AI Foundations
Threats & Risks
Security Controls
AI Operations & Testing
Governance & Roles
100

This learning method involves a “State → Action → Reward” loop repeated thousands of times to teach an agent how to decide actions on its own

What is Reinforcement Learning?

100

The term for realistic audio or video impersonations generated by AI for fraud and deception

What are Deepfakes (or Voice Cloning)

100

This guardrail type is used to automatically mask or remove sensitive information like names, addresses, or credit card numbers

What is a PII/PCI Redaction Guardrail?

100

These are the three essential elements of a high-quality user prompt required to maximize model capability

What are Context, Perspective, and Output Shape?

100

This role is responsible for building and managing data pipelines to ensure high-quality data is accessible for AI systems

Who is a Data Engineer?

200

This specific AI type produces original content by learning from large datasets and mirroring the patterns found within them

What is Generative AI?

200

This threat occurs when an attacker manipulates instructions to bypass a model's safety rules or override active system instructions

What is Prompt Injection?

200

The security best practice that ensures users and subjects receive only the minimum access necessary for their specific role

What is Least Privilege?

200

These usage limitations control which specific AI input/output types—such as text, images, or audio—are permitted by the system

What are Modality Limits?

200

This voluntary U.S. framework organizes AI risk management into four functions: Govern, Map, Measure, and Manage

What is the NIST AI Risk Management Framework (RMF)?

300

This data type carries the highest security risk because it often contains hidden sensitive data throughout its large volume

What is Unstructured Data?

300

This component of the MIT AI Risk Repository explains how, when, and why AI risks occur by classifying them by entity, intent, and timing

What is the Causal Taxonomy?

300

This data safety measure substitutes real data with generic placeholder labels while protecting the format of the original data

What is Data Masking?

300

The data safety measure used when sharing reports that may contain sensitive internal details that must not be visible or recoverable

What is Data Redaction?

300

This regulation categorizes AI applications into risk tiers, including "High risk" and prohibited "Unacceptable risk"

What is the EU AI Act?

400

This AI technology uses multi-layered neural networks to learn complex patterns from large amounts of raw data and adapt as new threats emerge

What is Deep Learning?

400

This attack involves an adversary using repeated queries to learn confidential information about an AI model or to recreate it entirely

What is Model Extraction?

400

These isolated hardware environments provide secure processing for "data in use" to prevent unauthorized access to sensitive information

 What are Trusted Execution Environments (TEEs)?

400

This testing method, often used in SOC operations, identifies bugs, errors, and inconsistencies within source code

What is Code Linting?

500

In this training approach, the model is brought to a local device and trained with user data so that the raw data never leaves the device

What is Federated Learning?

500

This 7-layer framework structures AI risks across layers such as Foundation Models, Data Operations, and the Agent Ecosystem

What is the MAESTRO framework?

500

This encryption method allows computation on encrypted data without decrypting it, keeping the data protected while it is being processed

What is Homomorphic Encryption?

500

This practice integrates software development, security, and operations throughout the CI/CD pipeline

What is DevSecOps?

500

This principle of Responsible AI ensures that stakeholders can understand the reasoning behind a system’s output

What is Transparency and Explainability?

M
e
n
u