The cybersecurity testing programme validates the security controls documented throughout the AISDP. Penetration testing requires annual independent assessments with severity-based remediation SLAs. Vulnerability scanning implements continuous automated scanning across four layers with a centralised vulnerability management register.

Adversarial ML testing addresses AI-specific attack vectors including evasion, data poisoning, model extraction, membership inference, prompt injection, and supply chain attacks. Additional threat-specific testing covers OWASP LLM categories not already addressed by adversarial ML testing. Red team exercises simulate multi-stage attack scenarios against the complete system. Test result mapping links findings to specific AISDP controls and regulatory requirements.

Note:

This section corresponds to the Cybersecurity Testing section and feeds primarily into AISDP Module 9 (Robustness and Cybersecurity).