Swordfish: SAIMM (AI Security Framework)

2025

Publication of AI security framework for the Russian market

Swordfish Security has published an artificial intelligence security framework. The company announced this on November 14, 2025.

The methodology for assessing the maturity of companies using artificial intelligence will be available for information security teams of companies for free. Thus, cybersecurity experts decided to provide the nascent AI security market with expertise.

A map of threats and preventive measures was created specifically for the Russian market, taking into account the requirements of the regulators of the Russian Federation and the specifics of Russian AI systems. In the framework "Swordfish: SAIMM" collected the main directions for the analysis of AI, including AI agents, criteria for assessing risks and a plan to overcome them. This is a kind of checklist for self-testing companies implementing artificial intelligence, and oriented to assess the level of maturity and build a roadmap for its development.

The launch of a new AI agent is announced daily on the Russian market, and commercial companies regularly introduce a variety of tools based on language models to speed up business processes. If you do not ensure the security, the number and complexity of attacks on the business that Russian companies are being subjected to now may seem like a warm-up, because AI systems have their own features, are tripled more difficult, and their protection is often easier to bypass than traditional software, "said Yury Shabalin, director of artificial intelligence technology development at Swordfish Security.

An important part of the framework is the taxonomy of threats to AI systems. The methodology focuses on AI-specific threats, complementing classic AppSec practices. The development took into account international classifications of vulnerabilities: OWASP Top-10, NIST AI, RMF, ENISA, MITRE ATLAS. The developers have pieced together about 80 major vulnerabilities in systems involving artificial intelligence. The taxonomy of threats, in particular, included compromise of models, circumvention of restrictions, disclosure of sensitive information in response, conflict of the hierarchy of instructions and others. Each threat detected corresponds to its international classification and protection and control measures.

The maturity strand applies to any organisation using AI, whether fintech, online trading or government infrastructure. The developers of the artificial intelligence security framework are active members of the AI Security Consortium, and the experience gained as part of the All-Russian study was taken into account in their calculations.

When developing the framework, we, among other things, took into account the provisions of the national project "Artificial Intelligence in a Critical Information Infrastructure," these two documents were developed in parallel, the domains of the framework fit into its structure. We give a practical granularity of the norms: who is responsible for what, what artifacts are formed, where controls are automated and what the admission/operation/response procedures look like, "said Albina Askerova, head of the department for interaction with regulators at Swordfish Security.

AI Security Framework View

Swordfish Security has developed its own AI Security framework that includes possible risks and a roadmap for secure AI development. This is a recommendation system that relies on international threat maps and AI development standards, but is focused on the Russian market. The framework took into account domestic regulation and market features. The company announced this on October 15, 2025.

25% of large financial companies have already faced incidents involving AI - such results were shown by a study that the Fintech Association conducted in conjunction with Swordfish Security. This is an important signal for a business that has already entered a new digital age, but has not yet fully realized it.

Accelerated by artificial intelligence and originally built on artificial intelligence, software amplifies the fundamental complexity brought by new levels of automation. We are on the cusp of an era where trust becomes the currency of the digital world, And the future of not only technology, but society depends on how we enter this era. And the task of engineers is no longer just to protect innovation, but to protect trust, "said Yury Sergeyev, Managing Partner of Swordfish Security.

By risk scoring, we are not even in the "red," but in the "burgundy" zone. AI technologies everywhere, even if they are not needed, are trying to insert them into almost any business, and this carries phenomenal risks. Business does not even understand that it carries the connection of some chat bot to a site that looks at one "eye" of the Internet, another to your database, and provides almost unlimited opportunities for a knowledgeable person to get some internal information, "said Yury Shabalin, director of artificial intelligence technologies development at Swordfish Security.