ISACA Certified Artificial Intelligence Auditor (CAIA) — Question 8

An organization shares an AI model with external partners. One partner reports that sensitive data has been inadvertently exposed through the model's outputs. Which of the following is the IS auditor's BEST recommendation?

Answer options

• A. Retrain the model immediately and implement privacy-preserving techniques.
• B. Disable the shared model and notify partners of the potential breach.
• C. Limit the model's outputs to anonymized results while investigating further.
• D. Audit the data pipelines of all partners to identify the source of the leak.

Correct answer: A

Explanation

The best recommendation is to retrain the model and implement privacy-preserving techniques to prevent further exposure of sensitive data. Disabling the model or limiting outputs to anonymized results may mitigate immediate risk but does not address the underlying issue of data exposure. Auditing partner data pipelines is a reactive measure and does not directly resolve the vulnerability in the model itself.