Endpoints

User interfaces, APIs, endpoint protection, EDR, and mobile security for AI systems.

📖
Endpoints Domain Handbook (v3.0)
Full v3.0 practitioner reference, Parts I–V, all 12 practices, 108-question assessment workbook with scoring methodology and improvement roadmap
Read the Handbook →

⚖ Governance

Strategy & Metrics (SM)

Stand up an AI/HAI Endpoint Assurance program that discovers, inventories, and strategically governs all AI/HAI-enabled endpoints and user-facing AI interfaces the organization operates, with shadow endpoint AI prevention as the primary L1 outcome and a defensible risk-tier rubric as the primary L2 deliverable.

☑ Questionnaire

Explore →

Policy & Compliance (PC)

Publish the priority policies and compliance map that make the AI/HAI Endpoint Assurance program enforceable, so every AI/HAI-enabled endpoint and user-facing AI interface the organization operates is governed by a documented set of rules, gated before it goes live, and defensible to auditors and regulators.

☑ Questionnaire

Explore →

Education & Guidance (EG)

Build the AI-assurance literacy every endpoint user needs when interacting with AI/HAI-enabled endpoint tools and the practitioner skills the smaller population performing endpoint AI reviews, customer-facing AI security assessments, mobile AI security testing, and edge AI threat modeling must have, with shadow AI on endpoints awareness as the primary L1 cultural outcome.

☑ Questionnaire

Explore →

⚒ Building

Threat Assessment (TA)

Build and maintain a reusable threat library for AI/HAI-enabled endpoints and user-facing AI interfaces the organization deploys, one archetype-level threat model per endpoint AI type, so every endpoint AI entering the inventory produces a threat snapshot in minutes rather than a blank-page exercise.

☑ Questionnaire

Explore →

Security Requirements (SR)

Translate the threats from TA-Endpoints and the policies from PC-Endpoints into a reusable Requirements Pack for AI/HAI-enabled endpoints and user-facing AI interfaces the organization deploys, a base set plus per-archetype deltas, so every endpoint AI deployment carries a testable Requirements-Evidence Map (REM) rather than a blank slate.

☑ Questionnaire

Explore →

Security Architecture (SA)

Publish the reference architectures for safely deploying each AI/HAI endpoint archetype the organization uses, so IT, endpoint engineering, and product teams have a vetted "green path" that already implements SR-Endpoints requirements and contains the threats identified by TA-Endpoints.

☑ Questionnaire

Explore →

✓ Verification

Design Review (DR)

Operate the design checkpoint between intake approval and deployment for every new AI/HAI-enabled endpoint or user-facing AI interface, confirming the proposed design follows the applicable SA-Endpoints reference pattern, covers the SR-Endpoints requirements pack, and documents residual risks before rollout begins.

☑ Questionnaire

Explore →

Implementation Review (IR)

Verify, at deployment and on a recurring cadence, that the actual configuration of AI/HAI-enabled endpoints and user-facing AI interfaces matches the design approved at DR, and that it stays there as the endpoint evolves.

☑ Questionnaire

Explore →

Security Testing (ST)

Prove that every AI/HAI-enabled endpoint and user-facing AI interface behaves correctly under adversarial conditions, by running a foundational per-archetype test battery, maintaining versioned regression corpora, and escalating to scheduled per-tier red-team and continuous adversarial testing at higher maturity levels.

☑ Questionnaire

Explore →

⚙ Operations

Issue Management (IM)

Run the single unified backlog for AI/HAI endpoint issues across the Endpoints domain, findings from TA-Endpoints, SR-Endpoints, DR-Endpoints, IR-Endpoints, ST-Endpoints, ML-Endpoints, and external advisories, with a tier-calibrated incident playbook containing AI-specific containment plays for the primary endpoint incident classes, and regulatory SLA tracking (GDPR Art. 33, EU AI Act Art. 50 transparency failure remediation, EU AI Act Art. 73 serious-incident reporting, HIPAA, PCI-DSS endpoint breach, sector-specific).

☑ Questionnaire

Explore →

Environment Hardening (EH)

Harden the identity, endpoint-runtime, data-flow, mobile/edge integrity, and customer-facing envelopes that surround every AI/HAI-enabled endpoint and user-facing AI interface the organization deploys or offers, so sanctioned AI use is frictionless, unsanctioned use is observable, and regulated data cannot silently transit unapproved AI surfaces.

☑ Questionnaire

Explore →

Monitoring & Logging (ML)

Establish the logging baseline per AI/HAI endpoint archetype, operate a small high-signal detection set targeted at the top TA-Endpoints threats, and produce the evidence trail that proves EU AI Act Art. 12 and Art. 50 deployer duties, GDPR Art. 30 processor obligations, and ISO/IEC 42001 AIMS requirements, on demand, inside a published SLA.

☑ Questionnaire

Explore →