Uncategorized
Mental Model for Generative AI Risk and Security Framework
Generative artificial intelligence (generative AI) has captured the imagination of organizations and is transforming the customer experience in industries of every size across the globe. This leap in AI capability, fueled by multi-billion-parameter large language models (LLMs) and transformer neural networks, has opened the door to new productivity improvements, creative capabilities, and more.
As organizations evaluate and adopt generative AI for their employees and customers, cybersecurity practitioners must assess the risks, governance, and controls for this evolving technology at a rapid pace. As a security leader working with the largest, most complex customers at various cloud providers, I’m regularly consulted on trends, best practices, and the rapidly evolving landscape of generative AI and the associated security and privacy implications. In that spirit, I’d like to share key strategies that you can use to accelerate your own generative AI security journey.
This post, the first in a series on securing generative AI, establishes a mental model that will help you approach the risk and security implications based on the type of generative AI workload you are deploying. We then highlight key considerations for security leaders and practitioners to prioritize when securing generative AI workloads. Follow-on posts will dive deep into developing generative AI solutions that meet customers’ security requirements, best practices for threat modeling generative AI applications, approaches for evaluating compliance and privacy considerations, and explore ways to use generative AI to improve your own cybersecurity operations.
Where to Start
As with any emerging technology, a strong grounding in the foundations of that technology is critical to helping you understand the associated scopes, risks, security, and compliance requirements. To learn more about the foundations of generative AI, I recommend starting by reading more about what generative AI is, its unique terminologies and nuances, and exploring examples of how organizations are using it to innovate for their customers.
If you’re just starting to explore or adopt generative AI, you might imagine that an entirely new security discipline will be required. While there are unique security considerations, the good news is that generative AI workloads are, at their core, another data-driven computing workload, and they inherit much of the same security regimen. If you’ve invested in cloud cybersecurity best practices over the years and embraced prescriptive advice from sources like top security frameworks and best practices, you’re well on your way!
Core security disciplines like identity and access management, data protection, privacy and compliance, application security, and threat modeling are still critically important for generative AI workloads, just as they are for any other workload. For example, if your generative AI application is accessing a database, you’ll need to know what the data classification of the database is, how to protect that data, how to monitor for threats, and how to manage access. But beyond emphasizing long-standing security practices, it’s crucial to understand the unique risks and additional security considerations that generative AI workloads bring. This post highlights several security factors, both new and familiar, for you to consider.
Determine Your Scope
Your organization has decided to move forward with a generative AI solution; now what do you do as a security leader or practitioner? As with any security effort, you must understand the scope of what you’re tasked with securing. Depending on your use case, you might choose a managed service where the service provider takes more responsibility for the management of the service and model, or you might choose to build your own service and model.
Let’s look at how you might use various generative AI solutions in a generic cloud environment. Security is a top priority, and providing customers with the right tool for the job is critical. For example, you can use serverless, API-driven services with simple-to-consume, pre-trained foundation models (FMs) provided by various vendors. Managed AI services provide you with additional flexibility while still using pre-trained FMs, helping you to accelerate your AI journey securely. You can also build and train your own models using cloud-based machine learning platforms. Maybe you plan to use a consumer generative AI application through a web interface or API such as a chatbot or generative AI features embedded into a commercial enterprise application your organization has procured. Each of these service offerings has different infrastructure, software, access, and data models and, as such, will result in different security considerations. To establish consistency, I’ve grouped these service offerings into logical categorizations, which I’ve named scopes.
In order to help simplify your security scoping efforts, I’ve created a matrix that conveniently summarizes key security disciplines that you should consider, depending on which generative AI solution you select. This is called the Generative AI Security Scoping Matrix.
The first step is to determine which scope your use case fits into. The scopes are numbered 1–5, representing least ownership to greatest ownership.
Buying Generative AI:
Scope 1: Consumer app – Your business consumes a public third-party generative AI service, either at no-cost or paid. At this scope, you don’t own or see the training data or the model, and you cannot modify or augment it. You invoke APIs or directly use the application according to the terms of service of the provider.
Example: An employee interacts with a generative AI chat application to generate ideas for an upcoming marketing campaign.
Scope 2: Enterprise app – Your business uses a third-party enterprise application that has generative AI features embedded within, and a business relationship is established between your organization and the vendor.
Example: You use a third-party enterprise scheduling application that has a generative AI capability embedded within to help draft meeting agendas.
Building Generative AI:
Scope 3: Pre-trained models – Your business builds its own application using an existing third-party generative AI foundation model. You directly integrate it with your workload through an application programming interface (API).
Example: You build an application to create a customer support chatbot that uses a foundation model through cloud provider APIs.
Scope 4: Fine-tuned models – Your business refines an existing third-party generative AI foundation model by fine-tuning it with data specific to your business, generating a new, enhanced model that’s specialized to your workload.
Example: Using an API to access a foundation model, you build an application for your marketing teams that enables them to build marketing materials specific to your products and services.
Scope 5: Self-trained models – Your business builds and trains a generative AI model from scratch using data that you own or acquire. You own every aspect of the model.
Example: Your business wants to create a model trained exclusively on deep, industry-specific data to license to companies in that industry, creating a completely novel LLM.
Source: hackernoon.com
The post Mental Model for Generative AI Risk and Security Framework appeared first on HIPTHER Alerts.
A report from People’s Daily: The 16th BRICS Summit will be held in Kazan, Russia, from Oct. 22 to 24. This upcoming summit is the first to be held after the BRICS expansion, playing a prominent role in getting the greater BRICS cooperation off to a good start. It is also important for BRICS countries to unite the Global South and play a greater role in international affairs. Chinese President Xi Jinping will attend the 16th BRICS Summit.
“More than 30 nations have formally applied to join BRICS.” With its rising global influence, the BRICS cooperation mechanism has become a focus of media around the world. The increasing number of developing countries applying to join the BRICS family fully demonstrates the vitality and appeal of the BRICS cooperation mechanism.
Since its inception, BRICS countries have consistently acted on the BRICS spirit of openness, inclusiveness, and win-win cooperation, and taken BRICS cooperation to new heights. They have upheld fairness and justice in international affairs, stood up for what is right on major international and regional issues, and enhanced the voice and influence of emerging markets and developing countries. Faced with the current complex international situation, the Global South countries increasingly rely on the BRICS.
Under the suggestion of China, the BRICS expansion process was initiated during the 14th BRICS Summit held in Beijing in 2022. At the 15th BRICS Summit held in Johannesburg, South Africa in 2023, the BRICS achieved a historic expansion. Earlier this year, Egypt, the United Arab Emirates, Iran, and Ethiopia officially became members of the BRICS family.
The new round of expansion has further enhanced the global representation and influence of the BRICS mechanism, making it a more important force in shaping the international landscape.
Last November, leaders of BRICS countries joined the Extraordinary Joint Meeting of BRICS Leaders and Leaders of Invited BRICS Members on the Situation in the Middle East with Particular Reference to Gaza, to coordinate positions and actions on the Palestinian-Israeli conflict.
This year, the 14th BRICS Trade Ministers Meeting and the 14th Meeting of the BRICS high-ranking officials responsible for the security matters and national security advisors were held successively to build more consensus for cooperation, safeguard peace and stability, and seek common development and revitalization.
On multilateral platforms such as the United Nations (UN) and the G20, the BRICS countries have jointly defended the rights and interests of emerging markets and developing countries.
The world today is experiencing disorder, slowing growth, uneven development, and a loss of focus in governance. In the face of increasingly complex and challenging international situations, the greater BRICS cooperation bears greater responsibilities and higher expectations.
The greater BRICS cooperation will continue to promote common security and strive for lasting peace. The BRICS countries will support each other on issues concerning their respective core interests, and enhance coordination on major international and regional issues.
China and Brazil have jointly released the six-point consensus on the common understandings on the political settlement of the Ukraine crisis, which has received positive responses from more than 110 countries.
On the Palestinian question, the BRICS countries emphasize the need to push for the early realization of a comprehensive and lasting ceasefire in Gaza, support Palestine’s full UN membership, and implement the two-state solution.
The greater BRICS cooperation will focus on development as a priority and remove hindrance to development. The membership expansion has contributed to a wider-ranging, broader, and higher-quality cooperation among BRICS countries. By revitalizing the cooperation outcomes and unlocking new cooperation potential, the countries are committed to leveraging the opportunities brought by technological revolution and industrial transformation to nurture new drivers for high-quality development and create new landmark achievements in areas such as finance, artificial intelligence, energy, and minerals.
The greater BRICS cooperation will follow true multilateralism and improve global governance. The BRICS expansion has further increased the representation of the BRICS family on the global stage, which will expand the topics of global governance joined by BRICS countries and improve their governance capabilities. The upcoming BRICS summit has once again focused on multilateralism, demonstrating the confidence and determination of BRICS countries in upholding multilateral cooperation.
Currently, the Global South accounts for over 40 percent of the world economy, profoundly reshaping the global economic landscape. As the leading members of the Global South, the BRICS countries are working for greater solidarity and cooperation among countries of the Global South. Together, they have stayed true to the fundamental aspiration of upholding the common interests of the Global South and pushing for a more balanced and effective global governance.
At a new starting point, the strategic significance and political effects of the greater BRICS should be fully leveraged to make BRICS a new type of multilateral cooperation mechanism based on emerging markets and developing countries, and open and inclusive to the world.
China has been a consistent advocate of and contributor to BRICS cooperation. As Chinese President Xi Jinping pointed out, BRICS countries gather not in a closed club or an exclusive circle, but a big family of mutual support and a partnership for win-win cooperation. They need to uphold openness and inclusiveness and pool collective wisdom and strength, which meets the realistic needs of BRICS development and serves the common interests of all BRICS countries.
Building on a solid foundation, the greater BRICS cooperation is bound to embrace a bright future. Moving forward, China stands ready to strengthen strategic partnerships with all BRICS partners, get the greater BRICS cooperation off to a good start, and build a community with a shared future for mankind, so as to make greater contributions to the development and progress of human society.
SOURCE People’s Daily
The post To get greater BRICS cooperation off to good start appeared first on HIPTHER Alerts.
Kaohsiung City Deputy Mayor Charles Lin led a delegation of smart transportation, smart healthcare, and Asia New Bay Area startup representatives to the 2024 Selangor Smart City and Digital Economy Convention (SDEC) in Malaysia. Deputy Mayor Lin also delivered a speech at the SDEC conference, introducing the development of the semiconductor industry and the achievements of Kaohsiung Smart City.
Delegation presented a diverse group of companies:
Chunghwa Telecom exhibited two key technologies: the Cellular Vehicle Probe (CVP) Big Data system for traffic analysis and a 5G Vehicle-to-Everything (V2X) Technology for light rail intersection safety. The CVP system offers real-time traffic monitoring and analysis, while the V2X technology enhances safety through dynamic monitoring and rapid warning transmission.
Advmeds presented their “Kaohsiung Health 4.0”, introducing generative care engine technology across medical facilities, communities, and senior fitness clubs. This system achieves digitalized health management through chatbots and is developing AI digital avatars to upgrade customer service functions.
iAMBITION showcased comprehensive solutions for medical and care institutions, featuring their “iSAFE system platform.” This platform utilizes contactless 3D sensors, smart IoT, and AI image recognition for anomaly detection, environmental monitoring, and health risk assessment in healthcare settings.
LTPA introduced its “Smart Cognitive Training Program,” combining AIoT technology to digitalize non-pharmaceutical treatments. The program offers AI remote training equipment for seniors, focusing on dementia prevention and muscle strength enhancement.
Hitspectra Intelligent Technology demonstrated their application of Hyperspectral Imaging in Early Medical Diagnosis. This technology assists doctors in quickly identifying affected areas with unclear early symptoms, particularly skin diseases. Their focus includes biomedical optical detection and semiconductor thin film optical inspection.
Meta Intelligence presented one-stop digital innovation solutions spanning AI, IoT, and Digital Twins. Their expertise covers AI-powered building management, AI-generated fashion model photos, VR and AI smart sports training tools, and VR foreign language practice with AI characters. These participants demonstrated Kaohsiung’s diverse capabilities in AI and 5G applications, spanning smart transportation, smart healthcare, and metaverse solutions for smart cities.
During the visit, Kaohsiung companies engaged in business matchmaking sessions with Malaysian enterprises, expanding their presence in the Southeast Asian market. Selangor State EXCO YB Ng Sze Han expressed hopes for deeper collaboration following the “Smart City Strategic Partnership Alliance” MoU signed in March last year. The visit marked a significant milestone in Taiwan–Malaysia smart technology cooperation, highlighting both cities’ commitment to innovation and sustainable urban development.
SOURCE Kaohsiung City Government
The post SDEC 2024: Team Kaohsiung Presenting New City AI Governance appeared first on HIPTHER Alerts.
Uncategorized
Happiest Minds positioned as a ‘Major Contender’ in Everest Group’s Cybersecurity PEAK Matrix® Assessment – North America 2024
Happiest Minds Technologies Limited (NSE: HAPPSTMNDS), a ‘Born Digital . Born Agile’, Mindful IT Company, today announced that it has been positioned as a ‘Major Contender’ in the latest market evaluation report, Cybersecurity Services PEAK Matrix® Assessment 2024 – North America by Everest Group.
Ram Mohan C, CEO of Infrastructure Management & Security Services (IMSS), Happiest Minds, said, “Our approach to cybersecurity is strategic and holistic, integrating advanced services to address the full spectrum of threats across diverse IT environments. We have invested significantly in cybersecurity solutions, including AI-driven threat detection, Zero Trust architecture, Secure Access Service Edge (SASE), Gen AI security, quantum security, and advanced Security Operations Center (SOC) capabilities. At Happiest Minds, we continuously adapt to industry trends, embedding cybersecurity into every facet of our service delivery, innovation, and technology adoption, ensuring our customers are prepared to tackle the evolving challenges of today’s digital economy.”
Priya Kanduri, CTO of Infrastructure Management & Security Services (IMSS) and Head of Security Services, Happiest Minds, said, “This recognition highlights our strategic vision and unwavering commitment to delivering cutting-edge cybersecurity services to our customers. We have strengthened our talent pool and leveraged automation to address industry-wide skill gaps, ensuring robust and scalable security operations. Our relentless drive towards excellence in addressing the most pressing security challenges empowers us to deliver exceptional value to our customers. This accolade reinforces our perseverance in driving innovation in the cybersecurity landscape.”
The post Happiest Minds positioned as a ‘Major Contender’ in Everest Group’s Cybersecurity PEAK Matrix® Assessment – North America 2024 appeared first on HIPTHER Alerts.
-
Artificial Intelligence4 days agoInternational experts hail GITEX GLOBAL 2024 as world’s largest & best-rated tech event signs off
-
Artificial Intelligence6 days agoAccelerating AI advancement: Abu Dhabi’s innovation champions & tech pioneers shine bright at GITEX GLOBAL 2024
-
Artificial Intelligence6 days agoPhishing Protection Market Size Worth $5.94 Billion, Globally, by 2031 – Exclusive Report by The Insight Partners
-
Artificial Intelligence6 days agoSmartRecruiters Unveils Winston: AI That Keeps Hiring Human
-
Artificial Intelligence7 days agoDemand for Industry-specific AI drives increasing adoption of IFS.ai
-
Artificial Intelligence6 days agoHuawei presented a significant article titled “The Digital Dividend – ICT Maturity Fuels Economic Growth” at GITEX GLOBAL 2024
-
Artificial Intelligence6 days agoGITEX GLOBAL 2024: Huawei launches a series of industrial digital and intelligent transformation solutions, and flagship products
-
Artificial Intelligence6 days agoKPMG Australia is first organization globally to achieve BSI’s AI management system certification
