# authorization
標記為「authorization」的 10 篇文章
函式呼叫授權框架
為函式呼叫建構細粒度授權框架,強制執行基於能力的安全。
AI 測試之法律地景
AI 紅隊之授權要求、服務條款考量、電腦詐欺法規,與負責任揭露框架。
Legal Framework for AI Red Teaming
Comprehensive analysis of legal considerations, authorization requirements, and liability issues for AI security testing.
授權、合約與責任
AI 紅隊委任之交戰規則、範疇文件、責任條款與合約範本。應納入哪些內容以保護自己與客戶。
AI 紅隊的法律框架
AI 安全測試的法律地景:CFAA 意涵、AI 特有法規、國際差異,以及合法研究與未授權存取的分野。
AI 系統的 FedRAMP
將聯邦風險與授權管理計畫(FedRAMP)應用於 AI 系統:AI 專屬安全控制措施、模型行為的持續監控、授權邊界挑戰以及合規測試方法。
Scoping & Rules of Engagement
Defining scope, rules of engagement, authorization boundaries, and success criteria for AI red team engagements, with templates and checklists for common engagement types.
能力式存取控制
為 LLM 功能實作細粒度能力控管的逐步演練,涵蓋能力符記設計、權限範圍、動態能力授予與稽核軌跡。
Implementing Access Control in RAG Pipelines
導覽 for building access control systems in RAG pipelines that enforce document-level permissions, prevent cross-user data leakage, filter retrieved context based on user authorization, and resist retrieval poisoning attacks.
Rules of Engagement Template for AI 紅隊 Operations
Step-by-step guide to creating comprehensive rules of engagement documents for AI red team assessments, covering authorization, scope, constraints, communication, and legal protections.