Vulnerability Scanning

What this means in practice

For AI systems, scanning must extend beyond traditional IT vulnerabilities to include AI-specific attack vectors such as model extraction vulnerabilities, data poisoning susceptibility, prompt injection weaknesses, and insecure model serving endpoints. For organizations, regular vulnerability scanning is a baseline security practice that should be integrated into CI/CD pipelines and conducted before every deployment to production. In COMPEL, vulnerability scanning is part of the AI Security Architecture framework in Module 3.3, Article 5, contributing to the defense-in-depth strategy designed during the Technology pillar implementation.

Why it matters

AI systems face both traditional IT vulnerabilities and AI-specific attack vectors including model extraction, data poisoning, prompt injection, and insecure model serving endpoints. Because AI systems process sensitive data and make consequential decisions, exploitation could lead to data breaches, model theft, or output manipulation. Regular vulnerability scanning integrated into deployment pipelines is a baseline security practice that prevents known weaknesses from reaching production.

How COMPEL uses it

Vulnerability scanning is part of the AI Security Architecture framework in Module 3.3, Article 5, contributing to the defense-in-depth strategy within the Technology pillar. During the Produce stage, scanning is integrated into CI/CD pipelines before every production deployment. The Evaluate stage assesses vulnerability management effectiveness, and the Operational Readiness layer includes security scanning in its Dimension 7 (Security and Compliance) assessment.

Related Terms

Other glossary terms mentioned in this entry's definition and context.

• AI Security Architecture
• Baseline
• Data Poisoning
• Defense in Depth
• Evaluate Stage
• Operational Readiness
• Produce Stage
• Prompt Injection