How should we assess model security?

Use a structured methodology combining quantitative metrics and expert judgment. Assess probability and severity across multiple dimensions. Establish ongoing monitoring with defined thresholds triggering formal review.

What documentation is required?

Risk management plan, assessment results, mitigation measures, residual risk analysis, and monitoring data. For high-risk systems, this forms part of the technical documentation required under Article 11 and Annex IV.

How does this integrate with existing risk management?

Extend existing enterprise risk frameworks to incorporate AI-specific risk factors. This avoids duplication, ensures board visibility, and leverages established governance structures.

Quick answer

AI models can be reverse-engineered through systematic querying, exposing proprietary algorithms and training data. Model extraction attacks threaten competitive advantage and may compromise the integrity of security-critical AI systems.

Updated June 2026 · MmowW AI Compliance

AI Model Extraction and Theft Risk: Protecting Intellectual Property

Risk Landscape

Understanding model security is essential for organisations deploying AI systems under the EU AI Act. Article 9 mandates comprehensive risk management for high-risk systems covering the entire lifecycle. Even for lower-risk applications, structured risk governance demonstrates responsible AI practices and prepares organisations for evolving regulatory expectations.

This risk intersects with multiple regulatory provisions. Data governance (Article 10), transparency (Article 13), human oversight (Article 14), and robustness (Article 15) all contribute to effective management. The interconnected nature of AI risks means that addressing model security in isolation is insufficient — it must be part of an integrated risk management framework.

Assessment Framework

Effective risk assessment combines quantitative metrics with qualitative expert judgment. Consider both probability and severity of potential harms across multiple dimensions: fundamental rights impact, safety consequences, operational disruption, and reputational damage. Use structured methodologies such as FMEA, bow-tie analysis, or scenario planning adapted for AI-specific risk factors.

Assessment must be ongoing, not a one-time compliance exercise. Establish monitoring dashboards with defined thresholds that trigger formal review when metrics exceed acceptable bounds. The EU AI Act's post-market monitoring requirement (Article 72) codifies this principle for high-risk systems, but best practice extends continuous monitoring to all AI deployments.

Mitigation and Controls

Mitigating model security requires layered defences combining technical controls (system design, testing, monitoring), organisational controls (governance, roles, training), and procedural controls (documented processes, escalation paths, incident response). No single control is sufficient — defence in depth is the guiding principle.

Residual risk must be documented and communicated to deployers through instructions for use (Article 13). The risk management process should explicitly assess whether residual risks are acceptable given the AI system's benefits and the availability of alternative approaches. Where residual risks are significant, additional safeguards or deployment restrictions may be necessary.

Governance Integration

Integrate AI risk management into existing enterprise risk frameworks rather than creating isolated AI risk silos. This ensures AI risks receive appropriate board-level visibility, governance attention, and resource allocation alongside other organisational risks.

Documentation must be maintained for the AI system's lifetime plus 10 years (Article 18). Build risk documentation practices that are sustainable at scale — templated where appropriate, automated where possible, and integrated with existing GRC tooling.

Check your AI compliance readiness — free.

Take the Readiness Check 3 minutes · 10 questions · no signup required

This article is for informational purposes only and does not constitute legal advice. Regulatory requirements change frequently — verify current rules with official sources. Built by Sawai Gyoseishoshi Office, Hiroshima, Japan.