System area
AI Security
Secure development, adversarial thinking, and least-privilege authority for AI-enabled systems.
Scope
Where it helps
Use this area when models or agents can reach sensitive data, tools, users, or external systems.
Inquiry
Questions LucyAI asks
- What can untrusted content influence?
- Which permissions are truly required?
- How are abuse, failure, and recovery observed?
Outputs
Artifact ledger
- Threat and trust-boundary model
- Tool-authority matrix
- Security validation plan
Boundaries
Control ledger
- Input and output validation
- Guarded external effects
- Incident and rollback paths
Evidence
Source basis
- NIST secure development practices for generative AI
Secure-development guidance
- NIST adversarial machine learning taxonomy
Adversarial-risk vocabulary
- OWASP agentic application risks
Community security prioritization