S0025Significant

供應商不透明阻礙風險評估

Deployment

Risk Description

AI model vendors refuse to disclose training data sources, architecture details, known limitations, and safety test results citing trade secrets. Deploying organizations cannot conduct adequate risk assessments without this critical information, effectively "deploying blind." This vendor opacity is particularly severe under AI-as-a-Service models, as organizations rely entirely on limited vendor-provided information for deployment decisions.

Framework Mappings

iso 23894R4
tw principle透明與可解釋
tw principle問責
tw risk type部署互動問題(Deployment Interaction)

Controls English translation pending

  • 供應商透明度要求
  • 獨立評估

Implementation Steps English translation pending

  1. 在採購合約中要求供應商提供最低透明度資訊
  2. 委託獨立第三方對供應商的 AI 系統進行安全和偏見評估
  3. 建立供應商透明度評分機制,作為採購決策的參考
  4. 推動產業標準化的 AI 模型資訊揭露框架(如 Model Cards)