# MASTER CONTEXT FILE: ARCHETYPE A - DIRECT EXTERNAL LLM USE **Date:** May 8, 2026 **Subject:** Organization Risk Scenario - Direct Employee Use of External LLMs **Auditor:** Third Line Independent IT Security Auditor **Entity:** 1009, LTD --- ## 1. ORGANIZATIONAL CONTEXT (BASELINE) * **Entity Identity:** 1009 LTD, a Small and Medium-Sized Enterprise (SME) operating under a Crypto Asset Service Provider (CASP) license. * **Headcount & Structure:** 40 total employees. Departmental allocation: Technology (12), Operations (15), Security (5), Marketing and Communication (4). The remaining 4 roles (Executive/Governance) lack formal demarcation in the baseline profile. * **Operational Risk Profile:** As a CASP, the organization processes highly sensitive cryptographic material, financial transaction logs, and customer Personally Identifiable Information (PII). A breach in confidentiality or integrity poses severe financial and regulatory risks (e.g., Bank of Lithuania reporting thresholds). * **Infrastructure Posture:** Highly contradictory internal definitions (simultaneously claiming "only laptops," "on-site RAID Z," and "cloud-based infrastructure"). This creates a fragmented baseline for endpoint and perimeter control. ## 2. LLM DEPLOYMENT ARCHETYPE: DIRECT EXTERNAL USE * **Archetype Definition:** Direct employee use of external, public-facing Large Language Model (LLM) services (e.g., public web interfaces of ChatGPT, Claude, Gemini, etc.) without enterprise-grade contractual agreements or localized API gateways. * **Operational Modality:** Employees access these tools via corporate endpoints or network environments using web browsers to assist with daily tasks (e.g., code generation, marketing copy, data parsing, troubleshooting). * **Primary Threat Vectors:** * **Uncontrolled Prompting & Data Disclosure:** Employees may inadvertently input "Internal" or "Confidential" data (e.g., proprietary source code, API keys, customer data, cryptographic architecture details) into public LLMs. This data is subsequently processed by third-party vendors and potentially incorporated into public training datasets. * **Weak Organizational Visibility (Shadow AI):** Because the service is accessed via standard web traffic (HTTPS) rather than provisioned through the internal IT Service Catalog, the First Line (IT Operations) lacks visibility into usage, prompt contents, and data egress. * **Bypass of Logical Controls:** Web-based LLM interactions easily circumvent traditional endpoint controls if strict Data Leak Prevention (DLP) rules or URL web-filtering are not effectively tuned. ## 3. APPLICABLE GOVERNANCE & CONTROL CRITERIA The following internal policies established by 1009 LTD represent the Criteria against which this LLM archetype must be audited and governed. ### A. Information Security Policy (Policy 08) * **Data Classification (Section 5.1):** Governs what data can be exposed. "Internal" (project documents, internal comms) and "Confidential" (customer info, contracts) data are strictly prohibited from being disclosed to unauthorized third parties. Inputting this data into a public LLM constitutes a data breach under this framework. * **Third-Party Exposure:** Employees transferring company data into an unsanctioned public LLM violate the mandate to preserve the confidentiality of data in transit and processing. ### B. Operations Management Policy (Policy 06) * **Software Authorization (Section 3.2):** Mandates that "Only authorized software and hardware is installed on IT infrastructure and assets." Accessing public LLMs as SaaS applications bypasses this authorization control if web-filtering is not implemented. * **Data Leak Prevention (DLP) (Section 3.13):** Requires DLP measures including "role-based access controls, ensuring that non-public data remains secure during storage, transmission, and use." Direct LLM use tests the efficacy of 1009 LTD's endpoint DLP solutions (e.g., clipboard monitoring, browser upload restrictions). * **Remote Connection / BYOD (Sections 3.14):** Employees working remotely or on "justified" personal devices using public LLMs represent a severe exfiltration vector outside the corporate network perimeter. ### C. Network Security Management Policy (Policy 11) * **Traffic Egress & Web Filtering (Section 2 - Configuration Management):** Dictates that firewalls and Web Application Firewalls (WAF) are configured to "deny all access by default, allowing connection access only by exception." If public LLM domains (e.g., chatgpt.com, anthropic.com) are not explicitly whitelisted, network routing should theoretically block this archetype. If employees *can* access them, the "deny all" control is proven defective. * **Network Service Agreements (Section 2):** Use of public LLMs without enterprise agreements bypasses the required business case, cost, timeline, and risk analysis mandated before utilizing a network service provider. ### D. Human Resource Management Policy (Policy 03) * **Acceptable Use & Discipline (Section 6):** Employees are required "to use Company's information and IT assets only for the execution of their business role and accordance to Company's policies." Unauthorized prompting of sensitive data is subject to disciplinary action, including dismissal. * **Training and Awareness (Section 5):** The CISO is responsible for ensuring employees understand security protocols. If Shadow AI occurs, it indicates a failure in the security awareness training regarding generative AI risks. ### E. Asset Management Policy (Policy 04) * **Asset Registration (Section 3):** All IT assets (hardware and software services) must be registered in the IT asset registry. Public LLM accounts created by employees using corporate credentials (or for corporate tasks) represent unregistered shadow IT assets. ### F. Risk Management Policy (Policy 09) * **Risk Tolerance and Acceptance (Section 4.14 - 4.16):** Uncontrolled data disclosure via public LLMs carries a potential "High" or "Very High" operational and reputational impact (especially if CASP data is leaked). If the organization permits access to these tools, the residual risk must be formally accepted and documented by Senior Management. --- **Auditor's Note on Archetype A:** This archetype directly exploits the previously identified weaknesses in 1009 LTD's governance, specifically the reliance on reactive (policy-based) rather than proactive (technical enforcement) controls. The organization's contradictory infrastructure documentation makes the successful deployment of network-wide blocking or endpoint DLP highly improbable, leaving the company heavily exposed to Shadow AI data leakage.