Risk Management for LLMs

How do we develop machine learning models and systems taking fairness, accuracy, explainability, and transparency into account? How do we protect the privacy of users when building large-scale AI based systems? Model fairness and explainability and protection of user privacy are considered prerequisites for building trust and adoption of AI systems in high stakes domains such as hiring, lending, and healthcare. We will first motivate the need for adopting a “fairness, explainability, and privacy by design” approach when developing AI/ML models and systems for different consumer and enterprise applications from the societal, regulatory, customer, end-user, and model developer perspectives. We will then focus on the application of responsible AI techniques in practice through industry case studies. We will discuss the sociotechnical dimensions and practical challenges, and conclude with the key takeaways and open challenges.

Big data offers the promise of a data-driven business model generating new revenue and competitive advantage fueled by new business insights, AI, and machine learning. Yet without high quality data that provides trust, confidence, and understanding, business leaders continue to rely on gut instinct to drive business decisions. The critical foundation and first step to deliver high quality data in support of a data-driven view that truly leverages the value of big data is data profiling - a proven capability to analyze the actual data content and help you understand what's really there. View this webinar on-demand to learn five core concepts to effectively apply data profiling to your big data, assess and communicate the quality issues, and take the first step to big data quality and a data-driven business.

This document discusses the malicious use of artificial intelligence and provides recommendations to address this risk. It begins with background on AI capabilities and access. It then discusses common threat factors like expanding existing threats and introducing novel threats from superhuman AI. It identifies security domains like digital, physical, and political security that could be impacted. Recommendations are provided around policymaker collaboration, researcher responsibility, best practices from cybersecurity, and priority research areas like learning from cybersecurity and promoting a culture of responsibility. The document concludes with updates since its publication.

QU Speaker Series - Session 3 https://qusummerschool.splashthat.com A conversation with Quants, Thinkers and Innovators all challenged to innovate in turbulent times! Join QuantUniversity for a complimentary summer speaker series where you will hear from Quants, innovators, startups and Fintech experts on various topics in Quant Investing, Machine Learning, Optimization, Fintech, AI etc. Topic: Machine Learning and Model Risk (With a focus on Neural Network Models) All models are wrong and when they are wrong they create financial or non-financial risks. Understanding, testing and managing model failures are the key focus of model risk management particularly model validation. For machine learning models, particular attention is made on how to manage model fairness, explainability, robustness and change control. In this presentation, I will focus the discussion on machine learning explainability and robustness. Explainability is critical to evaluate conceptual soundness of models particularly for the applications in highly regulated institutions such as banks. There are many explainability tools available and my focus in this talk is how to develop fundamentally interpretable models. Neural networks (including Deep Learning), with proper architectural choice, can be made to be highly interpretable models. Since models in production will be subjected to dynamically changing environments, testing and choosing robust models against changes are critical, an aspect that has been neglected in AutoML.

How to deliver a successful product when technology landscape is new and rapidly changing? How to identify technology limitations before moving to production? What if there are no technology experts to answer your questions? Strategic prototyping can help development teams respond to these issues instead of blindly building full-scale products. I will not be offering silver bullets of simple recipes for success. Instead, you will learn about the practical guidelines for prototyping, combining architecture analysis and a variety of prototyping techniques. With some Big Data systems development flavor on top of it.

During the May 2024 SSP Conference in Boston, MA, Margie Hlava gave this presentation during the Industry Breakout Session on May 29, 2024.

The document discusses ethical hacking and penetration testing. It defines ethical hacking as using the same tools and techniques as cyber attackers, but doing so legally with permission to find vulnerabilities and help organizations improve their security. Several frameworks for penetration testing are described, including the process of reconnaissance, scanning systems, gaining access, maintaining access, covering tracks, and reporting findings. The importance of preparation, clear scope, and translating technical risks into business impacts for management is emphasized. Tips include using online resources to gather intelligence and building a toolbox of software and physical tools.

The application of artificial intelligence (AI) to software engineering (SE)-problem-solving has been around since the 80s when expert systems were first used. However, it is during the last 10 years that there has been a peak in the use of these techniques, first based on search and optimisation algorithms such as metaheuristics, and later based on machine learning algorithms. The aim is to help the software engineer to automate and optimise tasks of the software development process, and to use valuable information hidden in multiple data sources such as software repositories to execute insightful actions that generate improvements in the performance of the overall process. Today, the use of AI is trendy, and often overused as it could generate artificial results since it does not consider the subjective nature of the software development process requiring the experience and know-how of the engineer. With this Invited Talk, we will discuss different proposals to incorporate the human into the decision-making process in the application of AI for SE (AI4SE), from interactive algorithms to the generation of interpretable models or explanations.

This talk explores the basics of AI and machine learning from an application point of view. We run through basic definitions and examples. Then we talk about management of AI/ML projects.

Identity and Access Management for User login and departmental level and federation level. User can be easily manageable through identity and access Management

Machine learning and deep learning techniques are increasingly being used for cybersecurity applications like malware detection, spam filtering, and anomaly detection. As attacks become more sophisticated, machine learning can help security teams focus on important threats by analyzing large amounts of data. While machine learning is a powerful tool, security experts still need to provide guidance on what problems to solve and how to structure machine learning pipelines and evaluate results. Individuals and organizations should embrace machine learning by participating in online courses and challenges to gain hands-on experience applying these techniques.

Looking to build a robust machine learning infrastructure to streamline MLOps? Learn from Provectus experts how to ensure the success of your MLOps initiative by implementing Data QA components in your ML infrastructure. For most organizations, the development of multiple machine learning models, their deployment and maintenance in production are relatively new tasks. Join Provectus as we explain how to build an end-to-end infrastructure for machine learning, with a focus on data quality and metadata management, to standardize and streamline machine learning life cycle management (MLOps). Agenda - Data Quality and why it matters - Challenges and solutions of Data Testing - Challenges and solutions of Model Testing - MLOps pipelines and why they matter - How to expand validation pipelines for Data Quality

Link to Youtube video: https://youtu.be/OJMqMWnxlT8 You can contact me at abhimanyu.bhogwan@gmail.com My linkdin id : https://www.linkedin.com/in/abhimanyu-bhogwan-cissp-ctprp-98978437/ Threat Modeling(system+ enterprise) What is Threat Modeling? Why do we need Threat Modeling? 6 Most Common Threat Modeling Misconceptions Threat Modelling Overview 6 important components of a DevSecOps approach DevSecOps Security Best Practices Threat Modeling Approaches Threat Modeling Methodologies for IT Purposes STRIDE Threat Modelling Detailed Flow System Characterization Create an Architecture Overview Decomposing your Application Decomposing DFD’s and Threat-Element Relationship Identify possible attack scenarios mapped to S.T.R.I.D.E. model Identifying Security Controls Identify possible threats Report to Developers and Security team DREAD Scoring My Opinion on implementing Threat Modeling at enterprise level

1) The document discusses research challenges and advancements towards protecting critical cyber assets and infrastructure. It identifies threat actors and their increasing sophistication as well as common targets. 2) Oak Ridge National Laboratory is working on techniques like predictive awareness, operating through outages/attacks, and security in the cloud to address grand challenges. Their research strengths include computational cybersecurity, quantum simulation, and control systems security. 3) Technologies discussed include Hyperion Protocol for validating software functionality, Oak Ridge Cyber Analytics for detecting zero-day attacks using machine learning, and VERDE for power grid situational awareness.

Overview of the potential risks and challenges associated with the development and deployment of AI systems, as well as the recommended controls and best practices to mitigate them. The presentation covers the following topics: Design risks: These are the risks related to the design and specification of the AI system, such as lack of clarity, alignment, or validation of the objectives, assumptions, or constraints of the system. Some of the factors that contribute to these risks are: Inadequate or ambiguous problem definition Unrealistic or conflicting expectations or requirements Insufficient or inappropriate testing or evaluation methods Lack of transparency or explainability of the system’s logic or behavior Some of the recommended controls for these risks are: Define the problem and the scope of the system clearly and explicitly Involve relevant stakeholders and experts in the design process Use appropriate methods and metrics to test and evaluate the system’s performance and robustness Document and communicate the system’s objectives, assumptions, limitations, and uncertainties Provide mechanisms to explain or justify the system’s outputs or decisions Data risks: These are the risks related to the data used to train, test, or operate the AI system, such as data quality, availability, security, or privacy issues. Some of the factors that contribute to these risks are: Incomplete, inaccurate, or outdated data Biased, unrepresentative, or irrelevant data Unauthorized access, modification, or disclosure of data Violation of data protection laws or ethical principles Some of the recommended controls for these risks are: Collect, store, and manage data in a secure and compliant manner Ensure data quality, validity, and reliability through data cleaning, verification, and auditing Ensure data diversity, representativeness, and relevance through data sampling, augmentation, and analysis Protect data privacy and confidentiality through data anonymization, encryption, or aggregation Respect data rights and consent of data subjects and providers Operation risks: These are the risks related to the operation and maintenance of the AI system, such as system failure, malfunction, or misuse. Some of the factors that contribute to these risks are: Hardware or software errors or defects Environmental or contextual changes or uncertainties Adversarial or malicious attacks or manipulations Unintended or harmful consequences or impacts Some of the recommended controls for these risks are: Monitor and update the system regularly and proactively Adapt and calibrate the system to changing or uncertain conditions or scenarios Detect and prevent potential threats or vulnerabilities

The presentation is an extended in-depth version review of cybersecurity challenges with generative AI, enriched with multiple demos, analysis, responsible AI topics and mitigation steps, also covering a broader scope beyond OpenAI service. Popularity, demand and ease of access to modern generative AI technologies reveal new challenges in the cybersecurity landscape that vary from protecting confidentiality and integrity of data to misuse and abuse of technology by malicious actors. In this session we elaborate about monitoring and auditing, managing ethical implications and resolving common problems like prompt injections, jailbreaks, utilization in cyberattacks or generating insecure code.

This document discusses approaches for cybersecurity portfolio management. It addresses questions around identifying necessary versus unnecessary security products, gaps and overlaps in an existing portfolio, and defining a security strategy. Various frameworks are presented for conducting a structured portfolio analysis, including the OWASP Cyber Defense Matrix, CyberARM, Gartner's Security Posture Assessment, and the US-CCU Cyber-Security Matrix. Effective use of an existing security portfolio involves identifying control overlaps, integrating products, automating workflows, replacing multiple products, optimizing configurations, and ensuring appropriate coverage of assets based on a threat model.

“AGI should be open source and in the public domain at the service of humanity and the planet.”