CCC.GenAI.TH08: Model Tampering
Threat ID:CCC.GenAI.TH08
Title:Model Tampering
Description:
Supply chain risks, including tampering with a model's core components at any stage of its lifecycle—from its source code and training data to the final deployable artifact—may result in embedding backdoors or adversarial triggers altering model behaviour under certain conditions.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.GenAI.F01 | Text-Based Model Selection | Ability to select a foundation model that excels at natural language understanding and generation tasks such as summarization, translation, text generation, question answering, and sentiment analysis. |
| CCC.GenAI.F02 | Code-Based Model Selection | Ability to select a foundation model that focuses on code understanding, generation, and transformation tasks. |
| CCC.GenAI.F03 | Embedding Model Selection | Ability to select a foundation model used for tasks like semantic search, clustering, and document similarity by converting text into vector embeddings. |
| CCC.GenAI.F04 | Image-Based Model Selection | Ability to select a foundation model that focuses on tasks related to vision, such as image generation, editing, and manipulation. |
| CCC.GenAI.F04 | Image-Based Model Selection | Ability to select a foundation model that focuses on tasks related to vision, such as image generation, editing, and manipulation. |
| CCC.GenAI.F04 | Image-Based Model Selection | Ability to select a foundation model that focuses on tasks related to vision, such as image generation, editing, and manipulation. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
FINOS-AIGF | AIR-SEC-008 | 0 | Tampering With the Foundational Model |
SAIF | MST | 0 | Model Source Tampering |
SAIF | MDT | 0 | Model Deployment Tampering |
OWASP-LLM-TOP10 | LLM03:2025 | 0 | Supply Chain |
MITRE-ATLAS | AML.T0010 | 0 | AI Supply Chain Compromise |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.GenAI.C08 | Quality Control and Red Teaming | Establish a formal program for quality evaluation and adversarial testing (red teaming) to ensure GenAI system meet all business, quality, security and compliance requirements before getting deployed into production environments. | Model Assurance and Evaluation | 5 | 5 | 2 |