The Technical SME conducts the full adversarial ML testing suite at least biannually and additionally after any significant model change. Significant changes include model retraining on new data, architecture modifications, changes to the system’s input or output format, changes to the guardrails or safety constraints, and changes to the model’s deployment context or intended purpose.

The biannual cadence ensures that the testing results remain current even for systems that do not undergo frequent changes. Between full testing cycles, the CI pipeline’s robustness gate provides continuous verification using a subset of the adversarial testing suite. The robustness gate does not replace the full adversarial ML testing programme; it provides early warning of regressions.

The testing frequency, the trigger conditions for additional testing, and the relationship between the full testing programme and the CI pipeline’s robustness gate are documented in Module 9. The Technical SME documents all adversarial testing results in structured reports, stored as Module 9 evidence, and fed back into the threat model and risk register.

Key outputs

• Biannual full adversarial ML testing suite
• Change-triggered additional testing for significant modifications
• CI pipeline robustness gate providing continuous subset verification
• Module 9 AISDP documentation