scope control, exactly one named owner.
These are the same four provider roles the Cloud Security Alliance (CSA) writes its implementation and auditing guidance for — which is why every control objective in the library drill carries per-role auditing steps. The map and the audit speak the same language.
A shared-responsibility matrix is not paperwork. It is the list of controls you believed someone else was doing.
The map drives three concrete actions: contract reviews (turn assumed ownership into written ownership), the provider-evaluation questions in the external-assurance artefact, and the unowned-gap entries at the top of the remediation roadmap — because a control nobody owns is the most dangerous kind of NO.
SSRM follows the Cloud Security Alliance (CSA) shared-security-responsibility model as applied to the generative AI service-delivery layers in AI Controls Matrix (AICM) v1.1.0. Ownership shown in the matrix is the typical attribution — your contracts decide the real one, which is precisely why the map exists.
Subscribe for the next essay.