# Exploring the OWASP AI Security Threats and Controls Navigator 
<a target="_blank" href="https://colab.research.google.com/github/mrwadams/ai-security-controls-graph/blob/main/AI_Security_Controls_Graph.ipynb"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

This notebook allows you to navigate the [AI Security Threats and Controls Navigator](https://raw.githubusercontent.com/OWASP/www-project-ai-security-and-privacy-guide/main/assets/images/owaspaioverviewpdfv3.pdf) from the OWASP AI Exchange as a graph database. The graph visualisation makes it easier to see the relationships between different controls, their parent categories, and more.

## Instructions

1. Click the ▶ symbol in the code cell below to run the cell and display the graph.

2. Once the graph is displayed, you can interact with it:
   - Zoom in and out using the mouse wheel or trackpad
   - Pan the graph by clicking and dragging
   - Click on a node to view its details in the sidebar
   - Use the search bar to find specific nodes

3. Explore the relationships between controls, categories, groups, and types to gain insights into the OWASP AI Security Threats and Controls Navigator.

Enjoy navigating the graph and discovering the connections within the AI security landscape!

## Generate Full Graph

In [8]:
# @title
# Install yfiles package and complete imports
%pip install yfiles_jupyter_graphs --quiet
from yfiles_jupyter_graphs import GraphWidget
from typing import Dict

# Import and enable Google Colab custom widget manager (required for running in Colab)
try:
  import google.colab
  from google.colab import output
  output.enable_custom_widget_manager()
except:
  pass

# Define graph
w = GraphWidget()
w.nodes = [
    {"id": "CTL1", "properties": {"label": "AIPROGRAM", "URL": "https://owaspai.org/docs/1_general_controls/#aiprogram"}},
    {"id": "CTL2", "properties": {"label": "SECPROGRAM", "URL": "https://owaspai.org/docs/1_general_controls/#secprogram"}},
    {"id": "CTL3", "properties": {"label": "SECDEVPROGRAM", "URL": "https://owaspai.org/docs/1_general_controls/#secdevprogram"}},
    {"id": "CTL4", "properties": {"label": "DEVPROGRAM", "URL": "https://owaspai.org/docs/1_general_controls/#devprogram"}},
    {"id": "CTL5", "properties": {"label": "CHECKCOMPLIANCE", "URL": "https://owaspai.org/docs/1_general_controls/#checkcompliance"}},
    {"id": "CTL6", "properties": {"label": "SECEDUCATE", "URL": "https://owaspai.org/docs/1_general_controls/#seceducate"}},
    {"id": "CTL7", "properties": {"label": "OVERSIGHT", "URL": "https://owaspai.org/docs/1_general_controls/#oversight"}},
    {"id": "CTL8", "properties": {"label": "LEASTMODELPRIVILEGE", "URL": "https://owaspai.org/docs/1_general_controls/#leastmodelprivilege"}},
    {"id": "CTL9", "properties": {"label": "AITRANSPARENCY", "URL": "https://owaspai.org/docs/1_general_controls/#aitransparency"}},
    {"id": "CTL10", "properties": {"label": "CONTINUOUSVALIDATION", "URL": "https://owaspai.org/docs/1_general_controls/#continuousvalidation"}},
    {"id": "CTL11", "properties": {"label": "EXPLAINABILITY", "URL": "https://owaspai.org/docs/1_general_controls/#explainability"}},
    {"id": "CTL12", "properties": {"label": "UNWANTEDBIASTESTING", "URL": "https://owaspai.org/docs/1_general_controls/#unwantedbiastesting"}},
    {"id": "CTL13", "properties": {"label": "DATAMINIMIZE", "URL": "https://owaspai.org/docs/1_general_controls/#dataminimize"}},
    {"id": "CTL14", "properties": {"label": "ALLOWEDDATA", "URL": "https://owaspai.org/docs/1_general_controls/#alloweddata"}},
    {"id": "CTL15", "properties": {"label": "SHORTRETAIN", "URL": "https://owaspai.org/docs/1_general_controls/#shortretain"}},
    {"id": "CTL15", "properties": {"label": "OBFUSCATETRAININGDATA", "URL": "https://owaspai.org/docs/1_general_controls/#obfuscatetrainingdata"}},
    {"id": "CTL16", "properties": {"label": "DISCRETE", "URL": "https://owaspai.org/docs/1_general_controls/#discrete"}},
    {"id": "CTL17", "properties": {"label": "MONITORUSE", "URL": "https://owaspai.org/docs/2_threats_through_use/#monitoruse"}},
    {"id": "CTL18", "properties": {"label": "RATELIMIT", "URL": "https://owaspai.org/docs/2_threats_through_use/#ratelimit"}},
    {"id": "CTL19", "properties": {"label": "MODELACCESSCONTROL", "URL": "https://owaspai.org/docs/2_threats_through_use/#modelaccesscontrol"}},
    {"id": "CTL20", "properties": {"label": "DETECTODDINPUT", "URL": "https://owaspai.org/docs/2_threats_through_use/#detectoddinput"}},
    {"id": "CTL21", "properties": {"label": "DETECTADVERSARIALINPUT", "URL": "https://owaspai.org/docs/2_threats_through_use/#detectadversarialinput"}},
    {"id": "CTL22", "properties": {"label": "EVASIONROBUSTMODEL", "URL": "https://owaspai.org/docs/2_threats_through_use/#evasionrobustmodel"}},
    {"id": "CTL23", "properties": {"label": "TRAINADVERSARIAL", "URL": "https://owaspai.org/docs/2_threats_through_use/#trainadversarial"}},
    {"id": "CTL24", "properties": {"label": "INPUTDISTORTION", "URL": "https://owaspai.org/docs/2_threats_through_use/#inputdistortion"}},
    {"id": "CTL25", "properties": {"label": "ADVERSARIALROBUSTDISTILLATION", "URL": "https://owaspai.org/docs/2_threats_through_use/#adversarialrobustdistillation"}},
    {"id": "CTL26", "properties": {"label": "FILTERSENSITIVEMODELOUTPUT", "URL": "https://owaspai.org/docs/2_threats_through_use/#filtersensitivemodeloutput"}},
    {"id": "CTL27", "properties": {"label": "OBSCURECONFIDENCE", "URL": "https://owaspai.org/docs/2_threats_through_use/#obscureconfidence"}},
    {"id": "CTL28", "properties": {"label": "SMALLMODEL", "URL": "https://owaspai.org/docs/2_threats_through_use/#smallmodel"}},
    {"id": "CTL29", "properties": {"label": "DOSINPUTVALIDATION", "URL": "https://owaspai.org/docs/2_threats_through_use/#dosinputvalidation"}},
    {"id": "CTL30", "properties": {"label": "LIMITRESOURCES", "URL": "https://owaspai.org/docs/2_threats_through_use/#limitresources"}},
    {"id": "CTL31", "properties": {"label": "DEVDATAPROTECT", "URL": "https://owaspai.org/docs/3_development_time_threats/#devdataprotect"}},
    {"id": "CTL32", "properties": {"label": "DEVSECURITY", "URL": "https://owaspai.org/docs/3_development_time_threats/#devsecurity"}},
    {"id": "CTL33", "properties": {"label": "SEGREGATEDATA", "URL": "https://owaspai.org/docs/3_development_time_threats/#segregatedata"}},
    {"id": "CTL34", "properties": {"label": "CONFCOMPUTE", "URL": "https://owaspai.org/docs/3_development_time_threats/#confcompute"}},
    {"id": "CTL35", "properties": {"label": "FEDERATEDLEARNING", "URL": "https://owaspai.org/docs/3_development_time_threats/#federatedlearning"}},
    {"id": "CTL36", "properties": {"label": "SUPPLYCHAINIMAGE", "URL": "https://owaspai.org/docs/3_development_time_threats/#supplychainmanage"}},
    {"id": "CTL37", "properties": {"label": "MODELENSEMBLE", "URL": "https://owaspai.org/docs/3_development_time_threats/#modelensemble"}},
    {"id": "CTL38", "properties": {"label": "MORETRAINDATA", "URL": "https://owaspai.org/docs/3_development_time_threats/#moretraindata"}},
    {"id": "CTL39", "properties": {"label": "DATAQUALITYCONTROL", "URL": "https://owaspai.org/docs/3_development_time_threats/#dataqualitycontrol"}},
    {"id": "CTL40", "properties": {"label": "TRAINDATADISTORTION", "URL": "https://owaspai.org/docs/3_development_time_threats/#traindatadistortion"}},
    {"id": "CTL41", "properties": {"label": "POISONROBUSTMODEL", "URL": "https://owaspai.org/docs/3_development_time_threats/#poisonrobustmodel"}},
    {"id": "CTL42", "properties": {"label": "Technical AppSec Controls", "URL": "https://www.opencre.org/cre/636-660"}},
    {"id": "CTL43", "properties": {"label": "Operational Security", "URL": "https://www.opencre.org/cre/862-452"}},
    {"id": "CTL44", "properties": {"label": "ENCODEMODELOUTPUT", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#encodemodeloutput"}},
    {"id": "CTL45", "properties": {"label": "MODELINPUTCONFIDENTIALITY", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#modelinputconfidentiality"}},
    {"id": "CTL46", "properties": {"label": "RUNTIMEMODELINTEGRITY", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#runtimemodelintegrity"}},
    {"id": "CTL47", "properties": {"label": "RUNTIMEMODELIOINTEGRITY", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#runtimemodeliointegrity"}},
    {"id": "CTL48", "properties": {"label": "Embedded In Model", "URL": "https://llmtop10.com/llm01/"}},
    {"id": "CTL49", "properties": {"label": "RUNTIMEMODELCONFIDENTIALITY", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#runtimemodelconfidentiality"}},
    {"id": "CTL50", "properties": {"label": "MODELOBFUSCATION", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#modelobfuscation"}},
    {"id": "CTL51", "properties": {"label": "PROMPTINPUTVALIDATION", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#promptinputvalidation"}},
    {"id": "CTL52", "properties": {"label": "INPUTSEGREGATION", "URL": "https://owaspai.org/docs/4_runtime_application_security_threats/#inputsegregation"}},
    {"id": "CAT1", "properties": {"label": "General Controls"}},
    {"id": "CAT2", "properties": {"label": "Threats Through Use Controls"}},
    {"id": "CAT3", "properties": {"label": "Development-time Threat Controls"}},
    {"id": "CAT4", "properties": {"label": "Runtime Application Security Threats Controls"}},
    {"id": "GRP1", "properties": {"label": "Governance", 'color': '#d65749'}},
    {"id": "GRP2", "properties": {"label": "Behaviour Integrity"}},
    {"id": "GRP3", "properties": {"label": "Sensitive Data Limitation"}},
    {"id": "GRP4", "properties": {"label": "Always Against Use Threats"}},
    {"id": "GRP5", "properties": {"label": "Against Evasion"}},
    {"id": "GRP6", "properties": {"label": "Against Data Disclosure by Use"}},
    {"id": "GRP7", "properties": {"label": "Against Data Disclosure by Model"}},
    {"id": "GRP8", "properties": {"label": "Against Model Inversion and Membership Inference"}},
    {"id": "GRP9", "properties": {"label": "Against Model Theft by Use"}},
    {"id": "GRP10", "properties": {"label": "Against Failure by Use"}},
    {"id": "GRP11", "properties": {"label": "Always Against Dev-Time Threats"}},
    {"id": "GRP12", "properties": {"label": "Against Broad Model Poisoning"}},
    {"id": "GRP13", "properties": {"label": "Against Data Poisoning"}},
    {"id": "GRP14", "properties": {"label": "Against Dev-Time Model Poisoning"}},
    {"id": "GRP15", "properties": {"label": "Against Transfer Learning Attacks"}},
    {"id": "GRP16", "properties": {"label": "Against Data Leak Dev-Time"}},
    {"id": "GRP17", "properties": {"label": "Against Train/Test Data Leak"}},
    {"id": "GRP18", "properties": {"label": "Against Dev-Time Model Leak"}},
    {"id": "GRP19", "properties": {"label": "Against Source Code/Config Leak"}},
    {"id": "GRP20", "properties": {"label": "Against Non AI-Specific AppSec Threats"}},
    {"id": "GRP21", "properties": {"label": "Against Insecure Output Handling"}},
    {"id": "GRP22", "properties": {"label": "Against Leaking Input Data"}},
    {"id": "GRP23", "properties": {"label": "Against Runtime Model Poisoning"}},
    {"id": "GRP24", "properties": {"label": "Against Direct Prompt Injection"}},
    {"id": "GRP25", "properties": {"label": "Against Runtime Model Theft"}},
    {"id": "GRP26", "properties": {"label": "Against Indirect Prompt Injection"}},
    {"id": "TYP1", "properties": {"label": "Standard InfoSec Control"}},
    {"id": "TYP2", "properties": {"label": "Runtime Data Science Control"}},
    {"id": "TYP3", "properties": {"label": "Development-time Data Science Control"}},
    {"id": "TYP4", "properties": {"label": "Other Control"}},

]
w.edges = [
    {"id": 1, "start": "CTL1", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 2, "start": "CTL1", "end": "GRP1", "properties": {"label": "IS_IN_GROUP"}},
{"id": 3, "start": "CTL1", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 4, "start": "CTL2", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 5, "start": "CTL2", "end": "GRP1", "properties": {"label": "IS_IN_GROUP"}},
{"id": 6, "start": "CTL2", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 7, "start": "CTL3", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 8, "start": "CTL3", "end": "GRP1", "properties": {"label": "IS_IN_GROUP"}},
{"id": 9, "start": "CTL3", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 10, "start": "CTL4", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 11, "start": "CTL4", "end": "GRP1", "properties": {"label": "IS_IN_GROUP"}},
{"id": 12, "start": "CTL4", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 13, "start": "CTL5", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 14, "start": "CTL5", "end": "GRP1", "properties": {"label": "IS_IN_GROUP"}},
{"id": 15, "start": "CTL5", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 16, "start": "CTL6", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 17, "start": "CTL6", "end": "GRP1", "properties": {"label": "IS_IN_GROUP"}},
{"id": 18, "start": "CTL6", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 19, "start": "CTL7", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 20, "start": "CTL7", "end": "GRP2", "properties": {"label": "IS_IN_GROUP"}},
{"id": 21, "start": "CTL7", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 22, "start": "CTL8", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 23, "start": "CTL8", "end": "GRP2", "properties": {"label": "IS_IN_GROUP"}},
{"id": 24, "start": "CTL8", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 25, "start": "CTL9", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 26, "start": "CTL9", "end": "GRP2", "properties": {"label": "IS_IN_GROUP"}},
{"id": 27, "start": "CTL9", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 28, "start": "CTL10", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 29, "start": "CTL10", "end": "GRP2", "properties": {"label": "IS_IN_GROUP"}},
{"id": 30, "start": "CTL10", "end": "TYP2", "properties": {"label": "IS_OF_TYPE"}},
{"id": 31, "start": "CTL10", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 32, "start": "CTL11", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 33, "start": "CTL11", "end": "GRP2", "properties": {"label": "IS_IN_GROUP"}},
{"id": 34, "start": "CTL11", "end": "TYP2", "properties": {"label": "IS_OF_TYPE"}},
{"id": 35, "start": "CTL12", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 36, "start": "CTL12", "end": "GRP2", "properties": {"label": "IS_IN_GROUP"}},
{"id": 37, "start": "CTL12", "end": "TYP2", "properties": {"label": "IS_OF_TYPE"}},
{"id": 38, "start": "CTL13", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 39, "start": "CTL13", "end": "GRP3", "properties": {"label": "IS_IN_GROUP"}},
{"id": 40, "start": "CTL13", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 41, "start": "CTL14", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 42, "start": "CTL14", "end": "GRP3", "properties": {"label": "IS_IN_GROUP"}},
{"id": 43, "start": "CTL14", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 44, "start": "CTL15", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 45, "start": "CTL15", "end": "GRP3", "properties": {"label": "IS_IN_GROUP"}},
{"id": 46, "start": "CTL15", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 47, "start": "CTL16", "end": "CAT1", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 48, "start": "CTL16", "end": "GRP3", "properties": {"label": "IS_IN_GROUP"}},
{"id": 49, "start": "CTL16", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 50, "start": "CTL17", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 51, "start": "CTL17", "end": "GRP4", "properties": {"label": "IS_IN_GROUP"}},
{"id": 52, "start": "CTL17", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 53, "start": "CTL17", "end": "GRP7", "properties": {"label": "IS_IN_GROUP"}},
{"id": 54, "start": "CTL17", "end": "GRP8", "properties": {"label": "IS_IN_GROUP"}},
{"id": 55, "start": "CTL17", "end": "GRP9", "properties": {"label": "IS_IN_GROUP"}},
{"id": 56, "start": "CTL17", "end": "GRP10", "properties": {"label": "IS_IN_GROUP"}},
{"id": 57, "start": "CTL17", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 58, "start": "CTL18", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 59, "start": "CTL18", "end": "GRP4", "properties": {"label": "IS_IN_GROUP"}},
{"id": 60, "start": "CTL18", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 61, "start": "CTL18", "end": "GRP7", "properties": {"label": "IS_IN_GROUP"}},
{"id": 62, "start": "CTL18", "end": "GRP8", "properties": {"label": "IS_IN_GROUP"}},
{"id": 63, "start": "CTL18", "end": "GRP9", "properties": {"label": "IS_IN_GROUP"}},
{"id": 64, "start": "CTL18", "end": "GRP10", "properties": {"label": "IS_IN_GROUP"}},
{"id": 65, "start": "CTL18", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 66, "start": "CTL19", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 67, "start": "CTL19", "end": "GRP4", "properties": {"label": "IS_IN_GROUP"}},
{"id": 68, "start": "CTL19", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 69, "start": "CTL19", "end": "GRP7", "properties": {"label": "IS_IN_GROUP"}},
{"id": 70, "start": "CTL19", "end": "GRP8", "properties": {"label": "IS_IN_GROUP"}},
{"id": 71, "start": "CTL19", "end": "GRP9", "properties": {"label": "IS_IN_GROUP"}},
{"id": 72, "start": "CTL19", "end": "GRP10", "properties": {"label": "IS_IN_GROUP"}},
{"id": 73, "start": "CTL19", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 74, "start": "CTL20", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 75, "start": "CTL20", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 76, "start": "CTL20", "end": "TYP2", "properties": {"label": "IS_OF_TYPE"}},
{"id": 77, "start": "CTL21", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 78, "start": "CTL21", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 79, "start": "CTL21", "end": "TYP2", "properties": {"label": "IS_OF_TYPE"}},
{"id": 80, "start": "CTL22", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 81, "start": "CTL22", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 82, "start": "CTL22", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 83, "start": "CTL23", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 84, "start": "CTL23", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 85, "start": "CTL23", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 86, "start": "CTL24", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 87, "start": "CTL24", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 88, "start": "CTL24", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 89, "start": "CTL25", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 90, "start": "CTL25", "end": "GRP5", "properties": {"label": "IS_IN_GROUP"}},
{"id": 91, "start": "CTL25", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 92, "start": "CTL26", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 93, "start": "CTL26", "end": "GRP7", "properties": {"label": "IS_IN_GROUP"}},
{"id": 94, "start": "CTL26", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 95, "start": "CTL27", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 96, "start": "CTL27", "end": "GRP8", "properties": {"label": "IS_IN_GROUP"}},
{"id": 97, "start": "CTL27", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 98, "start": "CTL28", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 99, "start": "CTL28", "end": "GRP8", "properties": {"label": "IS_IN_GROUP"}},
{"id": 100, "start": "CTL28", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 101, "start": "CTL29", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 102, "start": "CTL29", "end": "GRP10", "properties": {"label": "IS_IN_GROUP"}},
{"id": 103, "start": "CTL29", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 104, "start": "CTL30", "end": "CAT2", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 105, "start": "CTL30", "end": "GRP10", "properties": {"label": "IS_IN_GROUP"}},
{"id": 106, "start": "CTL30", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 107, "start": "CTL31", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 108, "start": "CTL31", "end": "GRP11", "properties": {"label": "IS_IN_GROUP"}},
{"id": 109, "start": "CTL31", "end": "GRP12", "properties": {"label": "IS_IN_GROUP"}},
{"id": 110, "start": "CTL31", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 111, "start": "CTL31", "end": "GRP14", "properties": {"label": "IS_IN_GROUP"}},
{"id": 112, "start": "CTL31", "end": "GRP17", "properties": {"label": "IS_IN_GROUP"}},
{"id": 113, "start": "CTL31", "end": "GRP18", "properties": {"label": "IS_IN_GROUP"}},
{"id": 114, "start": "CTL31", "end": "GRP19", "properties": {"label": "IS_IN_GROUP"}},
{"id": 115, "start": "CTL31", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 116, "start": "CTL32", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 117, "start": "CTL32", "end": "GRP11", "properties": {"label": "IS_IN_GROUP"}},
{"id": 118, "start": "CTL32", "end": "GRP12", "properties": {"label": "IS_IN_GROUP"}},
{"id": 119, "start": "CTL32", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 120, "start": "CTL32", "end": "GRP14", "properties": {"label": "IS_IN_GROUP"}},
{"id": 121, "start": "CTL32", "end": "GRP17", "properties": {"label": "IS_IN_GROUP"}},
{"id": 122, "start": "CTL32", "end": "GRP18", "properties": {"label": "IS_IN_GROUP"}},
{"id": 123, "start": "CTL32", "end": "GRP19", "properties": {"label": "IS_IN_GROUP"}},
{"id": 124, "start": "CTL32", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 125, "start": "CTL33", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 126, "start": "CTL33", "end": "GRP11", "properties": {"label": "IS_IN_GROUP"}},
{"id": 127, "start": "CTL33", "end": "GRP12", "properties": {"label": "IS_IN_GROUP"}},
{"id": 128, "start": "CTL33", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 129, "start": "CTL33", "end": "GRP14", "properties": {"label": "IS_IN_GROUP"}},
{"id": 130, "start": "CTL33", "end": "GRP17", "properties": {"label": "IS_IN_GROUP"}},
{"id": 131, "start": "CTL33", "end": "GRP18", "properties": {"label": "IS_IN_GROUP"}},
{"id": 132, "start": "CTL33", "end": "GRP19", "properties": {"label": "IS_IN_GROUP"}},
{"id": 133, "start": "CTL33", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 134, "start": "CTL34", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 135, "start": "CTL34", "end": "GRP11", "properties": {"label": "IS_IN_GROUP"}},
{"id": 136, "start": "CTL34", "end": "GRP12", "properties": {"label": "IS_IN_GROUP"}},
{"id": 137, "start": "CTL34", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 138, "start": "CTL34", "end": "GRP14", "properties": {"label": "IS_IN_GROUP"}},
{"id": 139, "start": "CTL34", "end": "GRP17", "properties": {"label": "IS_IN_GROUP"}},
{"id": 140, "start": "CTL34", "end": "GRP18", "properties": {"label": "IS_IN_GROUP"}},
{"id": 141, "start": "CTL34", "end": "GRP19", "properties": {"label": "IS_IN_GROUP"}},
{"id": 142, "start": "CTL34", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 143, "start": "CTL35", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 144, "start": "CTL35", "end": "GRP11", "properties": {"label": "IS_IN_GROUP"}},
{"id": 145, "start": "CTL35", "end": "GRP12", "properties": {"label": "IS_IN_GROUP"}},
{"id": 146, "start": "CTL35", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 147, "start": "CTL35", "end": "GRP14", "properties": {"label": "IS_IN_GROUP"}},
{"id": 148, "start": "CTL35", "end": "GRP17", "properties": {"label": "IS_IN_GROUP"}},
{"id": 149, "start": "CTL35", "end": "GRP18", "properties": {"label": "IS_IN_GROUP"}},
{"id": 150, "start": "CTL35", "end": "GRP19", "properties": {"label": "IS_IN_GROUP"}},
{"id": 151, "start": "CTL35", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 152, "start": "CTL36", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 153, "start": "CTL36", "end": "GRP11", "properties": {"label": "IS_IN_GROUP"}},
{"id": 154, "start": "CTL36", "end": "GRP12", "properties": {"label": "IS_IN_GROUP"}},
{"id": 155, "start": "CTL36", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 156, "start": "CTL36", "end": "GRP14", "properties": {"label": "IS_IN_GROUP"}},
{"id": 157, "start": "CTL36", "end": "GRP15", "properties": {"label": "IS_IN_GROUP"}},
{"id": 158, "start": "CTL36", "end": "GRP17", "properties": {"label": "IS_IN_GROUP"}},
{"id": 159, "start": "CTL36", "end": "GRP18", "properties": {"label": "IS_IN_GROUP"}},
{"id": 160, "start": "CTL36", "end": "GRP19", "properties": {"label": "IS_IN_GROUP"}},
{"id": 161, "start": "CTL36", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 162, "start": "CTL37", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 163, "start": "CTL37", "end": "GRP12", "properties": {"label": "IS_IN_GROUP"}},
{"id": 164, "start": "CTL37", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 165, "start": "CTL38", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 166, "start": "CTL38", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 167, "start": "CTL38", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 168, "start": "CTL39", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 169, "start": "CTL39", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 170, "start": "CTL39", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 171, "start": "CTL40", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 172, "start": "CTL40", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 173, "start": "CTL40", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 174, "start": "CTL41", "end": "CAT3", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 175, "start": "CTL41", "end": "GRP13", "properties": {"label": "IS_IN_GROUP"}},
{"id": 176, "start": "CTL41", "end": "TYP3", "properties": {"label": "IS_OF_TYPE"}},
{"id": 177, "start": "CTL42", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 178, "start": "CTL42", "end": "GRP20", "properties": {"label": "IS_IN_GROUP"}},
{"id": 179, "start": "CTL42", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 180, "start": "CTL43", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 181, "start": "CTL43", "end": "GRP20", "properties": {"label": "IS_IN_GROUP"}},
{"id": 182, "start": "CTL43", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 183, "start": "CTL44", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 184, "start": "CTL44", "end": "GRP21", "properties": {"label": "IS_IN_GROUP"}},
{"id": 185, "start": "CTL44", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 186, "start": "CTL45", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 187, "start": "CTL45", "end": "GRP22", "properties": {"label": "IS_IN_GROUP"}},
{"id": 188, "start": "CTL45", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 189, "start": "CTL46", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 190, "start": "CTL46", "end": "GRP23", "properties": {"label": "IS_IN_GROUP"}},
{"id": 191, "start": "CTL46", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 192, "start": "CTL47", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 193, "start": "CTL47", "end": "GRP23", "properties": {"label": "IS_IN_GROUP"}},
{"id": 194, "start": "CTL47", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 195, "start": "CTL48", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 196, "start": "CTL48", "end": "GRP24", "properties": {"label": "IS_IN_GROUP"}},
{"id": 197, "start": "CTL48", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 198, "start": "CTL49", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 199, "start": "CTL49", "end": "GRP25", "properties": {"label": "IS_IN_GROUP"}},
{"id": 200, "start": "CTL49", "end": "TYP1", "properties": {"label": "IS_OF_TYPE"}},
{"id": 201, "start": "CTL50", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 202, "start": "CTL50", "end": "GRP25", "properties": {"label": "IS_IN_GROUP"}},
{"id": 203, "start": "CTL50", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 204, "start": "CTL51", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 205, "start": "CTL51", "end": "GRP26", "properties": {"label": "IS_IN_GROUP"}},
{"id": 206, "start": "CTL51", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}},
{"id": 207, "start": "CTL52", "end": "CAT4", "properties": {"label": "IS_IN_CATEGORY"}},
{"id": 208, "start": "CTL52", "end": "GRP26", "properties": {"label": "IS_IN_GROUP"}},
{"id": 209, "start": "CTL52", "end": "TYP4", "properties": {"label": "IS_OF_TYPE"}}
]

w.directed = True

# Define a function to determine node color based on ID prefix
def custom_node_color_mapping(node: Dict):
    """Determine node color based on ID prefix and return the corresponding color with an attractive scheme."""
    # Define attractive colors for each node type
    colors = {
        "CAT": "#00BFFF",
        "CTL": "#FF7F50",
        "GRP": "#3CB371",
        "TYP": "#DAA520",
    }

    # Determine the node type from its ID and apply the corresponding color
    for prefix, color in colors.items():
        if node['id'].startswith(prefix):
            return color

    # Return a default color if the node type does not match any of the specified types
    # This line can be omitted if you do not wish to apply a default color
    return "#CCCCCC"  # Light gray as a default color

# Use the defined function to set node colors
w.set_node_color_mapping(custom_node_color_mapping)

# Display the graph
display(w)

GraphWidget(layout=Layout(height='800px', width='100%'))

## Exploring Relationships

The graph visualisation allows you to explore the relationships between controls, categories, groups, and types. Here are a few interesting relationships to investigate:

- Controls that belong to multiple groups
- Groups that contain the most controls
- Categories and the distribution of controls within them
- The relationship between control types and groups

Use the code cells below to generate subgraphs focusing on specific aspects of the AI security landscape.

### Controls in Group
The subgraph below showcases the controls that fall under the "Governance" group. This group includes controls related to AI program management, security program, software development lifecycle, and more. Exploring this subgraph can provide insights into the key governance aspects of AI security.

In [9]:
# Generate a subgraph showing controls that belong to the "Governance" group
governance_controls = [node for node in w.nodes if 'GRP1' in [edge['end'] for edge in w.edges if edge['start'] == node['id']]]
governance_edges = [edge for edge in w.edges if edge['start'] in [node['id'] for node in governance_controls] or edge['end'] in [node['id'] for node in governance_controls]]

governance_graph = GraphWidget()
governance_graph.nodes = governance_controls
governance_graph.edges = governance_edges
governance_graph.directed = True
governance_graph.set_node_color_mapping(custom_node_color_mapping)

display(governance_graph)

GraphWidget(layout=Layout(height='500px', width='100%'))

### Controls per Category

The following subgraph visualises the distribution of controls across different categories. It allows you to see which categories have the most controls and how the controls are organised within each category. This can help in understanding the focus areas of the OWASP AI Security Threats and Controls Navigator.

In [10]:
# Generate a subgraph showing the distribution of controls across categories
category_nodes = [node for node in w.nodes if node['id'].startswith('CAT')]
category_edges = [edge for edge in w.edges if edge['end'] in [node['id'] for node in category_nodes]]

category_graph = GraphWidget()
category_graph.nodes = category_nodes + [node for node in w.nodes if node['id'] in [edge['start'] for edge in category_edges]]
category_graph.edges = category_edges
category_graph.directed = True
category_graph.set_node_color_mapping(custom_node_color_mapping)

display(category_graph)

GraphWidget(layout=Layout(height='800px', width='100%'))

### Controls per Type

The subgraph below illustrates the relationship between controls of different types. It allows you to see which control types are most prevalent. This can provide insights into the nature of the controls within each control type and help identify patterns or trends. For example, you may observe that there are more 'Standard Information Security Controls' than any other control type.

In [11]:
# Generate a subgraph showing the distribution of controls across control types
type_nodes = [node for node in w.nodes if node['id'].startswith('TYP')]
type_edges = [edge for edge in w.edges if edge['end'] in [node['id'] for node in type_nodes]]

type_graph = GraphWidget()
type_graph.nodes = type_nodes + [node for node in w.nodes if node['id'] in [edge['start'] for edge in type_edges]]
type_graph.edges = type_edges
type_graph.directed = True
type_graph.set_node_color_mapping(custom_node_color_mapping)

display(type_graph)

GraphWidget(layout=Layout(height='800px', width='100%'))

### Multi-Group Controls

This subgraph focuses on controls that belong to multiple groups. These controls are particularly interesting because they address multiple aspects of AI security simultaneously. By examining the groups these controls belong to, you can gain insights into the interconnectedness of different security considerations. For instance, a control that belongs to both the "Against Evasion" and "Against Data Disclosure by Model" groups suggests a strong link between these two security aspects.

In [12]:
# Generate a subgraph showing controls that belong to multiple groups
multi_group_controls = [node for node in w.nodes if node['id'].startswith('CTL') and len([edge for edge in w.edges if edge['start'] == node['id'] and edge['end'].startswith('GRP')]) > 1]
multi_group_edges = [edge for edge in w.edges if edge['start'] in [node['id'] for node in multi_group_controls] or edge['end'] in [node['id'] for node in multi_group_controls]]

multi_group_graph = GraphWidget()
multi_group_graph.nodes = multi_group_controls + [node for node in w.nodes if node['id'] in [edge['end'] for edge in multi_group_edges]]
multi_group_graph.edges = multi_group_edges
multi_group_graph.directed = True
multi_group_graph.set_node_color_mapping(custom_node_color_mapping)

display(multi_group_graph)

GraphWidget(layout=Layout(height='780px', width='100%'))