AI System Inventory
Description
Document and continuously map AI systems in use (NIST AI-RMF MAP 1.1). EchelonGraph's first-class CRD watch surfaces every shadow AI workload deployed to your cluster — the data-science team's GPU pod that bypassed your CI gate now appears in the Asset Inventory.
⚠️ Risk Impact
Shadow AI workloads (KServe, Kubeflow, Ray, Seldon CRDs) bypass governance boards and security review. EU AI Act fines: €35M or 7% of global turnover for missing risk-management documentation on high-risk AI.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as high-severity findings with remediation guidance.
🔧 Remediation
Maintain an authoritative inventory of AI/ML workloads with owner + risk class + acceptable-use policy. EchelonGraph generates this automatically from live cluster state.
💀 Real-World Attack Scenario
A data scientist deployed a Kubeflow Notebook with cluster-admin RBAC during a model evaluation sprint. The Notebook had a public LoadBalancer Service exposing JupyterLab. An attacker scanned for exposed Notebooks, found this one, and used the cluster-admin token to exfiltrate every Secret in the cluster. EchelonGraph would have flagged the workload + RBAC combo as high-risk on the first scan tick.
📋 Audit Questions
- 1.Show your AI/ML workload inventory.
- 2.Who approved deploying KServe / Kubeflow / Ray to production?
- 3.How quickly can you produce evidence of every AI workload running in your environment for an EU AI Act audit?
🎯 MITRE ATT&CK Mapping
📈 Business Value
Live AI workload inventory turns an EU AI Act 'fail with €35M fine' into a 5-minute evidence export. No competitor ships this productized today.
🔗 Cross-Framework References
Automate AI Workload Compliance AIRMF-MAP-1.1 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →