Your organization deploys a customer-facing AI model that passed standard penetration testing. Leadership wants assurance the model itself cannot be manipulated or stolen. As the security assessment lead, what is the MOST appropriate NEXT step?
A. Commission AI red teaming for evasion and model extraction attacks
B. Repeat penetration testing with expanded application scope
C. Review the vendor's secure development attestation
D. Enable runtime anomaly monitoring on model outputs