Page 29 - GS250402
P. 29

Insights and Expertise


        Additionally, LLMs introduce unique security risks. While   you to discover the pre-trained AI models already used
        financial risk models operate in controlled environments,   within  systems.  Next,  in  collaboration  with  stakehold-
        LLMs can be manipulated through adversarial attacks,    ers, decide on the organizations' risk tolerance and create
        prompt injections or unintentional data leaks. Their mas-  policies to enforce it, outlining the specific criteria all AI
        sive scale and opaque decision-making processes make    models must meet before they can be used within applica-
        explainability and control far more challenging than be-  tions. Next, implement governance controls at the point of
        fore.                                                   model selection. Using tools to evaluate open-source mod-
                                                                els based on security, quality and compliance can mitigate
        The growing governance gap                              risk before deployment. For existing models, financial in-

        Many organizations don't know which LLMs are being      stitutions must build an inventory, establish strict policies
        used, where they're deployed or what risks they pose.   and implement automated enforcement mechanisms.
        Without strong governance, institutions risk compliance
        failures, reputational damage and security breaches.    And finally, implement technologies that warn when poli-
                                                                cies are violated, and allow you to block high-risk models
        Key governance challenges include:                      from being introduced into your environment. Ultimately,
                                                                robust LLM governance isn't just a regulatory necessity—
          • Model discovery: Identifying all LLMs in use across   it's essential to ensuring AI remains an asset, not a liability.
            the organization.                                   By applying the same discipline used in traditional model
          • Risk evaluation: Assessing biases, vulnerabilities and   governance, financial institutions can harness LLMs safe-
            data integrity.                                     ly and effectively.
          • Policy enforcement: Defining clear adoption and us-
            age standards.                                      Karl Mattson is known globally as a cybersecurity innovator with over 25
          • Security controls: Blocking high-risk models and mit-  years of diverse experience as an enterprise CISO, technology strategist
            igating threats.                                    and startup advisor across technology, retail and financial industry ver-
                                                                ticals. He serves today as the CISO for Endor Labs, a startup focused on
        Moving forward with stronger governance                 open source software and software supply chain security. Contact him
                                                                via LinkedIn at linkedin.com/in/karlmattson1.
        Start by building an inventory through tools that allow















































                                                                                                                29
   24   25   26   27   28   29   30   31   32   33   34