ai · security · skills

Essay

The Shared Security Responsibility Model (SSRM) Ownership Map

Step-one deliverable: one named owner for every in-scope control across your AI supply chain — client, app, orchestrator, model, cloud.

3 June 2026 · 5 min read · Binu Chacko

Situation

Your AI provider “handles security” — it says so in the deck.

Complication

Nobody can name which controls are actually yours to evidence, so audit prep starts from zero every time.

The question

Which controls do WE have to evidence, and which are the provider’s?

The answer

Provider / shared / deployer per control — the SSRM read — so audit effort lands only on what is genuinely yours.


AI controls fail quietly in the gaps between organisations. Your app calls an orchestrator, the orchestrator calls a model, the model runs on someone else’s cloud — and a control everyone assumes “the platform” handles is owned by no one. The Shared Security Responsibility Model (SSRM) ownership map makes that chain explicit: for every in-scope control, exactly one named owner.

The five seats at the table

  • You — the AI customer: scope, data, acceptable use, the final risk decision.
  • Application provider (AP) — the product surface where prompts and outputs live.
  • Orchestrated service provider (OSP) — the pipeline gluing models, tools and data.
  • Model provider (MP) — training, weights, model behaviour and its documentation.
  • Cloud service provider (CSP) — the infrastructure everything inherits.

These are the same four provider roles the Cloud Security Alliance (CSA) writes its implementation and auditing guidance for — which is why every control objective in the library drill carries per-role auditing steps. The map and the audit speak the same language.

What the map surfaces

  • Ownership gaps — a control no party has accepted in writing.
  • Chain mismatches — you assume the OSP filters inputs; the OSP’s terms say you do.
  • Justified NAs — controls legitimately owned upstream, which become contract clauses and evidence requests rather than engineering work (feeding the coverage assessment’s NA column).

A shared-responsibility matrix is not paperwork. It is the list of controls you believed someone else was doing.

Using it

The map drives three concrete actions: contract reviews (turn assumed ownership into written ownership), the provider-evaluation questions in the external-assurance artefact, and the unowned-gap entries at the top of the remediation roadmap — because a control nobody owns is the most dangerous kind of NO.

SSRM follows the Cloud Security Alliance (CSA) shared-security-responsibility model as applied to the generative AI service-delivery layers in AI Controls Matrix (AICM) v1.1.0. Ownership shown in the matrix is the typical attribution — your contracts decide the real one, which is precisely why the map exists.

← Newer essay

Placing a Function on the AISMM Scale

Older essay →

The Prioritised Remediation Roadmap

← Back to Insights

Subscribe for the next essay.