Aulafy
Courses/AI security and evaluation/Project: AI App Audit

Project: AI App Audit

The final project is a hands-on audit: you take an AI app and produce a short report that states what it does, what could go wrong, which tests it passed, and what's missing before production.

  • Apply risk maps, OWASP, evals, privacy, and supply chain on a real app.
  • Create useful evidence to decide whether to publish, limit, or fix.
  • Leave a repeatable template for future Aulafy projects.

Minimum report

TerminalCode
# Auditoría IA

Sistema:
Responsable:
Fecha:
Usuarios:
Datos tratados:
Herramientas conectadas:

## Riesgos principales
- Riesgo:
  Impacto:
  Control:
  Estado:

## Evals
- Casos totales:
- Pasan:
- Fallan:
- Casos críticos:

## Red teaming
- Ataques probados:
- Fallos encontrados:
- Mitigaciones:

## Privacidad
- Datos sensibles:
- Logs:
- Retención:
- Accesos:

## Supply chain
- Modelos:
- Datasets:
- Dependencias:
- Licencias:

## Decisión
Resultado: publicar | publicar con límites | piloto | bloquear
Motivo:
Siguiente revisión:

Launch traffic light

  • Green: does not touch sensitive data, does not execute actions, basic evals pass.
  • Yellow: touches internal data or tools; requires logs, limits, and human approval.
  • Red: can affect money, health, employment, rights, customers, or personal data; requires serious review before production.