O24–O28 and O21 all sit at current_maturity = 1 against target = 5. The intersection with Model Poisoning, Adversarial Examples and Prompt Injection — the domains where an incident first surfaces as "unclear model behaviour" rather than a classical IT incident.
ISO/IEC 27001:2022 contains 93 controls (37 O + 8 People + 14 Physical + 34 T). The nominal Organizational + Technological scope is 71; the active scoring instrument contains 70 rows (T34 is not scored). The People and Physical themes are outside the instrument.
When a foundation model is used directly (via API or locally, with no intermediate layer), the classical ISO controls barely apply. Mean maturity 0.17 across the 71-control nominal Step 3 scope. Only 12 controls have maturity > 0.
| ID | Control name | Direct | Enterprise | Application | Fine-Tuned | Gap | Priority |
|---|