­
Gen AI & Deepfake In Overall Security - All Articles - CISO Platform

Gen AI & Deepfake In Overall Security

The rapid integration of AI, notably Gen AI, across sectors like manufacturing, finance, and technology is revolutionizing operations with advanced analytics and tailored services. However, this transformation underscores heightened concerns surrounding data security, necessitating rigorous measures. Organizations must implement stringent protocols such as prompt-based firewalls to thoroughly screen data and educate users on responsible usage of Gen AI. Establishing isolated development environments is critical to mitigating risks during application development and deployment phases. Tools like Copilot, which indirectly interface with Gen AI, highlight the importance of ensuring security and regulatory compliance, such as ISO 42001. Deploying single sign-on (SSO) systems and robust monitoring mechanisms ensures controlled access and guards against misuse of Gen AI outputs.

 

- by Thamaraiselvan, Hexaware; Gowdhaman, Lumina Datamatics

Executive Summary:

Industry Statistics

  • Blocked Generative AIs: The top blocked generative AIs include OpenAI and ChatGPT.
  • Domains: Various business verticals like manufacturing, finance, technology, and services are adopting generative models.
  • Trends: Highlighted trends in generative AI adoption across different industries.

Threats and Risks

  • General Awareness: Emphasizes the inevitability of integrating generative AI into business operations, similar to the ubiquity of Google.
  • Blocking Approach: Suggested to initially blocking all open generative AI domains and then selectively opening specific aspects based on business needs.
  • Understanding Business Models: Important to understand why an organization requires access to generative AI to determine what to allow and block.

Security Best Practices

  1. Guideline Document: Essential for creating awareness and managing access levels. Ensures users understand how to use generative AI without leaking sensitive information.
  2. Isolated Environments: Develop generative AI in separate environments to conduct security scans and analyze behavior patterns.
  3. No Sensitive Information: Avoid using sensitive customer information in generative AI prompts. Implement network and proxy DLP services and emerging technologies like prompt-based firewalls.
  4. Customized Generative AI: Create custom interfaces for users to interact with generative AI through API calls, providing better control over file uploads and prompt responses.
  5. SSO Integration: Adopt Single Sign-On (SSO) for generative AI platforms to maintain user authentication and access appropriateness.
  6. Monitoring Access: Use emerging technologies like LLM-based firewalls to monitor generative AI access and scrutinize outputs for appropriateness and malicious content.
  7. Vulnerability Assessments: Conduct proper vulnerability assessments and penetration testing for applications developed using generative AI.

Emerging Technologies and Approaches

  • Indirect Use of Generative AI: Tools like co-pilots using LLM models should have security measures in place. Ensure proper scrutiny of generative AI interfaces in products.
  • Supplier Security: Probe suppliers on their security practices when they use generative AI capabilities within their products.
  • Information Rights Management (IRM): Utilize IRM systems, especially when uploading files or fine-tuning presentations, to add an additional security layer.

Challenges and Legal Considerations

  • Assuring Data Segregation: Highlighted the challenge of ensuring that generative AI models trained with an organization's data do not inadvertently train other models.
  • Legal and Regulatory Measures: Currently rely on legal and regulatory contracts to assure data segregation.
  • Emerging Security Models: Need for LLM-based firewalls and other emerging security models to enhance data protection.

 

The task force discussion provided a comprehensive overview of security best practices for generative AI adoption, emphasizing the importance of creating awareness, isolating environments, monitoring access, and leveraging emerging technologies to ensure data security. The disscussion also highlighted the challenges of assuring data segregation and the evolving landscape of legal and regulatory measures.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events