v2.4.0 | Report Errata
docs artefact-taxonomy docs artefact-taxonomy

B8. Penetration Testing Reports Results of security testing including AI-specific attack scenarios (adversarial inputs, model extraction, data poisoning, prompt injection). For financial entities subject to DORA, includes TLPT using TIBER-EU methodology. Refreshed annually. External testers with realistic threat actor capabilities conduct structured exercises using MITRE ATLAS alongside MITRE ATT&CK.; Responsible party: Technical SME commissions. Independent testers execute. Regulations addressed: Article 15 (cybersecurity); DORA Article 26 (TLPT); NIS2 Article 21 (security testing). Key outputs

  • AI-specific attack scenario results
  • Conventional vulnerability findings
  • Remediation recommendations tracked through vulnerability register
On This Page