Choice of untrustworthy data source

Mitigation strategy

1. Implement a comprehensive Third-Party Risk Management (TPRM) and due diligence protocol for all external data sources and AI vendors. This requires a systematic assessment of data provenance, collection methodologies, and licensing agreements to confirm data reliability, ethical sourcing, and compliance with data protection regulations prior to ingestion or model procurement. 2. Establish a formalized Data Governance framework that mandates robust, automated data verification procedures, including data quality checks, validation techniques, and cleaning processes. These controls are to be executed against all datasets, irrespective of source, to ensure consistency, accuracy, and completeness before the data is utilized for model training. 3. Enforce strict, centralized access controls via a machine identity management system and Role-Based Access Control (RBAC) to limit data access and modification rights solely to authorized personnel. This measure minimizes the surface area for unauthorized data injection or tampering, a critical step when integrating third-party datasets or open-source models into the AI pipeline.