AAISM defines data poisoning as the insertion of malicious or corrupted data into training (or fine-tuning) pipelines to degrade or bias model behavior, thereby compromising output integrity in production. While poisoning occurs during development/training (C), its primary objective is the downstream integrity impact on predictions/outputs (D). Options A and B relate to confidentiality threats (e.g., inversion or leakage), not poisoning.
References:* AI Security Management™ (AAISM) Body of Knowledge: Model Integrity Threats-data poisoning aims and effects; supply-side data controls* AAISM Study Guide: Risk scenarios for poisoning; mitigations via data provenance checks, robust training, and anomaly detection

AAISM states that the effectiveness of automated AI cybersecurity systems depends heavily on well-trained detection models using high-quality historical attack data.
Historical data improves:
* detection accuracy
* reduction of false positives
* reduction of human misinterpretation
Manual monitoring (A) increases human error. ML "ensuring responsibility" (C) is not a defined control. Pen testing (D) does not reduce human mistakes.
References: AAISM Study Guide - AI in Cybersecurity; Model Training for Threat Detection.

AAISM directs organizations to embed security, safety, and compliance controls at design time ("secure- by-design" and "shift-left"), ensuring requirements for robustness, privacy, and governance are defined as non-functional constraints on architecture, data sourcing, model choices, and evaluation criteria before any model is trained. Deferring these requirements to training, testing, or deployment increases residual risk and rework, and weakens traceability of control coverage.
References:* AI Security Management (AAISM) Body of Knowledge: Governance-Secure-by-Design; Policy-to-Control Traceability; Requirements Management* AAISM Study Guide: AI Program Lifecycle- Planning & Design Controls; Design-time Threat Modeling and Control Selection* AAISM Mapping to Standards: Design-phase Risk Identification and Requirements Engineering for AI

Output provenance verification (e.g., robust watermarking, cryptographic signing, content credentials, and chain-of-custody attestations) is the primary preventive and detective control to combat deepfakes at scale. It enables receivers and downstream systems to verify that media originates from trusted sources and has not been tampered with. While risk assessments (Option B) and governance policies (Option C) set expectations, they do not technically prevent forged media. Input validation (Option D) does not address media authenticity once generated or received.
References:
AAISM Body of Knowledge: Content Authenticity, Watermarking, and Provenance; Trustworthy AI Outputs and Media Integrity Controls.
AAISM Study Guide: Mitigations for Synthetic Media Risks; Watermark/Signature Verification Pipelines; Content Credentials in Enterprise Controls.

AAISM study materials stress that weak access controls are the most easily exploited vulnerability in AI systems. Without strong access restrictions, adversaries can directly query, extract, manipulate, or overload models, leading to data leakage or compromised outputs. While inaccurate generalizations, DoS vulnerabilities, or susceptibility to input manipulation are serious, they typically require more effort or specific conditions. Weak access control provides the most direct and immediate entry point for attackers. As such, it is identified as the most easily exploited vulnerability.
References:
AAISM Exam Content Outline - AI Risk Management (Access and Authentication Vulnerabilities) AI Security Management Study Guide - Exploitable Weaknesses in AI Systems