An organization is designing an AI-based credit risk assessment system that will integrate with sensitive financial datasets. Which of the following would BEST support the implementation of security-by-design principles in the AI system's architecture?
Correct Answer: D
Security by design in AI requires establishing risk-informed requirements at the earliest stages of the lifecycle and systematically translating them into architectural controls. Conducting AI-specific threat modeling before deployment is the highest-leverage action because it identifies assets (data, models, pipelines), trust boundaries (feature stores, training/inference services), threat events (poisoning, evasion, model extraction), and attack paths unique to ML systems. The outputs (abuse/misuse cases, control objectives, verification plans) then drive selection and prioritization of controls such as privacy-enhancing techniques, access controls, isolation, monitoring, and assurance testing. While differential privacy (C) is a strong control for leakage risk, it is one control choice among many and should be selected as a result of threat modeling. IP allow lists (B) and container segmentation (A) are valuable hardening measures but are narrower and do not replace the lifecycle-wide governance and design traceability that threat modeling enables.
References: AI Security Management™ (AAISM) Body of Knowledge - Secure AI SDLC; AI Threat Modeling and Abuse Case Development; Architecture & Control Selection; Risk-Based Design Assurance.
AAISM Study Guide - Security-by-Design for AI; Model/System Asset Mapping; Control Objectives from Threat Models.