Before deploying that “AI-powered threat detector” your vendor is promoting, pause to consider a key risk: a single tainted data source can flood SOC teams with false positives and obscure real threats.

To better understand the risk, send your vendor a simple 3-question provenance check:

Subject: AI Model Provenance and Data Integrity – Request for Information

Hello [Vendor],

Before deploying your system, could you confirm:

1. Can you provide an attested bill of materials for the model’s training data?

2. Are the live data feeds restricted to a signed, pre-approved whitelist?

3. Can you supply yesterday’s model checksum to confirm no unauthorized changes?

If you are unable to confirm any of these points, please advise which parts of the system rely on unverified data and what actions we should take to minimize risk.

Thank you, [Your Name]

If their response is unclear, review downstream decision-making and adjust or disable functionality that could be impacted by unverified data sources - and engage your vendor to address gaps.

→ Download CISA’s 11-page “AI Data Security” brief (page 4 outlines the three gates) to see why these checks are now part of federal guidance.