A modular guidebook structure for operationalizing AI governance across cybersecurity and beyond. Volume 1: AI Cybersecurity is the current engagement scope.
In Scope — Current Engagement
Recommended Addition
Future Phase (italic)
Section 1
Volume 1 — AI Cybersecurity Guidebook
Chapters organized by security posture: prevention (left) and detection & containment (right). Client priority is detection & containment — we recommend strengthening that pillar.
🛡
Prevention & Hardening
In Scope
Ch 1 · Data Governance & Privacy for GenAI
Data classification, PIPL/GDPR alignment, consent for training data
In Scope
Ch 2 · Data Lineage for RAG/Vector Stores
Provenance tracking, classification of embeddings, retrieval access controls
In Scope
Ch 3 · Secure GenAI Development Lifecycle
Secure-by-design principles for AI/ML pipelines, model risk tiers
In Scope
Ch 4 · AI Code Generator Usage
Guardrails for Copilot/Cursor, code review gates, IP & license risk
AI gateway monitoring, anomaly detection on model I/O, rate limiting
In Scope
Ch 11 · AI Information System Periodic Review
Audit cadence, drift detection reviews, control effectiveness testing
In Scope
Ch 12 · Testing & Evaluation for GenAI
Red teaming, adversarial testing, evaluation benchmarks, pen testing for AI
Recommend
Ch 13 · AI Incident Response & Forensics
Playbooks for model compromise, data poisoning, prompt injection in prod, chain-of-custody for AI artifacts
Recommend
Ch 14 · AI Threat Detection & Telemetry
SIEM/SOAR use cases for AI, logging standards, UEBA for model access, AI-specific IOCs
Recommend
Ch 15 · AI-Specific DLP & Data Exfiltration Controls
Preventing sensitive data leakage via prompts, model outputs, fine-tuning data, and RAG retrievals
Future
Ch 16 · Compliance & Regulatory Alignment
EU AI Act, PIPL, sector-specific AI regulation mapping
Future
Ch 17 · Education & Awareness for AI Security
Role-based training, phishing/social engineering with AI, developer secure-coding for AI
Recommendation The client's stated priority is detection & containment, but the current scope has 8 prevention chapters vs. 4 detection chapters. Adding Chapters 13--15 rebalances the guidebook toward the client's priority and creates a more complete detection & containment posture. These three additions also naturally connect to the client's existing SOC and SIEM/SOAR investments.
Section 2
The Bigger Picture — AI Governance Library
AI Cybersecurity is Volume 1. Below is the full set of governance volumes we recommend the client build toward. Each follows the same guidebook format for consistency.
Training data sourcing & labelingSynthetic data policiesData retention & lineage for AICross-border data flows for AI workloads
Volume 5
AI Operations & MLOps
Model lifecycle & versioningMonitoring drift & performance decayRetraining triggers & rollback proceduresCost governance for AI compute
Volume 6
AI Vendor & Third-Party Risk
SaaS AI tool evaluation frameworkModel-as-a-Service risk assessmentFoundation model supply chainAPI & integration security for AI vendors
Volume 7
AI Regulatory & Compliance
EU AI Act risk tier mappingPIPL & sector-specific requirementsAI audit & assurance standardsRegulatory horizon scanning process
Mix & Match Approach Each volume is self-contained. The client can prioritize volumes based on maturity and urgency — starting with Cybersecurity (Volume 1), then layering in Governance (Volume 2) and Vendor Risk (Volume 6) as AI adoption scales. This creates a natural multi-phase engagement rather than a single deliverable.