Skip to content
AAIR Review ManualChapter 3 › Case Study 30 / 33

Case Study

As noted in the previous chapters, Marmot Home Security is a mid-market enterprise with 3,000 employees and a customer base of over 2 million worldwide. Marmot develops and sells innovative smart home products including smart speakers, security cameras, and automated lighting systems. The company operates globally with direct-to-consumer sales through e-commerce channels and partnerships with large retailers.

Marmot has faced accelerated growth in its products and sales, and as a result, its customer service team has faced a 30% rapid growth in customer inquiries across communication channels. To address these issues, leadership has approved a strategic initiative to leverage AI, specifically the use of AI agents.

The AI agents are now deployed across phone, email, chat, and social media to assist customer service agents. Early results have shown improvements in response times and consistency of information provided, leading to increased customer satisfaction.

However, several months into operation, Marmot identifies an emerging threat related to its third-party supplier. Industry reports indicate that the supplier has been involved in a data breach, and there are concerns about the security of customer data processed through their proprietary models. This breach potentially exposes Marmot’s customer data to unauthorized access, raising significant privacy and security concerns.

  1. Which of the following is the FIRST step Marmot should take once confirming that the third-party model is affected by the data incident?
    1. Continue all operations while communicating with the supplier to confirm the extent of the incident.
    2. Suspend interactions processed through the affected third-party systems temporarily.
    3. Invoke liability clauses in the contract with the supplier to ensure Marmot is not held responsible for the incident.
    4. Extend a discount code to affected customers to compensate them for the incident.
  2. Which of the following would have MOST likely alerted Marmot to the issue with the vendor sooner than reviewing industry reports? (Select all that apply.)
    1. Leveraging vulnerability databases (e.g., OWASP AI Top Ten) to conduct vulnerability assessments for emerging threats
    2. Enabling automated monitoring and alerting systems on the APIs that Marmot uses to connect to the third-party model
    3. Including SLAs in the contract that require timely incident response reporting
    4. Reviewing AI risk scenarios related to model security regularly to ensure any changes are captured
  3. What mitigation strategy could Marmot employ after identifying the breach?
    1. Strengthen security protocols and perform encryption of data interfacing with the third-party system.
    2. Prioritize global and internal standards over specific industry standards and regulations.
    3. Redirect resources from customer service to cybersecurity enhancements without increasing overall budget.
    4. Publish all security findings internally to build trust among Marmot employees.
  4. After remediating the issue, Marmot asks to review the vendor’s model to assess performance. They discover that the model is a black box, limiting its ability to disclose information on how the model performs. Which of the following actions could help Marmot address this concern?
    1. Assess the risk level of using the black box model to determine if the risk is acceptable.
    2. Include a clause in the contract that requires access to the AI model source code.
    3. Contract with additional AI developers to reverse-engineer the AI model.
    4. Review outputs of model testing sets to review for bias and accuracy.

Chapter 3 Answer Key — Case Study

    1. Understanding the impact of the incident is an important step, but Marmot has already identified that the incident has occurred and is affecting their systems. Continuing operations may leave the system vulnerable to additional data leakage.

    2. Temporarily suspending interactions processed through the affected third-party systems is correct, as it isolates Marmot’s data from potentially compromised models, which is logical to minimize risk.

    3. Invoking liability clauses is premature at this phase, as any potential legal consequences or fines are not known. Further investigation and determination of responsibility will occur later in the incident response phase.

    4. Communication with customers and any remediations for the inconveniences caused by the breach will occur after the incident is contained and investigated.

    1. Vulnerability databases are useful tools to help organizations stay informed on new and emerging threats to AI solutions. Similar to reviewing industry reports, they are more of a passive means to identifying vulnerabilities.

    2. Automated monitoring and alerting proactively enables Marmot to identify potential incidents or new vulnerabilities in real time.

    3. Including SLAs that require timely reporting of incidents from vendors would help Marmot ensure that they are aware of potential breaches that can affect their customers’ data.

    4. While regular review of risk scenarios helps to ensure that new risk is identified and adjustments can be made, this would not alert to threats in real time.

    1. Enhancing security and encryption is a standard mitigation strategy to protect data integrity and provides Marmot with internal control to protect its information.

    2. Compliance is crucial, and prioritizing global and internal standards for industry regulations would risk legal repercussions without proper analysis.

    3. Reallocating financial resources would not necessarily ensure that the risk related to the data breach will be adequately addressed. At the same time, reducing funding from customer service assets could present additional risk.

    4. Publishing security findings internally might aid transparency but does not directly mitigate external security risk.

    1. Risk analysis should be performed on the impact of using a third-party AI model that is not transparent. Marmot may determine that any negative effects that result from using a black box model may be outweighed by the value provided from using the AI solution.

    2. The vendor may not have access to the source code of the model, or it may consider it proprietary information that requires protection from external entities. Adding a clause to the contract may not be feasible.

    3. Reverse-engineering the model may infringe copyrights and violate good business practices.

    4. Marmot may run some test cases or demos to see if the quality of the AI model outputs meets its standards and expectations. This may also enable the company to perform initial supervision to ensure the model’s results are fair and unbiased. However, due to the black box nature of the model, they will need to address the concern with the vendor.

  1. Open Web Application Security Project (OWASP), “OWASP Top 10 for LLM Applications 2025,” 17 November 2024, link
  2. OWASP AI Exchange, “AI Security Overview,” link
  3. OWASP AI Exchange, “3. Development-time threats,” link
  4. OWASP AI Exchange, “4. Runtime application security threats,” link
  5. OWASP AI Exchange, “2. Threats through use,” link
  6. US NIST National Vulnerability Database, “CVE-2019-20634 Detail,” link
  7. Wang, Q.; Kurz, D.; “Reconstructing Training Data from Diverse ML Models by Ensemble Inversion,” arXiv, 5 November 2021, link
  8. Olivera, J.M.; “Reduce risk and drive efficiency with AI-enhanced scenario modeling for horizon scanning,” IBM, 18 November 2024, link; Holtz, N.; Wittforth, S.; et al.; “Bridging Risk and Innovation: Generative AI in Scenario Creation,” Procedia Computer Science, vol. 256, 2025, p. 1888-1895
  9. Olivera, “Reduce risk and drive efficiency”
  10. Holtz, et al., “Bridging Risk and Innovation”
  11. Holtz, et al., “Bridging Risk and Innovation”
  12. Massachusetts Institute of Technology (MIT), “The MIT AI Risk Repository,” link
  13. EU AI Act, “The AI Act Explorer,” link
  14. Factor Analysis of Information Risk (FAIR) Institute, FAIR-AIR Approach Playbook: Using a FAIR-based Risk Approach to Expedite AI Adoption at Your Organization, link
  15. US NIST, AI RMF
  16. US NIST, AI RMF Playbook
  17. EU AI Act, “Article 27: Fundamental Rights Impact Assessment for High-Risk AI Systems,” link
  18. EU AI Act, “Annex III: High-Risk AI Systems Referred to in Article 6(2),” link
  19. Chan, A.; “Can AI Be Used for Risk Assessments,” ISACA Industry News, 28 April 2023, link; Wolters Kluwer, “The revolutionary impact of AI-powered risk assessment on internal audit,” 21 May 2025, link; Farmer, D.; “AI in risk management: Top benefits and challenges explained,” TechTarget, 15 July 2025, link
  20. Wolters Kluwer, “The revolutionary impact”; Farmer, “AI in risk management”
  21. Wolters Kluwer, “The revolutionary impact”
  22. Nikonov, V.; “Risks of Products with Embedded AI: (Why) Do They Cause Harm? What to Test and How to Test?,” link
  23. Fraser, H.; Bello y Villarino, J.M.; “Where Residual Risks Reside: A Comparative Approach to Art 9(4) of the European Union’s Proposed AI Regulation,” 30 September 2021, link
  24. Bracken, L.; Fehling, G.; et al.; “How Insurance Policies Are Adapting to AI Risk, Law360,” Hunton, 2 July 2025, link
  25. Bracken, et al., “How Insurance Policies Are Adapting”
  26. Sampath, S.; “Reinvigorating Subrogation in Insurance Claims,” TCS, 12 September 2025, link
  27. Oberheiden, N.; “Indemnification, Subrogation, and Related Considerations in AI Litigation,” link
  28. While these methodologies (DevOps and DevSecOps) are not strictly SDLC methodologies, they integrate the development function with IT operations and are the hallmark of nimble organizations doing frequent development and delivery.
  29. Siegel, E.; “Models Are Rarely Deployed: An Industry-wide Failure in Machine Learning Leadership,” 17 January 2022, link
  30. EU AI Act; EU AI Act, “Article 6: Classification Rules for High-Risk AI Systems,” link; EU AI Act, “Annex III High-Risk AI Systems Referred to in Article 6(2),” link
  31. European Commission, Annexes to the Proposal for a Regulation of the European Parliament and of the Council Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts, 21 April 2021, link
  32. EU AI Act
  33. Microsoft, “Responsible AI Transparency Report,” link
  34. IBM, “What is AI Ethics?,” 17 September 2024, link
  35. Google Research, “Responsible AI,” link
  36. These include the NIST AI 100-1 AI RMF 1.0, EU Ethical Guidelines for Trustworthy AI, IEEE AI Ethics, and ISO/IEC 42001:2023 Information technology – Artificial intelligence – Management system.
  37. Buolanmwini, J.; Gebru, T.; “Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification,” Proceedings of Machine Learning Research, vol. 81, 2018, p. 1-15, link
  38. IBM, “What is explainable AI?,” link; Joseph, M.; “Interpretability part 3: opening the black box with LIME and SHAP,” KDnuggets, link
  39. ISACA, Artificial Intelligence Audit Toolkit
  40. Thomas, K.; “Understanding AI risks and how to secure using Zero Trust,” LevelBlue, 12 June 2023, link
  41. Laplante, P.; Voas, J.; “Zero-Trust Artificial Intelligence?,” Computer, vol. 55, 2022, p. 10-12, link
  42. Carmichael, M.; “Key Considerations for Developing Organization Generative AI Policies,” 1 November 2023, link
  43. Baatout, A.; “Why traceability is important in artificial intelligence,” Adesso Blog, 27 November 2023, link
  44. Goodman, E.; Trehu, J.; “AI Audit-Washing and Accountability,” GMF, 15 November 2022, link
  45. Qin, J.; Yu, B.; “Metadata in Trustworthy AI: From Data Quality to ML Modeling,” Proceedings of the International Conference on Dublin Core and Metadata Applications, 2023, link
  46. ISACA, Shadow IT Audit Program, link
  47. MITRE, “ATLAS Matrix,” link
  48. Pratt, M.K.; “How AI could change threat detection,” TechTarget, 13 September 2024, link
  49. Giudici, P.; Centurelli, M.; et al.; “Artificial Intelligence Risk Measurement,” Expert Systems with Applications, vol. 235, 2024, link
  50. Brondson, C.; “Accuracy Metrics to Evaluate AI Model Performance,” Galileo, 21 February 2025, link; OECD.AI, “Catalogue of Tools & Metrics for Trustworthy AI,” link; Version 1, “AI Metrics: The Science and Art of Measuring Artificial Intelligence,” 24 November 2023, link
  51. Chinoy, H.; Liu, A.; “Measuring gen AI success: A deep dive into the KPIs you need,” Google Cloud Blog, 25 November 2025, link
  52. Chinoy and Liu, “Measuring gen AI success”
  53. Chinoy and Liu, “Measuring gen AI success”
  54. Pantelides, M.; “The definitive guide to AI for the board pack,” Board Intelligence, link; Haase, G.; “What Boards Must Know about AI Now,” BoardCloud, link
  55. Domo, “AI vs BI Explained: Differences and How They Work,” link; Stedman, C.; “What is business intelligence (BI)? A detailed guide,” TechTarget, 16 December 2024, link
  56. Domo, “AI vs BI Explained”; Stedman, “What is business intelligence (BI)?”; K, S.; “Driving Effective Risk Management through Business Intelligence,” 3 August 2023, link
  57. An optimization algorithm used to train models in order to minimize the errors between predicted and actual results