Threat vectors
AI705 separates the outcome a control must prevent from the technical channel the evidence may use. Weight theft, secret theft, and sabotage are scored as first-class outcomes. Channels like electromagnetic leakage, power, cooling, BMS / OT, wireless, and physical intrusion stay as evidence tags.
Theft or unauthorized reconstruction of model weights, checkpoints, adapters, key material, or enough model state to reproduce protected capability.
ICD/ICS 705 and the IC Tech Spec protect SCI facilities, but AI705 must translate those requirements to model-weight custody across storage, active training, and serving replicas.
Theft of non-weight secrets that can compromise AI operations or facility security.
Traditional SCIF language maps naturally to many secret-theft cases, but AI705 must include datacenter design, operational, vendor, and telemetry secrets that are not model weights.
Physical or operational disruption, degradation, tampering, or manipulation of AI facility infrastructure and recovery paths.
ICD/ICS 705 contains access, IDS, construction, and environmental controls, but AI datacenters require explicit sabotage review for power, cooling, BMS/OT, remote maintenance, and shared infrastructure.