3rd Party Risk Management , Governance & Risk Management , Video
A CISO's Guide to Managing AI Supply Chain Risk
Chandan Pani of LTIMindtree Discusses AI Biases and Use CasesGrowing reliance on both AI and generative AI is posing new challenges to CISOs. For example, CISOs have limited visibility into how certain large language models were packaged, making it difficult for them to spot security and privacy risks, said Chandan Pani, CISO at LTIMindtree.
See Also: OnDemand | Secure Your Vendor's Access from Attacks on Third-party Vulnerabilities
"LLMs are complex and often built using various open-source components and libraries," Pani said. "We don't have much details about these models, these products, how they were trained, their core security aspects of models - like the confidentiality part, the availability part and the privacy requirements."
He advised adhering to traditional security guardrails until the industry has security standards for AI products. "The AI product is not known to me, so at least I would prefer to stick to a known vendor," he said.
In this video interview with Information Security Media Group, Pani discussed:
- How AI bias can be managed;
- What organizations should look for in AI vendors;
- Best practices to manage supply chain risks.
Pani, who has more than 20 years of experience in cybersecurity, focuses on information security, secure delivery and data protection, cyber risk quantification, risk and compliance management, and governance.