A CISO's Guide to Managing AI Supply Chain RiskChandan Pani of LTIMindtree Discusses AI Biases and Use Cases
Growing reliance on both AI and generative AI is posing new challenges to CISOs. For example, CISOs have limited visibility into how certain large language models were packaged, making it difficult for them to spot security and privacy risks, said Chandan Pani, CISO at LTIMindtree.
"LLMs are complex and often built using various open-source components and libraries," Pani said. "We don't have much details about these models, these products, how they were trained, their core security aspects of models - like the confidentiality part, the availability part and the privacy requirements."
He advised adhering to traditional security guardrails until the industry has security standards for AI products. "The AI product is not known to me, so at least I would prefer to stick to a known vendor," he said.
In this video interview with Information Security Media Group, Pani discussed:
- How AI bias can be managed;
- What organizations should look for in AI vendors;
- Best practices to manage supply chain risks.
Pani, who has more than 20 years of experience in cybersecurity, focuses on information security, secure delivery and data protection, cyber risk quantification, risk and compliance management, and governance.