ISACA Certified Artificial Intelligence Auditor (CAIA) — Question 13

An AI system is misclassifying images after a routine model update. An IS auditor discovers that the updated model file was replaced by an unauthorized version. Which of the following is the auditor’s BEST recommendation?

Answer options

• A. Notify all users of potential inaccuracies and deactivate the system.
• B. Immediately retrain the model from scratch using a secure data set.
• C. Disable the automated update process to prevent future issues.
• D. Revert to the last verified model version and initiate a root cause analysis.

Correct answer: D

Explanation

The best recommendation is to revert to the last verified model version and initiate a root cause analysis (D) because it addresses the immediate issue while investigating the cause of the unauthorized update. Simply notifying users (A) or retraining the model (B) does not resolve the underlying problem, and disabling updates (C) does not prevent future unauthorized changes without understanding how the breach occurred.