Where every claim in SecProve
comes from.

Annual survey of cyber leaders on resilience, workforce, geopolitics, and emerging tech including AI. Excellent for leadership and strategy questions.

Catalog of security and privacy controls for information systems and organizations. The foundation for federal security compliance.

Public database tracking real-world AI incidents and controversies. Invaluable for risk assessment and governance case studies.

Market categorization of AI security tools: model monitoring, adversarial robustness, privacy, compliance. Useful for understanding the vendor landscape without favoring specific vendors.

International principles for responsible AI adopted by 46 countries. Covers inclusive growth, transparency, accountability, and security.

Practical governance framework providing guidance on deploying AI responsibly. Includes implementation checklists.

U.S. Executive Order (Oct 2023) establishing AI safety requirements, red-teaming standards, and reporting obligations for frontier AI systems.

The authoritative framework for managing AI risks. Defines four core functions: Govern, Map, Measure, Manage. Essential reading for anyone building or deploying AI systems.

Updated cybersecurity framework with six core functions: Govern, Identify, Protect, Detect, Respond, Recover.

International standard for establishing and maintaining an AI management system. Includes 39 controls across 10 areas.

The European Union's comprehensive AI regulation. Classifies AI systems by risk level and sets requirements for high-risk systems.

(See cross-cutting.md.) For C7 specifically: conformity assessments, technical documentation requirements, post-market monitoring, fundamental rights impact assessments. Detailed compliance questions.

Positions AI security technologies on the hype cycle. Useful for questions about technology maturity, adoption timelines, and distinguishing hype from operational readiness.

Google's conceptual framework for securing AI systems. Covers supply chain, data governance, and deployment security.

Companion to AI RMF 1.0 specifically for generative AI. Maps 12 GenAI risks to RMF actions. Covers CBRN, CSAM, confabulation, data privacy, environmental, human-AI interaction, information integrity, IP, obscenity, toxicity, value chain.

(See cross-cutting.md for details.) The primary AI governance framework for US context. Questions should test practical application of Govern/Map/Measure/Manage, not just recall.

Certification program for responsible AI. Assessment criteria across fairness, explainability, accountability, robustness. Emerging industry certification.

Comprehensive annual data on AI progress: research output, investment, policy, public opinion, technical performance. The best source for quantitative AI landscape questions.