CCC.GenAI.TH10: Model Version Drift
Threat ID:CCC.GenAI.TH10
Title:Model Version Drift
Description:
An update to a managed GenAI model may cause unpredictable and breaking changes in its outputs, alignment, and performance. Systems built and tested against the previous version's specific behavior can suddenly fail or become insecure, as their functional and safety assumptions are no longer valid.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.F18 | Resource Versioning | The service automatically assigns versions to child resources which can be used to preserve, retrieve, and restore past iterations. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
FINOS-AIGF | AIR-OP-005 | 0 | Foundation Model Versioning |
Controls
| ID | Title | Objective | Control Family | Threat Mappings | Guideline Mappings | Assessment Requirements |
|---|---|---|---|---|---|---|
| CCC.GenAI.C07 | Model Version Pinning | Mandate that applications are locked ("pinned") to a specific, tested version of a foundational model to prevent unexpected behaviour changes introduced by provider-side updates. | Configuration Management | 1 | 1 | 1 |
| CCC.GenAI.C08 | Quality Control and Red Teaming | Establish a formal program for quality evaluation and adversarial testing (red teaming) to ensure GenAI system meet all business, quality, security and compliance requirements before getting deployed into production environments. | Model Assurance and Evaluation | 5 | 5 | 2 |