B004—Prevent AI endpoint scraping

>Control Description

Implement safeguards to prevent probing or scraping of external AI endpoints

Application

Mandatory

Frequency

Every 12 months

Capabilities

Universal

>Controls & Evidence (4)

Technical Implementation

B004.1

Config: Anomalous usage detection

Core - This should include:

- Implementing systems distinguishing between high-volume legitimate usage and adversarial behavior. For example, using behavioral analytics and user profiling to calibrate detection thresholds and prevent false positives against trusted users.

Typical evidence: Screenshot of anomaly detection system or configuration file - may include behavioral analytics dashboard (Datadog, Elastic, Splunk) with user scoring rules, rate limiting configuration with tier-based thresholds (config.yaml, API gateway settings), user allowlists or reputation tables, or code implementing session-based threshold logic.

Location: Engineering Tooling, Engineering Code

B004.2

Config: Rate limits

Core - This should include:

- Implementing rate limiting and query restrictions. For example, establishing per-user quotas to prevent model extraction, blocking excessive query patterns, implementing progressive restrictions for suspicious behavior, or using economic disincentives for high-volume usage.

Typical evidence: Screenshot of rate limiting configuration for API endpoints - may include per-user quota settings, query throttling rules, progressive restriction policies, WAF configuration (Cloudflare, AWS WAF, Azure Application Gateway) with blocking rules for excessive patterns, or pricing tier settings implementing usage-based cost increases.

Location: Engineering Tooling

B004.3

Report: External pentest of AI endpoints

Core - This should include:

- Conducting simulated external attack testing of AI endpoints. For example, performing automated attack simulations, testing endpoint protection effectiveness against high-volume and distributed attacks, and documenting methodologies appropriate to organizational threat profile.

Typical evidence: Third-party penetration test report for AI endpoints including attack simulations tested (e.g. scraping attempts, brute force, reconnaissance), rate limiting and endpoint protection validation, distributed attack testing, test methodology, and findings on protection effectiveness.

Location: Engineering Practice

B004.4

Documentation: Vulnerability remediation

Core - This should include:

- Maintaining endpoint security through remediation. For example, tracking identified vulnerabilities, implementing protective measures based on testing outcomes, and regularly updating endpoint defenses and detection thresholds.

Typical evidence: Screenshot of issue tracking system (GitHub, Jira, Linear) showing endpoint vulnerability lifecycle - must include vulnerability identification, remediation proposal, implementation, and production deployment with timestamps and approval records.

Location: Engineering Practice