Question 10 - Isaca AAIA Real Exam Questions [Feb 2026 Update]

Q: 10

An organization is using information gathered from customer accounts to train its AI chatbot. Which of the following is the GREATEST risk associated with this practice?

Options

Correct Answer:

Explanation

Training an AI chatbot directly on customer account information poses the most significant and immediate risk of data leakage and privacy breaches. Large language models can memorize and inadvertently reproduce specific data points from their training set, a phenomenon known as "regurgitation." If the training data contains personally identifiable information (PII) or other sensitive details, the chatbot could disclose this information to other users during conversation. This constitutes a severe data breach, leading to significant regulatory fines (e.g., under GDPR), loss of customer trust, and direct harm to individuals whose privacy is violated. This risk is a direct consequence of using this specific type of sensitive data source.

Why Incorrect

B. AI bias: While a valid and serious concern, the direct disclosure of personal information is often considered a more severe and immediate compliance failure with clearer legal and financial penalties.

C. Transparency: This is a governance principle. A lack of transparency is a risk factor, but the actual disclosure of private data is the more severe, tangible negative outcome.

D. AI model hallucinations: This is a general risk inherent to generative AI technology, not the primary risk specifically tied to using sensitive customer data as the training source.

References

1. Carlini

Tramer

Wallace

Jagielski

Herbert-Voss

Lee

... & Raffel

C. (2021). Extracting Training Data from Large Language Models. In 30th USENIX Security Symposium (USENIX Security 21). This paper empirically demonstrates that language models can memorize and regurgitate verbatim text sequences from their training data

including unique and private information

confirming the high risk of personal data disclosure.

2. National Institute of Standards and Technology (NIST). (2023). AI Risk Management Framework (AI RMF 1.0). In Section 4.2

"MAP

" the framework emphasizes identifying risks to individuals' rights and safety

stating

"AI systems can also affect privacy by

for example

re-identifying individuals from what was thought to be anonymized data..." This highlights privacy breaches as a primary risk category.

3. Stanford University. (2023). CS224N: NLP with Deep Learning

Lecture on Ethics in NLP. Course materials discuss the risks of training models on private data

noting that models can memorize sensitive information like names

phone numbers

and addresses

which can then be extracted

posing a direct privacy risk.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE