Sensitive data submitted through the LLM gateway to third-party hosted models is exposed when the provider lacks transparent encryption, retention limits, or secure-deletion guarantees, leaving the institution without control over data it no longer holds.
AI/ML / Multi Agent Refarch / Threats / DEV
Hosted-provider data-handling exposure
CCC.MARefArc.TH02
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CP14 | Approved-model registry and lifecycle | Catalog of approved models with metadata, version information, configuration parameters, and usage constraints, ensuring agents access only models meeting organizational, regulatory, and security standards. |
| CCC.MARefArc.CP16 | Model-interaction zero-trust guardrails | Enforces authentication and authorization for every inference request and applies input validation against prompt injection, output filtering and redaction, access control, rate limits, and cost management before and after model execution. |
Related Controls
| ID | Title | Description |
|---|---|---|
| CCC.MARefArc.CN01 | Data Filtering From External Knowledge Bases | Sanitize, filter, and classify data ingested by the Knowledge Layer from internal and external source bases before it is embedded into the vector store or used for retrieval-augmented generation, preventing inadvertent exposure or manipulation of sensitive organizational knowledge. |
| CCC.MARefArc.CN04 | Data Quality and Classification | Assess the quality of, and assign classification and sensitivity labels to, all data used for grounding, training, and fine-tuning, and enforce handling rules derived from those labels throughout the Knowledge and LLM layers. |
| CCC.MARefArc.CN05 | Legal and Contractual Frameworks for AI Systems | Establish contractual controls with model and MCP service providers covering data handling, retention and deletion, intellectual property, liability, and supply-chain integrity. |
| CCC.MARefArc.CN08 | Role-Based Access Control for AI Data | Enforce least-privilege, role-based access control over all AI data stores, including source bases, the vector store, and model artifacts. |
| CCC.MARefArc.CN13 | MCP Server Security Governance | Govern the onboarding, verification, and ongoing monitoring of MCP servers so that only approved, integrity-verified servers are reachable, and supply-chain compromise is detected. |
| CCC.MARefArc.CN16 | AI Data Leakage Prevention and Detection | Detect leakage of sensitive data in model inputs and outputs and in telemetry, and alert and respond when disclosure is detected. |
| CCC.MARefArc.CN17 | AI System Observability | Instrument every layer to emit logs, traces, metrics, and events to the Observability Layer so that behaviour, drift, availability, and data handling are continuously visible and auditable. |
| CCC.MARefArc.CN21 | Automated Evaluation Using LLM-as-a-Judge | Use automated model-based evaluation in the Evaluation Layer to assess output quality, grounding, bias, and policy compliance at scale. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| air-vec | AIR-RC-001-03 | |
| air-vec | AIR-RC-001-04 |