《制定強大的 AI 安全和治理計劃.pdf》由會員分享,可在線閱讀,更多相關《制定強大的 AI 安全和治理計劃.pdf(20頁珍藏版)》請在三個皮匠報告上搜索。
1、Building an AI Security&Governance ProgramThibaut RoisinThibaut RoisinManaging Director,Security WELCOME AND INTRODUCTIONSJack BerkowitzJack BerkowitzCDOConfidential Presentation Under NDA -Do Not Distribute-No Screenshots PlsGen AIs annual potential impact across industries Gen AIs annual potential
2、 impact across industries$2.6$2.6-$4.4 trillion$4.4 trillionSource:McKinsey&CompanySource:McKinsey&CompanyBy 2026,organizations that operationalize artificial intelligence(AI)transparency,trust and security will see their AI models achieve a 50%50%improvement in terms of adoptionimprovement in terms
3、 of adoption,business goals and user acceptance.7%40%Source:WEF Global Cybersecurity outlook 2024,Goldman Sachs,Accenture:AI for Everyone but also reshape the threat landscape Most concerning Gen AI impacts on security(Source:Global Cybersecurity Outlook 2024,n=120)Will generative AI provide an over
4、all cyber advantage to the attackers or defenders in next 2 years?Gen AI Perception:Cyber advantage to attackers over enhancing defense(Source:Global Cybersecurity Outlook 2024,n=120)Gen AI is expected to power growth46%20%9%8%8%8%Advancement of adversarial capabilities phishing,malware development,
5、deep fakeData leaks exposure of personallyidentifiable info.through Gen AIIncreased complexity of security governanceTechnical security of the AI systems themselvesSoftware supply chain and codedevelopment risk potential backdoorsLegal concerns of intellectual property&liability123456Gen AI is predi
6、cted to boost global GDP by 7%over the next decade(Source:Global Cybersecurity Outlook 2024)And transform 40%of all working hours over the next decade(Source:Accenture:AI for Everyone)56%9%Yes,to AttackersYes,to DefendersResponsible AIResponsible AIAccentures Responsible AI principlesFor any enterpr
7、ise,Responsible AI means taking intentional actions to design,deploy and use AI to create value while building trust and protecting from the potential risks of AI.Responsible AI begins with a set of AI governing principles,which each enterprise adopts and then enforces.Human by designFairnessTranspa
8、rency,Explainability&AccuracySafetyAccountabilityCompliance,Data Privacy&CybersecuritySustainability6Copyright 2024 Accenture.All rights reserved.Source:Gartner:Innovation Guide for Generative AI in Trust,Risk and Security ManagementGartner Poll:Which Risks of GenAI Are You Most Worried About?Enabli
9、ng Safe Use of Data and AIEnabling Safe Use of Data and AIAre AI Models compliant with global regulations?Are AI Models compliant with global regulations?Strictly Confidential Information of Securiti AIWhich AI Models Exist?Which AI Models Exist?Agents&Agents&Assistants Assistants CodeCodeNew Catego
10、ry New Category of Appsof AppsInsights&Insights&AutomationsAutomationsWhat Controls are there on What Controls are there on prompts,agents,prompts,agents,assistants?assistants?What data is beingWhat data is beingused in AI Models?used in AI Models?What is the Risk Rating of What is the Risk Rating o
11、f AI Models?AI Models?Which security controls are Which security controls are enabled for AI Models?enabled for AI Models?Enabling Safe Use of Data and AIEnabling Safe Use of Data and AIStrictly Confidential Information of Securiti AIDiscover Discover Shadow AI Shadow AI Discover and catalog sanctio
12、ned and unsanctioned AI models across public clouds,private environments,and SaaS applications.Discover AI ModelsDiscover AI ModelsFrom Fear to Control:From Fear to Control:5 5-Step Approach to AI Security&GovernanceStep Approach to AI Security&GovernanceAssess AI Model RisksAssess AI Model RisksMap
13、 Data+AI FlowsMap Data+AI FlowsImplement Data+AI ControlsImplement Data+AI ControlsComply with ConfidenceComply with ConfidenceAssess Assess AI Model RisksAI Model RisksEvaluate risks related to data and AI models from IaaS and SaaS,and classify AI models as per global regulatory requirements.Map Ma
14、p Data+AI FlowsData+AI FlowsConnect models to data sources,processes,vendors,potential risks,and compliance obligations.Implement Implement Data+AI ControlsData+AI ControlsEstablish data controls on model inputs and outputs,securing AI systems from unauthorized access or manipulation.Comply Comply w
15、ith Confidencewith ConfidenceConduct assessments to comply with standards such as NIST AI RMF,the EU AI Act,and more.STEP 1STEP 2STEP 3STEP 4STEP 5Un-Sanctioned&Sanctioned SanctionedEnabling Safe Use of Data and AIEnabling Safe Use of Data and AIStrictly Confidential Information of Securiti AI Full
16、transparency into your AI systems Clear visibility in AI risk awareness Clarity over AI data processing Adequate protection around AI models and AI interactions Ease with AI regulatory compliance navigationBridging the Gap Bridging the Gap-From Fear to EmpowermentFrom Fear to EmpowermentAI Assistant
17、sAI Assistantsx10sx10sAI ModelsAI Modelsx10sx10sAI PipelinesAI Pipelinesx100sx100sEmbracing AI Governance ensures financial gain,reputation Embracing AI Governance ensures financial gain,reputation enhancement,and informed business decisions.enhancement,and informed business decisions.Enabling Safe
18、Use of Data and AIEnabling Safe Use of Data and AIStrictly Confidential Information of Securiti AIStep 1.Step 1.Discover&Catalog AI ModelsDiscover&Catalog AI ModelsDiscover and catalog AI models in use across public clouds,SaaS applications,and private environments.Automatically discover all AI mode
19、ls active across Public Clouds,Public Clouds,including those in both production and non-production environments.Collect comprehensive details on AI models operating within your SaaS applicationsSaaS applicationsand internal projects via Assessments.Catalog all AI modelsCatalog all AI models present
20、across your entire environment,ensuring visibility into every aspect of your AI landscape,including shadow AI.Discover AI ModelsDiscover AI ModelsAssess AI Model RisksAssess AI Model RisksMap Data+AI FlowsMap Data+AI FlowsImplement Data+AI ControlsImplement Data+AI ControlsComply with ConfidenceComp
21、ly with ConfidencemySecurity DiagnosticmySecurity DiagnosticEnabling Safe Use of Data and AIEnabling Safe Use of Data and AIEvaluate risks related to data and AI models from IaaS and SaaS,and classify AI models as per global regulatory requirements.RatingsRatingsof popular open source and commercial
22、 AI models coveringToxicity/MaliciousnessBiasEfficiency(e.g.,training energy consumption,inference runtime)Copyright considerationsDisinformation/Hallucination risks Classify AI systemsClassify AI systems and models as per classifications imposed by global regulatory bodies.Discover AI ModelsDiscove
23、r AI ModelsAssess AI Model RisksAssess AI Model RisksMap Data+AI FlowsMap Data+AI FlowsImplement Data+AI ControlsImplement Data+AI ControlsComply with ConfidenceComply with ConfidenceStep 2.Step 2.Assess&Classify AI Model RisksAssess&Classify AI Model RisksBiasBiasToxicityToxicityHallucinationHalluc
24、inationIP&Privacy IP&Privacy LeakageLeakageLLMsLLMsEnabling Safe Use of Data and AIEnabling Safe Use of Data and AIStrictly Confidential Information of Securiti AIStep 3.Step 3.Map&Monitor Data+AI FlowsMap&Monitor Data+AI FlowsConnect AI models to data sources,data processing paths,vendors,potential
25、 risks,compliance obligations,and continuously monitor data flow.Establish full context around AI modelsEstablish full context around AI models and AI systems and map these to associated data sources,data processing paths,vendors,potential risks,and compliance obligations.Trace the datas journey Tra
26、ce the datas journey through your AI ecosystem,exposing privacy,security,and ethical risks before they materialize.Discover AI ModelsDiscover AI ModelsAssess AI Model RisksAssess AI Model RisksMap Data+AI FlowsMap Data+AI FlowsImplement Data+AI ControlsImplement Data+AI ControlsComply with Confidenc
27、eComply with ConfidenceEnabling Safe Use of Data and AIEnabling Safe Use of Data and AIStrictly Confidential Information of Securiti AIStep 4.Step 4.Data+AI Data+AI ControlsControlsEstablish data controls on model inputs and outputs,securing sensitive data throughout its lifecycle.Safe ingestion of
28、dataSafe ingestion of data into AI models,in alignment with enterprise data policies and user entitlements.In line classification,conversion,redaction/anonymization and sanitization of data before providing it to AI models.Facilitation of consent opt-outs,access and deletion DSR fulfillments,and com
29、pliance-driven user disclosures.Discover AI ModelsDiscover AI ModelsAssess AI Model RisksAssess AI Model RisksMap Data+AI FlowsMap Data+AI FlowsImplement Data+AI ControlsImplement Data+AI ControlsComply with ConfidenceComply with ConfidenceSafe Ingestion of DataSafe Ingestion of DataSecurity Control
30、s&LLM Security Controls&LLM FirewallsFirewallsPublic CloudsPublic CloudsPrivate CloudsPrivate CloudsSaaS CloudsSaaS CloudsData CloudsData CloudsLLMsLLMsDataDataSensitive DataSensitive DataAccess Credentials Access Credentials Enabling Safe Use of Data and AIEnabling Safe Use of Data and AIStrictly C
31、onfidential Information of Securiti AIStep 4.Step 4.Implement Data+AI Implement Data+AI ControlsControls AI assistants,AI bots,and AI agents will be focus of external attacks,malicious internal use and configuration mistakes.Security controls on interactions with AI models,using Securiti LLM firewal
32、ls for prompts and data retrievals.Discover AI ModelsDiscover AI ModelsAssess AI Model RisksAssess AI Model RisksMap Data+AI FlowsMap Data+AI FlowsImplement Data+AI ControlsImplement Data+AI ControlsComply with ConfidenceComply with ConfidenceSafe Ingestion of DataSafe Ingestion of DataSecurity Cont
33、rols&LLM Security Controls&LLM FirewallsFirewallsAssistants Assistants CodeCodeNew Category New Category of Appsof AppsInsights&Insights&AutomationsAutomationsLLMsLLMsInnovationsInnovationsPrompt InjectionPrompt InjectionAdversarial AttacksAdversarial AttacksData ExfiltrationData ExfiltrationEnablin
34、g Safe Use of Data and AIEnabling Safe Use of Data and AIStrictly Confidential Information of Securiti AIStep 5.Step 5.Comply with RegulationsComply with RegulationsCheck compliance with global AI standards such as NIST AI RMF,EU AI Act etc.Stay ahead of the curve with continuous compliance assessme
35、nts,mitigating legal and reputational risks.Out-of-the-box extensive library of global AI regulations Automated compliance checks for technical controls associated with global AI regulations,including NIST AI RMF,EU AI Act,Data and AI Act,AI Bill etc.AI ROPA reportsDiscover AI ModelsDiscover AI Mode
36、lsAssess AI Model RisksAssess AI Model RisksMap Data+AI FlowsMap Data+AI FlowsImplement Data+AI ControlsImplement Data+AI ControlsComply with ConfidenceComply with ConfidenceConfidential Presentation Under NDA -Do Not Distribute-No Screenshots Pls171.1.MobilizeMobilize and identify target cloud serv
37、ice providers and structured applications2.2.Execute Execute scanning and analysis powered by Securiti AI services3.3.Deliver Deliver key findings,insights,and an executive report in less than 2 weeksmySecurity DiagnosticmySecurity DiagnosticSecuriti.ai Data Command CenterOutcomes:Outcomes:Discover
38、AI ModelsDiscover AI ModelsExecutive Summary Report OutputExecutive Summary Report OutputmySecuritymySecurity Diagnostic for Secure AIDiagnostic for Secure AIRapidly identify shadow AI and assess AI risks to secure the digital core and accelerate Responsible AIYourYour Data Command CenterData Comman
39、d CenterContextual Data+AI Intelligence&AutomationContextual Data+AI Intelligence&AutomationAI ModelAI ModelDiscoveryDiscoveryCatalog AI models Catalog AI models in use across in use across public clouds and public clouds and SaaS applicationSaaS applicationAI RiskAI RiskAssessmentAssessmentEvaluate
40、 risks Evaluate risks related to data and related to data and AI models from AI models from public clouds and public clouds and SaaSSaaSData&AI Data&AI MappingMappingMap models to Map models to data sources,data sources,processes,processes,vendors,and morevendors,and moreData&AI Data&AI Controls Con
41、trols Establish sensitive Establish sensitive data controls in data controls in model inputs and model inputs and outputs outputs Regulatory Regulatory ComplianceComplianceConduct Conduct assessments to assessments to comply with comply with standards such as standards such as NIST AI RMFNIST AI RMF
42、Additional CapabilitiesDiagnostic CapabilitiesIdentify and catalog sanctioned and unsanctioned/shadow AI models across public clouds,private clouds,and SaaS applicationsAssess AI RiskAssess AI RiskAnalyze and report risks of identified data and AI models against identified regulatory requirements an
43、d leading security frameworksRecommendations for Securing Gen AI Recommendations for Securing Gen AI 18Copyright 2024 Accenture.All rights reserved.1Add Gen AI Security in the GRC model(Governance,Risk and Compliance)2Evaluate the Gen AI Security Risk level with Intelligence-Led Cyber Assessment and
44、 Attack Simulations3Secure the Gen AI EnvironmentsApproaching Gen AI DifferentlyAdopt Gen AI-Powered Cyber Defense Solutions4AI GovernanceAI GovernanceCertificationCertificationEnroll NowEnroll NowAIGovernance.centerAIGovernance.centerLearn MoreLearn MoreResources addressing emerging regulations&the
45、 governance of AI,Worldwide Leader in Worldwide Leader in IDC MarketScape:IDC MarketScape:Data Privacy Data Privacy Compliance Compliance SoftwareSoftwareLearn MoreLearn MoreLearn MoreLearn MoreHow Did Things Go?(We Really Want To Know)Did you enjoy this session?Is there any way we could make it bet
46、ter?Let us know by filling out a speaker evaluation.1.Open the Cvent Events app.2.Enter IAPP AIGG24(case and space sensitive)in search bar.3.Tap Schedule on the bottom navigation bar.4.Find this session.Click Rate this Session within the description.5.Once youve answered all three questions,tap Done.