CCC.GenAI.F22: Data Control
Capability ID:CCC.GenAI.F22
Title:Data Control
Description:Ensures prompts, model outputs, embeddings, and training data fed by
customers are not used to train foundation models.
Mapped Threats
| ID | Title | Description | External Mappings | Capability Mappings | Control Mappings |
|---|---|---|---|---|---|
| CCC.GenAI.TH02 | Data Poisoning | Data poisoning occurs when training, fine-tuning or embedding data is tampered with in order to modify the model's behaviour, for example steering it towards specific outputs, degrading performance or introducing backdoors. | 4 | 1 | 0 |
| CCC.GenAI.TH03 | Sensitive Information Disclosure | Sensitive data can be memorised by the model from user interaction or training and may then be leaked to unintended and unauthorised parties by querying the model, for example through crafted prompts. | 4 | 1 | 0 |