Data.

Why this dimension matters

Data is the fuel for every AI system. AI security therefore depends on data security, but with new wrinkles: prompts are now a sensitive-data egress channel, RAG corpora become query-able attack surfaces, and vendor contracts must explicitly exclude your data from model training. The Data dimension covers classification, prompt-level controls, prompt and output logging, vendor data terms, and subject-rights handling. It maps directly to OWASP LLM02 (Sensitive Information Disclosure), LLM08 (Vector and Embedding Weaknesses), and the Manage and Map functions of NIST AI RMF. A weak data score means AI is rolling out faster than data hygiene can keep up. A strong data score means classification, DLP, and vendor diligence have been operationalized.

Posture Check questions for data

1. Have you classified data that is permitted versus prohibited for input into AI systems (training, fine-tuning, prompts)?
   • 0 No classification
   • 1 Aware that classification is needed
   • 2 Partial classification
   • 3 Documented classification policy in operation
2. Do you control which users, systems, or roles can submit prompts containing sensitive data?
   • 0 No controls
   • 1 Acknowledged the gap
   • 2 Partial controls (specific systems only)
   • 3 Role-based prompt controls with audit trail
3. Are AI prompts and outputs logged for security and compliance review?
   • 0 No logging
   • 1 Identified the need
   • 2 Partial logging (some systems)
   • 3 Comprehensive logging with retention policy
4. Have you confirmed with your AI vendors that customer data is not used to train their underlying models?
   • 0 No confirmation
   • 1 Reviewing vendor terms
   • 2 Some vendors confirmed
   • 3 All vendors confirmed in writing
5. Do you have a process to handle data subject rights requests (deletion, rectification) for data submitted to AI systems?
   • 0 No process
   • 1 Identified the requirement
   • 2 Process in development
   • 3 Operational process aligned to applicable privacy law