Basic Concept: Assessing attack probability and impact for ML systems requires a resource specifically built to catalog real-world adversarial attacks against AI and ML systems, including documented techniques with associated impact information. CompTIA SecAI+ Exam Objectives identify MITRE ATLAS as the authoritative ML threat landscape resource.
Why B is Correct: MITRE ATLAS is specifically designed as a comprehensive knowledge base of adversarial tactics, techniques, and case studies targeting AI and ML systems. It catalogs real-world attacks with associated probability factors derived from actual incidents and provides impact assessments for various attack types including data poisoning, model evasion, model extraction, and inference attacks. This directly enables the probability and impact assessment the team requires.
Why A is Wrong: The CVE AI working group focuses on identifying and cataloging specific vulnerability instances in AI software components. While useful for vulnerability management, it does not provide the comprehensive threat landscape coverage with probability and impact assessments for ML-specific attack tactics that ATLAS provides.
Why C is Wrong: The MIT risk repository is an academic resource cataloging general AI-related risks. It is research-oriented and does not provide the practitioner-focused, operational attack taxonomy and case study library that MITRE ATLAS offers for ML threat modeling.
Why D is Wrong: OWASP provides application security guidance including the OWASP LLM Top 10. While valuable for LLM-specific risks, OWASP does not provide the comprehensive ML threat landscape coverage or the probability and impact data that MITRE ATLAS offers for assessing the full spectrum of ML attack scenarios.
