Securing the ChatGPT in your organization by Oleksandr Pluzhnikov — Information Security Manager at ELEKS
Oleksandr talks about the usage of Generative AI models in a corporate environment, highlighting both the benefits and risks of this technology. In addition, you can find valuable insights on best practices for securing GenAI, ensuring that your organisation can leverage this powerful tool while maintaining data privacy and security.
2. AGENDA
01 Generative AI: Risks and Opportunities
02 Generative AI: Copyright
03 Generative AI: Frameworks and Legislation
04 Securing GAI in your organization
4. Serve as a tool to improve productivity of
employees (e-mails, presentations, coding)
New services available to your customers
(assistance, customization)
Generative AI
OVERVIEW
End-to-end execution of certain tasks in your
organization (support chat bot)
Support Perform Innovate
AI models that generate new contents (literature, audio,
videos, code). Foundation models are the new case of
generative AI that are trained on a broad corpus of data and
act as a “foundation” for more task-specific models.
5. GAI – RISKS IDENTIFIED
Sensitive information submitted to GAI
may be provided, in some form, to a
subsequent user resulting in data leakage.
“Mining” of data from GAI with the aim to
steal Intellectual Property.
01 CONFIDENTIALITY
GAI models may generate erroneous or
biased results due to poor design,, low
quality datasets or lack of testing.
In some cases, this could be happening
due to “dataset poisoning” type of attack.
02 INTEGRITY
High reliance of GAI and absence of
workarounds might result in significant
business interruptions in case of GAI
service outages.
03 AVAILABILITY
7. Copyright
The US Copyright Office stated that it will not register works produced by a machine or
mere mechanical process that operates randomly or automatically without any creative
input or intervention from a human author. The question is ‘whether the ‘work’ is
basically one of human authorship, with the computer [or other device] merely being an
assisting instrument, or whether the traditional elements of authorship in the
work…were actually conceived and executed not by man but by a machine.’” (See also
Trade-Mark Cases, 100 U.S. 82, 94 (1879) (copyright law only protects “the fruits of
intellectual labor” that “are founded in the creative powers of the mind”).”
Copyright Office policy, as currently stated in the Compendium
of U.S. Copyright Office Practices (3d Ed. 2021)
GAI-generated content is not covered by copyright protection
9. FRAMEWORKS AND LEGISLATION
Artificial
Intelligence Act
EU EC, Awaits parliament's
position in 1st reading
Classification of AI systems
into four categories:
unacceptable, high-risk,
limited, or minimal/low
Model AI Governance
Framework
Singapore PDPC, 2nd
revision
Detailed and readily-
implementable guidance to
organisations to address key
ethical and governance issues
when deploying AI solutions
AI Risk Management
Framework
US NIST, 1st version released
Well-defined approach to Risk
measurement for AI solutions.
03
02
01 04
Additional
references
GAI Implications for Trust and
Governance – Discussion
paper from Singapore’s IMDA
and Aicadium
Fast-changing legislation environment
may lead to implementation of non-
compliant solutions might require
significant rework and update.
11. OVERVIEW OF GAI CONTROLS
01
Policy/Governance
Defining the approach to AI
governance and management
in the organization and relevant
controls
02
AI Inventory
List use cases for AI models in
the organization,(owner,
purpose, data classification, risk
level)
03
Trainings
Training and awareness
program to ensure employees
are aware of allowed GAI
usage and their responsibilities.
04
Testing
Appropriate human supervision
and testing procedures have
been established for GAI models
to minimize the errors and bias.
05
Business Continuity
Business Continuity plans
include the scenarios for GAI
outages and defines recovery
procedures.
06
Tracking of GAI usage
Controls established to detect
and prevent unauthorized
usage of GAI
07
Legal controls
Continuous tracking of relevant
legislation, updates of
agreements in terms of
copyright and GAI usage.
12. Have a question? Write to
info@eleks.com
Find us at
eleks.com
Thank you
for your attention!