Skip to content

Releases: mikeprivette/ai-security-shared-responsibility

v1.1.0 - Enhanced Documentation & Narrative Format

26 Sep 13:52
@mikeprivette mikeprivette
v1.1.0
02cbde8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.0 - Enhanced Documentation & Narrative Format Latest
Latest

What's New

  • Visual First: Hero image of responsibility matrix now front and center
  • Narrative Format: All 16 security domains rewritten with plain language explanations
  • Real Examples: Every domain includes concrete examples across all 8 deployment models
  • Clearer Responsibilities: Simplified P/S/C assignments with grouped explanations

Key Improvements

  • Problem-first README structure (following successful repo patterns)
  • "What This Actually Means" sections for every security domain
  • Model Security clarification for pre-trained models in IaaS/On-Prem
  • User Access Control principle: always customer responsibility
  • Context Pollution Protection explained (advanced prompt injection)

For Security Leaders

This release makes the framework immediately actionable. Each domain now clearly explains what you're responsible for in your specific deployment model.

For Practitioners

Examples for every deployment model help you understand exactly how responsibilities apply to your use case.

Assets 2
Loading

AI Security Shared Responsibility Model v1.0.0

18 Sep 15:15
@mikeprivette mikeprivette
v1.0.0
22823c0

Choose a tag to compare

View all tags
AI Security Shared Responsibility Model v1.0.0

Initial Release

A vendor-agnostic framework for understanding security responsibilities in AI deployments.

What's Included

  • 8 deployment models covering the full spectrum of AI deployments
  • 16 security domains (12 traditional + 4 AI-specific)
  • Complete responsibility matrix mapping who owns what
  • Clear distinction between interactive AI (covered) and background AI (not covered)

Key Features

  • Day 1 Framework: Start here before diving into technical specifications
  • Vendor-agnostic: Works regardless of your AI providers
  • Business-focused: Speaks the language of security leaders, not just technologists
  • Open source: Community feedback drives future improvements

Deployment Models

  1. SaaS AI Models
  2. PaaS AI Models
  3. IaaS AI Models
  4. On-Premises AI Models
  5. SaaS Products with Embedded AI
  6. Agentic AI Systems
  7. AI Coding Assistants
  8. MCP-Based Systems

Security Domains

Traditional (1-12) plus AI-specific domains (13-16):

  • Agent Governance
  • Code Generation Security
  • Context Pollution Protection
  • Multi-System Integration

Originally published on Return on Security (August 2024), now expanded and open sourced.

Looking for real-world implementation feedback to shape v2.0.

Loading