# MASTER CONTEXT FILE: ARCHETYPE B - ENTERPRISE-EMBEDDED ASSISTANTS **Date:** May 8, 2026 **Subject:** Organization Risk Scenario - Enterprise-Embedded Assistants (Collaboration/Productivity) **Auditor:** Third Line Independent IT Security Auditor **Entity:** 1009, LTD --- ## 1. ORGANIZATIONAL CONTEXT (BASELINE) * **Entity Identity:** 1009 LTD, a Crypto Asset Service Provider (CASP) with 40 employees. * **Operational Risk Profile:** High. The organization manages cryptographic assets, sensitive financial data, and PII. * **Control Environment Deficits:** The baseline control environment suffers from critical Segregation of Duties (SoD) failures (e.g., First Line IT management holds auditing/oversight powers) and a fragmented understanding of its own infrastructure (legacy perimeter defenses vs. cloud-based realities). ## 2. LLM DEPLOYMENT ARCHETYPE: ENTERPRISE-EMBEDDED ASSISTANTS * **Archetype Definition:** Large Language Models directly integrated into the enterprise’s core productivity and collaboration suites (e.g., Microsoft 365 Copilot, Google Workspace Gemini, Slack AI). These tools are often activated globally via SaaS licensing upgrades. * **Operational Modality:** The AI assistant operates within the user's existing work context (email, word processors, spreadsheets, internal chat). It leverages backend APIs (e.g., Microsoft Graph) to actively index, retrieve, and synthesize data across the entire tenant based on the user's assigned logical access permissions. * **Primary Threat Vectors:** * **Weaponization of Over-Permissioning (Data Sprawl):** If historical access controls (e.g., legacy SharePoint permissions, broad read-access to internal wikis) are loosely configured, the embedded AI will instantly surface sensitive data (e.g., HR files, crypto-wallet architectures) that the user was unaware they had access to. * **Normalization of Shadow AI Workflows:** Because the AI is seamlessly embedded in daily tools, users natively integrate it into workflows before the Second Line (Risk/Compliance) can define acceptable use cases or conduct data privacy impact assessments. * **Contextual Data Leakage:** Synthesizing confidential communications and subsequently forwarding or sharing the AI-generated outputs without verifying the underlying classification of the source data. ## 3. APPLICABLE GOVERNANCE & CONTROL CRITERIA The following internal policies established by 1009 LTD represent the Criteria against which this embedded LLM archetype must be audited. ### A. Access Control Policy (Policy 01) & Identity Management Policy (Policy 12) * **"Need-to-Know" and "Least Privilege" (Policy 01, Section 3.2 / Policy 12, Section 2.10):** Embedded LLMs respect existing access control matrices. However, because 1009 LTD delegates the auditing of access rights to the CTO (First Line, Policy 01, Sec 2.7) rather than an independent Third Line, objective assurance of "least privilege" is non-existent. The AI will immediately expose this governance failure by surfacing poorly segregated data to unauthorized roles. * **Access Review Cadence (Policy 12, Section 2.13):** Access is reviewed every 6 months for non-public information. In an AI-augmented environment, 6 months is too slow to mitigate the risk of permission sprawl. The instantaneous retrieval capabilities of embedded LLMs mandate near-real-time identity governance. ### B. Risk Management Policy (Policy 09) * **Major IT System Changes (Section 3.19):** Requires an IT risk assessment "upon each major change in the network and information system infrastructure, in the processes or procedures." Activating enterprise LLMs across the SaaS tenant constitutes a major change. * **Risk Acceptance (Section 4.16):** The organization lacks a defined authority matrix for accepting "High" residual risk. Deploying an embedded LLM that accesses the entire CASP data repository introduces severe operational risk that currently lacks a formalized executive sign-off mechanism. ### C. Information Security Policy (Policy 08) * **Data Classification (Section 5.1):** The policy only defines "Public," "Internal," and "Confidential" data. Embedded LLMs will ingest and index all internal and confidential data (including cryptographic procedures) indiscriminately. The lack of a "Strictly Confidential" or "Do Not Index" label prevents 1009 LTD from applying granular API exclusions to keep the AI away from the CASP's most critical operational secrets. * **Segregation of Duties (Section 3.7):** Applied to data access, embedded assistants can accidentally merge data from highly segregated departments (e.g., HR and TechSec) if backend cloud storage containers are not strictly isolated. ### D. Operations Management Policy (Policy 06) * **Third-Party Configs & Hardening (Section 3.16):** Requires vendor-recommended security settings. For tools like M365 Copilot, this requires extensive backend data classification and permission auditing *prior* to activation. If the CTO activates the license without prior data hygiene, the organization violates its own hardening mandates. * **Separation of Environments (Section 3.25):** The policy requires separation of production from development. If developers and operational staff use the same enterprise suite, the embedded AI might cross-pollinate development code with production data queries, bridging logical air-gaps via the SaaS backend. ### E. Business Continuity Policy (Policy 05) * **Non-Approved Applications (Section 2 - Limitations):** The policy excludes "non-approved applications" from BCM recovery. If the enterprise AI becomes a critical dependency for daily operations (e.g., generating required compliance reports or parsing trade logs), an outage of the third-party AI provider will cause an unmitigated business disruption not covered by the current BCP. --- **Auditor's Note on Archetype B:** Enterprise-embedded LLMs pose the highest immediate systemic risk to 1009 LTD due to the organization's flawed access control auditing. Because the First Line (CTO) is grading its own homework regarding "least privilege" (Policy 01), it is highly probable that deep permission sprawl already exists within the tenant. The deployment of an embedded assistant will weaponize this dormant sprawl, turning passive over-permissioning into active internal data breaches. The deployment must be halted until a fully independent, Third Line audit of the underlying SaaS access control matrix is completed.