ai · security · skills

Reskill · DAT

Data Security

Someone pasted a customer record into a prompt, and your DLP never saw it leave.

What an AI reads and writes is a data flow your controls do not watch yet.

Start with these skills

  1. Encrypt AI data in transit and at rest
  2. Choose and defend the encryption algorithms in use
  3. Manage encryption changes without breaking service
  4. Weigh encryption changes by risk and cost
  5. Assess encryption risk where AI concentrates data

The rung you have to reach

Data Security

Managing the security, privacy and ownership of data across the AI service supply chain and deployment types (self-hosted, PaaS, API/SaaS). Includes provenance, lineage, input/output sanitization, privacy, and security controls. Focuses on training data, RAG, vector data stores, inference output and other data repositories and workflows used in AI models and applications.

L1 · Initial

AI data repositories (training data, vector stores, RAG sources) rely on general-purpose data security controls. No differentiation between AI and other data assets. Data provenance for training and fine-tuning for self-trained models not tracked. Vector databases deployed with default access controls. No validation of data sources used for grounding or retrieval.

L2 · Repeatable

AI-specific data risks identified (poisoning, RAG leakage). Training and fine-tuning data sources documented for critical models. Basic access controls on vector databases. Basic validation (source approval, format checks) for external sources used in RAG. Sensitive data handling requirements documented for AI contexts but inconsistently applied.

L3 · Defined

AI data security requirements documented by data type (training, fine-tuning, RAG, embeddings). Data ingestion restricted to approved, documented sources with format validation before use. Vector databases use tenant or application isolation to prevent cross-context access. Sensitive data filtering applied to training and grounding sources (e.g. PII scanning). Initial data versioning for critical AI systems.

L4 · Capable

Data sources and transformations documented and auditable for production AI systems. Automated data validation integrated into AI pipelines where applicable. Permission-aware retrieval implemented for RAG tool calls (query results filtered based on user access to source data). Comprehensive data versioning with ability to trace data changes over time.

L5 · Efficient

Data lineage integrated with model inventory for end-to-end traceability (for training). Permission-aware retrieval standard across RAG deployments. Scanning for detection of potential data poisoning or adversarial patterns in training/RAG. AI data security controls updated proactively as new attack vectors emerge.

our model · calibrated to SAE J3016

Your syllabus

The plays that climb the rung.

Policy / DPIA drafting & mapping

Draft privacy and AI-impact assessments and policies; map them to the obligations they serve.

Moves: Drafting time per assessment

Show the exact control IDs (for your security & GRC team)

L2 DSP-09, DSP-01, DSP-17 · L3 GRC-15, DSP-08, LOG-16 · L4 LOG-12, IAM-18

Autonomy must not outrun maturity. The gate holds each rung until its controls are evidenced. The gate framework: eight gates, three lanes →

Baseline Data Securityopen to run · research access to saveBack to the maturity read