GRC Store

Search / finos-ccc/ccc.genai.th / v2026.06-rc5

Release · v2026.06-rc5

FINOS-CCC/CCC.GenAI.TH Threat Catalog

FINOS-CCC/CCC.GenAI.TH

Threats for Generative AI Platform technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1
$grcli unpack --repository finos-ccc/ccc.genai.th --tag v2026.06-rc5
Coordinate
oci.grc.store/finos-ccc/ccc.genai.th:v2026.06-rc5
Manifest digest
sha256:e07be43964628fca27d3a8127a77b7c294cf7f9b0cfa21279a3eb82f78e69c24

Provenance

1 layer
Digest Media type Size
5e8b69ea7819… application/vnd.gemara.artifact.v1+yaml 12.5 KiB
Bundle config blob 
{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.GenAI.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.genai.th",
            "tag": "v2026.06-rc5"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "1",
          "GITHUB_RUN_ID": "26771723499",
          "GITHUB_SHA": "a9503345caf59a144d8ab9b4bede212b393ca56a",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/ai-ml/gen-ai/threats.yaml",
            "uri": "file://artifacts/ai-ml/gen-ai/threats.yaml",
            "digest": {
              "sha256": "5e8b69ea7819fb9109ebbc4ec3b96f4b55afed41495808ae0cf9219c157a6622"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@a9503345caf59a144d8ab9b4bede212b393ca56a",
            "digest": {
              "gitCommit": "a9503345caf59a144d8ab9b4bede212b393ca56a"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26771723499",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26771723499-1",
          "startedOn": "2026-06-01T17:46:24.985548532Z",
          "finishedOn": "2026-06-01T17:46:25.176347067Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "5e8b69ea7819fb9109ebbc4ec3b96f4b55afed41495808ae0cf9219c157a6622"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.GenAI.TH",
      "role": "artifact"
    }
  ]
}

CCC Generative AI Platform Threats

Threats for Generative AI Platform technologies, as defined by the FINOS Common Cloud Controls project.

ID
CCC.GenAI.TH
Version
v2026.06-rc5
Gemara version
v1.2.0
Author
FINOS Common Cloud Controls

Ingestion

The Ingestion group covers entries related to how a service receives or retrieves data, inputs, or commands for processing. This includes both active (pull-based) and passive (push-based) ingestion patterns.

  1. CCC.GenAI.TH01 Prompt Injection

    Prompt injection may occur when crafted input is used to manipulate the GenAI model's behaviour, resulting in the generation of harmful or unintended outputs. Prompt injection can be either direct (performed via direct interaction with the model) or indirect (performed via external sources ingested by the model). Both text-based and multi-modal prompt injection is possible.

    Capabilities
    • CCC.Core.Capabilities
      • CCC.Core.CP14API Access
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP15Text-Based Prompts
      • CCC.GenAI.CP16Structured Prompts
      • CCC.GenAI.CP17Contextual Prompts
      • CCC.GenAI.CP18Interactive Prompts
      • CCC.GenAI.CP19Image-Based Prompts
      • CCC.GenAI.CP20Custom Template Prompts
      • CCC.GenAI.CP21Generate Content
      • CCC.GenAI.CP24Content Moderation

  2. CCC.GenAI.TH02 Data Poisoning

    Data poisoning occurs when training, fine-tuning or embedding data is tampered with in order to modify the model's behaviour, for example steering it towards specific outputs, degrading performance or introducing backdoors.

    Capabilities
    • CCC.Core.Capabilities
      • CCC.Core.CP02Encryption at Rest Enabled by Default
      • CCC.Core.CP06Identity-Based Access Control
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP03Embedding Model Selection
      • CCC.GenAI.CP06Customizable Model Selection
      • CCC.GenAI.CP21Generate Content
      • CCC.GenAI.CP22Data Control
      • CCC.GenAI.CP24Content Moderation

Data Resilience

The Data Resilience group covers entries related to ensuring data availability, integrity, and sovereignty across its lifecycle. This includes replication, backup, recovery, region restrictions, and protection against data loss or corruption.

  1. CCC.GenAI.TH03 Sensitive Information Disclosure

    Sensitive data can be memorised by the model from user interaction or training and may then be leaked to unintended and unauthorised parties by querying the model, for example through crafted prompts.

    Capabilities
    • CCC.Core.Capabilities
      • CCC.Core.CP02Encryption at Rest Enabled by Default
      • CCC.Core.CP06Identity-Based Access Control
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP22Data Control
      • CCC.GenAI.CP22Plugin Integrations

Machine Learning

The Machine Learning group covers entries related to building, training, deploying, and managing ML models and AI systems. This includes development environments, experiment tracking, model registries, inference, generative AI, prompt engineering, and model governance.

  1. CCC.GenAI.TH04 Insecure / Unreliable Model Output

    A GenAI model may generate content that is incorrect, misleading or harmful, such as convincing misinformation (hallucinations) or vulnerable or malicious code, due to its reliance on statistical patterns rather than factual understanding. Directly using this flawed output without validation can lead to system compromises, poor decision-making, and legal or reputational damage.

    Capabilities
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP03Embedding Model Selection
      • CCC.GenAI.CP06Customizable Model Selection
      • CCC.GenAI.CP07Parameter Tuning - Temperature
      • CCC.GenAI.CP08Parameter Tuning - Max Token
      • CCC.GenAI.CP09Parameter Tuning - Top P (Nucleus Sampling)
      • CCC.GenAI.CP10Parameter Tuning - Top K
      • CCC.GenAI.CP11Parameter Tuning - Stop Sequences
      • CCC.GenAI.CP12Parameter Tuning - Frequency Penalty
      • CCC.GenAI.CP13Parameter Tuning - Temperature
      • CCC.GenAI.CP14Parameter Tuning - Context Length
      • CCC.GenAI.CP21Generate Content
      • CCC.GenAI.CP25Content Moderation

  2. CCC.GenAI.TH05 Model Overreliance

    Model overreliance and misplaced implicit trust in the output of a GenAI model may lead to the acceptance of inaccurate, biased or insecure outputs without proper validation or oversight, potentially resulting in operational failueres, compliance breaches and flawed decision making.

    Capabilities
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP21Generate Content

  3. CCC.GenAI.TH06 Unintended Action by a Model-Based Agent

    A model-based agent, given the authority to execute tools or interact with APIs, may perform an action that is harmful, incorrect, or not aligned with the user's true intent in response to a prompt. This can be caused by the model misinterpreting an ambiguous prompt or being manipulated by an adversary into misusing its delegated authority.

    Capabilities
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP21Plugin Integrations

  4. CCC.GenAI.TH08 Model Tampering

    Supply chain risks, including tampering with a model's core components at any stage of its lifecycle—from its source code and training data to the final deployable artifact—may result in embedding backdoors or adversarial triggers altering model behaviour under certain conditions.

    Capabilities
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP01Text-Based Model Selection
      • CCC.GenAI.CP02Code-Based Model Selection
      • CCC.GenAI.CP03Embedding Model Selection
      • CCC.GenAI.CP04Image-Based Model Selection
      • CCC.GenAI.CP04Multimodal Model Selection
      • CCC.GenAI.CP04Customizable Model Selection

  5. CCC.GenAI.TH10 Model Version Drift

    An update to a managed GenAI model may cause unpredictable and breaking changes in its outputs, alignment, and performance. Systems built and tested against the previous version's specific behavior can suddenly fail or become insecure, as their functional and safety assumptions are no longer valid.

    Capabilities
    • CCC.Core.Capabilities
      • CCC.Core.CP18Versioning

Access Control

The Access Control group covers entries related to authentication, authorization, and trust perimeter enforcement. This includes multi-factor authentication, least privilege access, network access rules, and prevention of unauthorized access or reconnaissance.

  1. CCC.GenAI.TH07 Insecure Plugin

    A plugin integrated with a GenAI model may contain vulnerabilities such as poor input validation or improper access control. An adversary may exploit these flaws by crafting a prompt that causes the model to pass a malicious payload to the plugin, potentially leading to system compromise, data exfiltration or privilege escalation.

    Capabilities
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP25Plugin Integrations

Observability

The Observability group covers entries related to logging, monitoring, metrics, alerting, and event publication. This includes audit trail integrity, enumeration detection, and protection against tampering or unauthorized access to operational telemetry.

  1. CCC.GenAI.TH09 Lack of Explainability

    The "black box" nature of GenAI models makes it difficult or impossible to understand the specific reasoning behind a given output. This opacity makes it challenging to diagnose failures, detect hidden biases, and meet regulatory requirements for decision transparency.

    Capabilities
    • CCC.GenAI.Capabilities
      • CCC.GenAI.CP21Generate Content