# authorization

10 articlestagged with “authorization”

Function Calling Authorization Framework

Building fine-grained authorization frameworks for function calling that enforce capability-based security.

defensefunction-callingauthorizationframework

Legal Landscape for AI Testing

Authorization requirements, terms of service considerations, computer fraud laws, and responsible disclosure frameworks for AI red teaming.

legalauthorizationcomplianceresponsible-disclosurebeginner

Beginner

Legal Framework for AI Red Teaming

Comprehensive analysis of legal considerations, authorization requirements, and liability issues for AI security testing.

governancelegalauthorization

Intermediate

Authorization, Contracts & Liability

Rules of engagement, scope documents, liability clauses, and contract templates for AI red teaming engagements. What to include to protect yourself and the client.

authorizationcontractsliabilitylegal

Advanced

Legal Frameworks for AI Red Teaming

The legal landscape for AI security testing: CFAA implications, AI-specific regulations, international variation, and the boundaries between lawful research and unauthorized access.

legalframeworkscomplianceauthorization

Advanced

FedRAMP for AI Systems

Applying the Federal Risk and Authorization Management Program to AI systems: AI-specific security controls, continuous monitoring for model behavior, authorization boundary challenges, and compliance testing methodologies.

fedrampgovernmentcomplianceauthorizationcontinuous-monitoringnist

Intermediate

Scoping & Rules of Engagement

Defining scope, rules of engagement, authorization boundaries, and success criteria for AI red team engagements, with templates and checklists for common engagement types.

scopingrules-of-engagementauthorizationmethodologytradecraftengagement

Intermediate

Capability-Based Access Control

Step-by-step walkthrough for implementing fine-grained capability controls for LLM features, covering capability token design, permission scoping, dynamic capability grants, and audit trails.

access-controlcapabilitiespermissionsauthorizationdefensewalkthrough

Intermediate

Implementing Access Control in RAG Pipelines

Walkthrough for building access control systems in RAG pipelines that enforce document-level permissions, prevent cross-user data leakage, filter retrieved context based on user authorization, and resist retrieval poisoning attacks.

ragaccess-controlretrievaldata-leakageauthorizationdefensewalkthrough

Advanced

Rules of Engagement Template for AI Red Team Operations

Step-by-step guide to creating comprehensive rules of engagement documents for AI red team assessments, covering authorization, scope, constraints, communication, and legal protections.

rules-of-engagementtemplatelegalauthorizationmethodologywalkthrough

Beginner