­
Gen AI & Deepfake In Overall Security - All Articles - CISO Platform

All Articles

Gen AI & Deepfake In Overall Security

Posted by SWAATI SELVAKUMAR on July 14, 2024 at 8:01pm in Blog

The rapid integration of AI, notably Gen AI, across sectors like manufacturing, finance, and technology is revolutionizing operations with advanced analytics and tailored services. However, this transformation underscores heightened concerns surrounding data security, necessitating rigorous measures. Organizations must implement stringent protocols such as prompt-based firewalls to thoroughly screen data and educate users on responsible usage of Gen AI. Establishing isolated development environments is critical to mitigating risks during application development and deployment phases. Tools like Copilot, which indirectly interface with Gen AI, highlight the importance of ensuring security and regulatory compliance, such as ISO 42001. Deploying single sign-on (SSO) systems and robust monitoring mechanisms ensures controlled access and guards against misuse of Gen AI outputs.

 

- by Thamaraiselvan, Hexaware; Gowdhaman, Lumina Datamatics

Executive Summary:

Industry Statistics

  • Blocked Generative AIs: The top blocked generative AIs include OpenAI and ChatGPT.
  • Domains: Various business verticals like manufacturing, finance, technology, and services are adopting generative models.
  • Trends: Highlighted trends in generative AI adoption across different industries.

Threats and Risks

  • General Awareness: Emphasizes the inevitability of integrating generative AI into business operations, similar to the ubiquity of Google.
  • Blocking Approach: Suggested to initially blocking all open generative AI domains and then selectively opening specific aspects based on business needs.
  • Understanding Business Models: Important to understand why an organization requires access to generative AI to determine what to allow and block.

Security Best Practices

  1. Guideline Document: Essential for creating awareness and managing access levels. Ensures users understand how to use generative AI without leaking sensitive information.
  2. Isolated Environments: Develop generative AI in separate environments to conduct security scans and analyze behavior patterns.
  3. No Sensitive Information: Avoid using sensitive customer information in generative AI prompts. Implement network and proxy DLP services and emerging technologies like prompt-based firewalls.
  4. Customized Generative AI: Create custom interfaces for users to interact with generative AI through API calls, providing better control over file uploads and prompt responses.
  5. SSO Integration: Adopt Single Sign-On (SSO) for generative AI platforms to maintain user authentication and access appropriateness.
  6. Monitoring Access: Use emerging technologies like LLM-based firewalls to monitor generative AI access and scrutinize outputs for appropriateness and malicious content.
  7. Vulnerability Assessments: Conduct proper vulnerability assessments and penetration testing for applications developed using generative AI.

Emerging Technologies and Approaches

  • Indirect Use of Generative AI: Tools like co-pilots using LLM models should have security measures in place. Ensure proper scrutiny of generative AI interfaces in products.
  • Supplier Security: Probe suppliers on their security practices when they use generative AI capabilities within their products.
  • Information Rights Management (IRM): Utilize IRM systems, especially when uploading files or fine-tuning presentations, to add an additional security layer.

Challenges and Legal Considerations

  • Assuring Data Segregation: Highlighted the challenge of ensuring that generative AI models trained with an organization's data do not inadvertently train other models.
  • Legal and Regulatory Measures: Currently rely on legal and regulatory contracts to assure data segregation.
  • Emerging Security Models: Need for LLM-based firewalls and other emerging security models to enhance data protection.

 

The task force discussion provided a comprehensive overview of security best practices for generative AI adoption, emphasizing the importance of creating awareness, isolating environments, monitoring access, and leveraging emerging technologies to ensure data security. The disscussion also highlighted the challenges of assuring data segregation and the evolving landscape of legal and regulatory measures.

Views: 34
E-mail me when people leave their comments –
Follow

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

City Round Table Meetup - Mumbai, Bangalore, Delhi, Chennai, Pune, Kolkata

Apr 15, 2025 at 8:00am to May 15, 2025 at 10:00am UTC+5.5
India
  • Description:
    CISO Playbook Round Table Overview : 
    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology Implementation: From…
  • Created by: Biswajit Banerjee
  • Tags: ciso, playbook, round table

CISO Cocktail Reception At RSAConference USA, San Francisco 2025 !

Apr 29, 2025 from 5:45pm to 9:00pm PDT
San Francisco, America
  • Description:

    We are excited to invite you to the CISO Cocktail Reception if you are there at the RSA Conference USA, San Francisco 2025. It will be hosted aboard a private yacht, so that our CISO's can enjoy the beautiful San Francisco skyline while cruising the Bay Area! This event is organized by EC-Council with CISOPlatform and FireCompass as proud community partners. 

    Yacht Party…

  • Created by: Biswajit Banerjee
  • Tags: ciso, usa, san francisco, rsaconference 2025

Round Table Dubai 2025 | GISEC

May 8, 2025 from 6:00pm to 9:00pm UTC+04
Dubai
  • Description:
    CISO Playbook Round Table Overview : 

    Our round tables are designed to bring together top CISOs and IT leaders in intimate, focused sessions. These closed-door discussions will provide a platform to explore key security challenges and solutions. These sessions aim to create a focused, closed-door environment where 08-10 CISOs will dive deeply into the practicalities of implementing specific technologies.
    • Technology…
  • Created by: Biswajit Banerjee

CISO Platform: CISO 100 Awards & Future CISO Awards | In association with EC Council

Oct 1, 2025 at 9:00am to Oct 2, 2025 at 3:00pm UTC-04
Renaissance Atlanta Waverly Hotel & Convention Center
  • Description:

    Nominate for the CISOPlatform CISO 100 Awards & Future CISO Awards - Recognizing Cybersecurity Leaders. Recommend someone you know deserving of this prestigious accolade....Nominate your colleague, mentor, someone you admire or yourself !

    For more details: Click Here…

  • Created by: Biswajit Banerjee