Proprietary Framework · AI Security

NS-AISCA v1.0

The Nucleus Systems AI Security Controls Architecture — a comprehensive, technically grounded security framework for AI systems, models, pipelines, and infrastructure. The technical security counterpart to NS-AIGF's governance layer, covering the attack surfaces that general cybersecurity frameworks do not reach.

108Security Controls

12Security Domains

5Maturity Levels

GenAINative Coverage

AgenticAI Coverage

Controls 108 AI Security Controls across 12 Security Domains Threats Adversarial ML · Data Poisoning · Model Extraction · Prompt Injection Maturity 5 Maturity Levels · 5 Evidence Grades · Structured Scoring GenAI Native LLM Coverage · RAG Security · Agentic Pipeline Controls Aligned OWASP LLM Top 10 · MITRE ATLAS · NIST AI RMF · ISO 42001 Testing LLM Red Teaming · Adversarial Testing · Model Robustness Output AI Security Posture Report · Threat Model · Remediation Roadmap Controls 108 AI Security Controls across 12 Security Domains Threats Adversarial ML · Data Poisoning · Model Extraction · Prompt Injection Maturity 5 Maturity Levels · 5 Evidence Grades · Structured Scoring GenAI Native LLM Coverage · RAG Security · Agentic Pipeline Controls Aligned OWASP LLM Top 10 · MITRE ATLAS · NIST AI RMF · ISO 42001 Testing LLM Red Teaming · Adversarial Testing · Model Robustness Output AI Security Posture Report · Threat Model · Remediation Roadmap

Why NS-AISCA Was Built

General cybersecurity frameworks treat AI systems like any other IT asset. They are not. AI models have unique attack surfaces — adversarial inputs, training data poisoning, model extraction, prompt injection, hallucination exploitation, and agentic autonomy risks — that require specialised security controls that ISO 27001, NIST CSF, and CIS Controls were not designed to address.

NS-AISCA fills this gap with 108 controls spanning 12 domains, organised to cover the full AI system lifecycle from data ingestion through model training, deployment, monitoring, and decommissioning. It maps to OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF MANAGE function, and EU AI Act Art. 9 post-market monitoring requirements.

Together with NS-AIGF (governance) and NS-CTAF (software trust), NS-AISCA forms the technical security pillar of Nucleus Systems' integrated AI and software trust architecture — ensuring that AI systems are not only governed correctly but secured technically against the attack vectors that are actively exploited today.

The Gap

Standard security frameworks don't cover AI

Prompt injection, model inversion, training data poisoning, adversarial evasion, and agentic autonomy risks are not addressed by ISO 27001 controls, CIS benchmarks, or NIST CSF — they require a dedicated AI security control architecture.

The Threat Model

Attacks demonstrated in production in 2024–2026

Prompt injection bypassing corporate AI guardrails. Model inversion extracting sensitive training data. Supply chain compromise via poisoned foundation models. Agentic AI systems taking irreversible actions when manipulated.

The Architecture

108 controls across the full AI lifecycle

From training data ingestion and model development through MLOps pipeline, deployment, runtime monitoring, and decommissioning — every stage of the AI lifecycle has purpose-built security controls.

Framework Architecture

12 Security Domains & Coverage

108 controls across 12 domains covering the full AI system lifecycle. Domain architecture reflects the layered nature of AI security — from training data integrity at the foundation through to supply chain trust and compliance assurance at the outer boundary.

D1D1

D2D2

D3D3

D4D4

D5D5

D6D6

D7D7

D8D8

D9D9

D10D10

D11D11

D12D12

D1 — Data Security & IntegrityTraining Data Protection & Pipeline IntegrityTraining data validation, poisoning detection, data provenance tracking, pipeline integrity controls, and dataset access governance. The security of the model begins with the security of the data it was trained on.

DATAFOUNDATION LAYER

D2 — Model SecurityModel File Integrity & Access GovernanceModel file integrity verification, serialisation security (pickle/ONNX/safetensors), model access controls, weight encryption, model registry governance, and anti-tampering controls for stored model artefacts.

MODELARTEFACT LAYER

D3 — Adversarial RobustnessEvasion Attack Resistance & Robustness TestingInput validation and sanitisation, adversarial example testing, evasion attack resistance, robustness benchmarking against the current MITRE ATLAS threat catalogue, and continuous adversarial red-teaming integration into the release lifecycle.

ROBUSTATTACK RESISTANCE

D4 — LLM & GenAI SecurityPrompt Injection, Output Validation & System Prompt SecurityPrompt injection prevention (OWASP LLM #1), system prompt hardening, output content filtering and validation, hallucination risk controls, jailbreak resistance, indirect prompt injection via RAG systems, and multi-turn conversation security.

LLMGENAI SECURITY

D5 — Agentic AI SecurityAgent Boundary Controls & Autonomy ConstraintsAction scope limits preventing irreversible operations, tool use authorisation and least-privilege enforcement, human-in-the-loop gates for high-risk agent actions, multi-agent trust architecture, kill-switch capability, and agent action audit logging.

AGENTAUTONOMY CONTROLS

D6 — MLOps & Pipeline SecurityML CI/CD Hardening & Experiment SecurityCI/CD pipeline security for ML workflows, experiment tracking security (MLflow/W&B), model versioning controls and change governance, deployment pipeline integrity, and runner/compute security for training and fine-tuning jobs.

MLOPSPIPELINE LAYER

D7 — Infrastructure SecurityGPU/TPU Security & Inference Endpoint HardeningGPU and TPU compute security, inference endpoint API hardening, rate limiting and abuse prevention, compute isolation and multi-tenancy controls, and model serving infrastructure security for cloud and on-premise deployments.

INFRACOMPUTE LAYER

D8 — Privacy & Inference AttacksMembership Inference Defence & Differential PrivacyMembership inference attack defences, model inversion prevention, differential privacy implementation, data minimisation enforcement, PII detection in model outputs, and training data extraction attack resistance (GDPR/POPIA alignment).

PRIVPRIVACY LAYER

D9 — Supply Chain SecurityThird-Party Model Vetting & Dataset ProvenanceThird-party and open-source model vetting, pre-trained model integrity verification (cryptographic), dataset provenance and origin documentation, open-source AI component risk scoring, and foundation model supply chain monitoring.

SUPPLYCHAIN LAYER

D10 — Monitoring & DetectionRuntime Anomaly Detection & Model Drift MonitoringRuntime behavioural anomaly detection, model performance and output drift monitoring, adversarial input detection in production, security telemetry integration with SIEM, and continuous model health monitoring aligned to EU AI Act Art. 9 post-market monitoring obligations.

MONRUNTIME LAYER

D11 — Incident ResponseAI-Specific Incident Classification & RollbackAI-specific incident classification (model failure vs. security compromise vs. adversarial attack), model rollback and recovery procedures, post-incident forensic analysis of model behaviour, and regulatory notification for AI security incidents per EU AI Act Art. 73.

IRRESPONSE LAYER

D12 — Compliance & AssuranceOWASP LLM Top 10, MITRE ATLAS & Regulatory ReportingOWASP LLM Top 10 alignment, MITRE ATLAS threat catalogue mapping, regulatory reporting for AI security incidents, third-party AI security audit readiness, and evidence packaging for EU AI Act conformity assessment.

COMPASSURANCE LAYER

Framework Specification

NS-AISCA provides the technical security control layer that AI governance frameworks reference but do not define — mapping every AI-specific attack vector to a specific, scored, evidence-backed control.

Controls	108 fully defined security controls across 12 domains — each addressing one specific AI security requirement with evidence standards, implementation guidance, and threat model reference (MITRE ATLAS, OWASP LLM Top 10).
Maturity Scale	L1 Initial → L2 Developing → L3 Defined → L4 Managed → L5 Optimised. Each level has domain-specific criteria. L3 is the baseline for EU AI Act Art. 9 post-market monitoring compliance and ISO 42001 §9.1 monitoring readiness. L1 InitialL2 DevelopingL3 DefinedL4 ManagedL5 Optimised
Threat Alignment	Every control maps to relevant threat catalogues and regulatory obligations: OWASP LLM Top 10 (prompt injection, insecure output handling, training data poisoning, model theft) · MITRE ATLAS (adversarial ML tactics and techniques) · NIST AI RMF MANAGE function · EU AI Act Art. 9 & 12 post-market monitoring and logging requirements.
Integration with NS-AIGF	NS-AISCA is the technical security layer that NS-AIGF's D6 AI Security domain references. The two frameworks are designed to work in parallel — NS-AIGF establishes the governance mandate; NS-AISCA defines the specific technical controls that fulfil it. D6 controls in NS-AIGF (GV-29–35, PR-86–95) each have corresponding NS-AISCA domain controls for technical implementation.
Delivery Model	Structured technical assessment delivered by Nucleus AI security specialists. Domain scoping based on AI deployment profile (LLM, predictive, agentic, embedded). Deliverables: domain maturity scores, threat exposure map, prioritised remediation roadmap, and regulatory evidence package for EU AI Act technical documentation (Art. 11).

Secure your AI systems against the attack vectors that governance alone cannot address

We assess your AI security posture across all 12 domains and deliver a prioritised technical remediation roadmap — from prompt injection defence to agentic AI boundary controls.

Request an assessment →Explore Core Pillar 2B →