System and Information Integrity

Adversarial content in AI model inputs (poisoned training data, jailbreak attempts, adversarial examples) is treated as malicious code. Standard malicious code protection mechanisms apply, including a...

The organization retains samples of detected adversarial content for analysis to understand attack mechanisms and improve detection capabilities. Analysis techniques vary based on attack type and avai...

AI accelerators verify boot integrity using hardware-based mechanisms rooted in the hardware root-of-trust. Boot measurements are stored for attestation (IA-3), enabling remote verification that the a...

AI accelerators accept only manufacturer-signed firmware, verified using keys embedded in hardware during manufacturing. The accelerator rejects unsigned or incorrectly signed firmware even with full ...

AI accelerators verify that code is cryptographically signed before execution. This extends beyond firmware to operator binaries composing workload execution....