Verify AI Model Source and Integrity
Ensure AI models and their details are authentic and unchanged.
Plain language
This control is about making sure that the artificial intelligence (AI) models your business uses come from reliable sources and haven't been tampered with. It's important because if you use an AI model that's been altered or is fraudulent, it could lead to incorrect decisions, potential data breaches, or a loss of trust from your clients.
Framework
ASD Information Security Manual (ISM)
Control effect
Detective
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2025
Control Stack last updated
07 May 2026
E8 maturity levels
N/A
Guideline
Guidelines for software developmentOfficial control statement
The source and integrity of artificial intelligence models, structures and weights are verified.
Why it matters
Using unverified AI model structures/weights can enable tampering or poisoned models, causing unsafe outputs, data exposure and loss of trust.
Operational notes
Only ingest models from trusted sources; verify signatures/checksums for model files, structures and weights, and re-validate after updates and transfers.
Implementation tips
- The IT team should confirm the source of AI models by obtaining them from reputable vendors or official repositories. They can ensure authenticity by checking digital signatures or using trusted supplier channels.
- Managers should establish a policy to regularly verify the integrity of AI models. They can do this by planning routine checks for unauthorised changes, using checksums or hash values to see if the model has been altered.
- Procurement should work closely with IT to only purchase AI software or services from providers who offer transparency about their sources. Ensure contracts include clauses about the authenticity and integrity of AI products.
- The system owner should maintain detailed records of all AI models, including origin, version, and any updates. They can use a secure database to catalogue this information, ensuring it's regularly updated.
- Staff training personnel should ensure all employees understand the importance of using verified AI models. This can include workshops and informational sessions so that all team members are aware of the risks of using unchecked models.
Audit / evidence tips
- AskA list of all AI models in use: Request documentation that includes the origin and versioning information of each model. Look to verify that all models list a reputable source and have a trail of updates GoodWill show a clear sourcing trail and version history
- AskTo see the procurement policy related to AI software: Request the policy document that outlines how AI models are verified for authenticity GoodShould demonstrate a well-defined process for verification
- AskEvidence of regular integrity checks on AI models: Request logs or reports detailing how often and when the checks are conducted GoodWill have regular time stamps and any issues documented with actions taken
- AskTraining records related to AI integrity: Request attendance logs or materials from workshops that educate staff about the importance of AI model integrity GoodWill include training dates, attendees, and key learning outcomes
- AskTo review any incident reports concerning AI model integrity breaches: Request to see documentation of any past incidents where an AI model’s integrity was questioned GoodIncludes a detailed narrative of the incident and corrective actions undertaken
Cross-framework mappings
How ISM-2086 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (2) expand_less | ||
| Annex A 5.21 | ISM-2086 requires that AI model source and integrity are verified to prevent unauthorised or malicious model substitution and tampering | |
| Annex A 8.30 | ISM-2086 requires that the source and integrity of AI models (including structures and weights) are verified to ensure they are authentic... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.