aisecurity.llc logoaisecurity.llc

aisecurity.llc

The Evidence Gap

Governance language often appears before engineering evidence language such as eval outputs, telemetry, and remediation proof.

Governance-to-execution gap

What this finding measures

Ready for Public Claim

Governance language often appears before engineering evidence language such as eval outputs, telemetry, and remediation proof.

Use as a primary report finding with methodology caveat.

Based on analyzed job-description signals, not proof of any individual company’s internal security maturity.

Evidence readiness

Execution hinge

Chart targets

  • chart_evidence_gap_framework_vs_evidence
  • chart_governance_vs_engineering_matrix
  • chart_survey_ownership_gap
  • chart_survey_control_maturity
  • chart_survey_leadership_blockers
  • chart_survey_practitioner_gap

Active filters: period=all, industry=all, seniority=all

Clear

Evidence charts

Current chart outputs for this finding

Finding Evidence

Framework Mentions Versus Evidence Mentions

Governance/framework language compared with operational evidence language.

v_framework_evidence_benchmarks
Source: v_framework_evidence_benchmarks
Framework language is a public role signal, not proof of implemented governance.

Spec title: Framework Mentions Versus Evidence Mentions

Chart ID: chart_evidence_gap_framework_vs_evidence

Source: v_framework_evidence_benchmarks

Caption: This chart compares framework references with evidence-artifact references.

Chart caveat: Framework language is a public role signal, not proof of implemented governance.

Deck note: Use this chart for governance-to-engineering discussion.

Evidence Gap

Framework Mention vs Control Evidence Gap by Category

Gap between framework mentions in job postings and actual control/evidence language, by framework category.

export.v_chart_framework_vs_evidence_gap_bar
Source: export.v_chart_framework_vs_evidence_gap_bar
Based on analyzed job-description signals, not proof of any individual company's internal security maturity.

Chart ID: chart_governance_vs_engineering_matrix

Source: export.v_chart_framework_vs_evidence_gap_bar

Survey Research

AI Security Ownership — Who Holds It?

Cross-persona distribution: who currently owns AI security in your organization? (select all that apply).

survey_aggregate.cross_persona.ownership_distribution
Source: survey_aggregate.cross_persona.ownership_distribution
Multi-select question — percentages sum to more than 100%.

Chart ID: chart_survey_ownership_gap

Source: survey_aggregate.cross_persona.ownership_distribution

Caption: Ownership fragmentation: % reporting each category of current AI security ownership.

Chart caveat: Multi-select question — percentages sum to more than 100%.

Deck note: Ownership fragmentation is the most-cited blocker across all four personas.

AI Security Control Maturity — Leadership Self-Assessment

No rows matched current filters or export rows are not populated yet.

What Is Blocking AI Security Progress? (CISOs)

No rows matched current filters or export rows are not populated yet.

Where Is the Biggest Gap? (Practitioners)

No rows matched current filters or export rows are not populated yet.

Recommended actions

What leaders should do next

Map each policy obligation to an evidence artifact.
Track proof-of-execution, not policy completion alone.
Use evidence quality as a board reporting metric.

Browse the full citation library for supporting research and source quotes.

Evidence library →