Reskill · APP
Application & DevSecAIOps Security
A prompt injection turned an internal agent into an exfiltration path.
The pipeline gates never watched for it. Reskilling means teaching them to.
The rung you have to reach
Model Security
Security controls for AI models across deployment types (self-hosted, PaaS, API/SaaS), including model selection, integrity and provenance verification, secure configuration, adversarial robustness, and operational monitoring. Includes model safety (bias, harm, hallucinations).
L1 · Initial
Models deployed without security or safety review regardless of deployment type. For self-hosted models, no integrity controls or restrictions on unsafe file formats. For PaaS/API models, default configurations used without security assessment. No evaluation of third-party or open models before use. Model provider security posture not assessed.
L2 · Repeatable
Basic security requirements documented for model deployments (e.g., system prompt requirements). Third-party and open models undergo risk review for major deployments, including basic safety evaluation. For self-hosted models, unsafe file formats recognized but enforcement inconsistent. For PaaS/API models, initial configuration reviews performed. Model provider security assessments conducted for primary providers.
L3 · Defined
Standardized security and safety (bias/harm/hallucination) requirements for models based on deployment type and risk classification. Self-hosted models require integrity verification and secure file formats. PaaS/API model configurations hardened per documented standards. Formal risk assessment process for third-party and open models. Model versioning and rollback capability established. Initial monitoring for model behavior and performance in production.
L4 · Capable
Model signing and provenance verification enforced for self-hosted models. Automated configuration validation for PaaS/API deployments. Adversarial robustness testing standard for production use cases. Continuous monitoring for model drift, degradation, safety, and anomalous behavior across deployment types. Model risk metrics tracked and reported through governance processes.
L5 · Efficient
Automated model security verification across deployment types integrated into pipelines. Real-time monitoring with automated alerting on drift, safety issues, or anomalies. Adversarial testing integrated into CI/CD with defined thresholds. Proactive updates to model security controls as providers release changes or new attack vectors emerge.
This function also touches: App Security.
our model · calibrated to SAE J3016
Your syllabus
The plays that climb the rung.
Secure code-review assist
Security review of code changes: flag dangerous patterns, check fixes, reduce review queue time.
Moves: Security-review turnaround ↓
Show the exact control IDs (for your security & GRC team)
L2 AIS-04, AIS-12, HRS-15 · L3 AIS-05, GRC-15, TVM-13 · L4 AIS-06, IAM-18
LLM guardrails / prompt-injection defense
Fit a guard to an LLM app’s real attack classes; verify against known and held-out attacks.
Moves: Attack catch rate ↑
Show the exact control IDs (for your security & GRC team)
L2 MDS-06, TVM-13 · L3 MDS-07, LOG-15, LOG-16 · L4 MDS-10, AIS-13
AI SDLC tollgate reviews
Review every AI-assisted PR and model release against eight CI gates from Plan to Monitor; gate strength scales with the AI-CMM autonomy tier (our model) the stage runs at.
Moves: % of AI-assisted PRs passing all gates pre-merge ↑
Show the exact control IDs (for your security & GRC team)
L2 AIS-04, AIS-12, DSP-17 · L3 AIS-05, MDS-06, MDS-07, GRC-15, LOG-16 · L4 AIS-13, MDS-10, LOG-12
Autonomy must not outrun maturity. The gate holds each rung until its controls are evidenced. The gate framework: eight gates, three lanes →