In the final part of our blog series, we will look at controls and compliance. As GenAI moves from possibility to practical implementation, concerns over governance will increase and regulations will become more frequent. All of this leads to a need for flexible controls used broadly. For example, will CISOs and CIOs struggle to renew their cyber policies without demonstrable controls in place?
AI Regulations – Imminent – Numerous governing bodies across the world have put forth standards and frameworks inevitably leading to mandatory regulations for AI. In Europe, the EU has put forth the “AI Act”, the OECD has put out the “AI Principals” framework, UNESCO has created the “Recommendation on the Ethics of AI” framework. Closer to home in the United States, NIST has created the “AI Risk Management Framework”, and even the White House has proposed the “Blueprint for an AI Bill of Rights”. All of these have direct ties to regulatory bodies, and most have stated intention to provide regulations for AI.
AI Controls for Cybersecurity Renewal – AI is being used both as a tool by Cyber insurance companies to increase the speed of underwriting policies, and also as a factor in deciding the cost of the premium. Increasingly, insurance, and re-insurance companies are looking for AI Security controls to mitigate the blast radius of AI-based data loss. This includes both usage-based data loss, but also threats that leverage AI technologies to deleterious effect against business.