StackAware

Deploy Securely

Manage risk at the junction of artificial intelligence and software security.

Author

StackAware

Category

Technology

Podcast website

www.buzzsprout.com

Latest episode

Jul 8, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

The state of AI assurance in 2024 12.09.2024

I was thrilled to have a leading voice on AI governance and assurance on the Deploy Securely podcast: Patrick Sullivan. Patrick is the Vice President of Strategy and Innovation at A-LIGN, a cybersecurity assurance firm. He’s an expert on the intersection of AI and compliance, regularly sharing expert insights about ISO 42001, the EU AI Act, and their interplay with existing regulations and best pr...

Securely harnessing AI in financial services 05.09.2024

I spoke with Matt Adams, Head of Security Enablement at Citi, about: - The EU AI Act and other laws and regulations impacting AI governance and security - What financial services organizations can do to secure their AI deployments - Some of the biggest myths and misconceptions when it comes to AI governance

How Conveyor deploys AI securely (for security) 25.07.2024

While using AI securely is a key concern (especially for companies like StackAware), on the flipside, AI has been supercharging security and compliance teams. Especially when tackling mundane tasks like security questionnaires, AI can accelerate sales and build trust. I chatted with Chas Ballew, CEO of Conveyor, about: - How AI can help with customer security reviews - What sort of controls Convey...

3 AI governance frameworks 12.07.2024

Drive sales, improve customer trust, and avoid regulatory penalties with the NIST AI RMF, EU AI Act, and ISO 42001. Check out the full post on the Deploy Securely blog: https://blog.stackaware.com/p/eu-ai-act-nist-rmf-iso-42001-picking-frameworks

Accelerating AI governance at Embold Health 08.07.2024

No sector is more in need of effective, well-governed AI than healthcare. The United States spends vastly more per person than any other nation, yet is in the middle of the pack when it comes to life expectancy. That’s why I was so excited to work with Embold Health to measure and manage their AI-related cybersecurity, compliance, and privacy risk. Recently I had the pleasure of speaking with thei...

The top 3 AI security concerns in healthcare 02.07.2024

-

Who should get ISO 42001 certified? 02.07.2024

1) Early-stage AI startups often grapple with customer security reviews, making certifications like SOC 2 or ISO 27001 essential. However, ISO 42001 might be more suitable for AI-focused companies due to its comprehensive coverage. 2) Larger corporations using AI to manage sensitive data face scrutiny and criticism. These companies can validate their AI practices through ISO 42001, offering a cert...

Compliance and AI - 3 quick observations 17.04.2024

Here are the top 3 things I'm seeing: 1️⃣ Auditors don’t (yet) have strong opinions on how to deploy AI securely 2️⃣ Enforcement is here, just not evenly distributed. 3️⃣ Integrating AI-specific requirements with existing security, privacy, and compliance ones isn’t going to be easy Want to see a full post? Check out the Deploy Securely blog: https://blog.stackaware.com/p/ai-governance-compliance-...

Code Llama: 5-minute risk analysis 13.12.2023

Someone asked me what the unintended training and data retention risk with Meta's code Llama is. My answer: the same as every other model you host and operate on your own. And, all other things being equal, it's lower than that of anything operating -as-a-Service (-aaS) like ChatGPT or Claude. Check out this video for deeper dive? Or read the full post on Deploy Securely: https://blog.stackaware.c...

4th party AI processing and retention risk 04.12.2023

So you have your AI policy in place and are carefully controlling access to new apps as they launch, but then... ...you realize your already-approved tools are themselves starting to leverage 4th party AI vendors. Welcome to the modern digital economy. Things are complex and getting even more so. That's why you need to incorporate 4th party risk into your security policies, procedures, and overall...

Sensitive Data Generation 27.11.2023

I’m worried about data leakage from LLMs, but probably not why you think. While unintended training is a real risk that can’t be ignored, something else is going to be a much more serious problem: sensitive data generation (SDG). A recent paper (https://arxiv.org/pdf/2310.07298v1.pdf) shows how LLMs can infer huge amounts of personal information from seemingly innocuous comments on Reddit. And thi...

Artificial Intelligence Risk Scoring System (AIRSS) - Part 2 13.11.2023

What does "security" even mean with AI? You'll need to define things like: BUSINESS REQUIREMENTS - What type of output is expected? - What format should it be? - What is the use case? SECURITY REQUIREMENTS - Who is allowed to see which outputs? - Under which conditions? Having these things spelled out is a hard requirement before you can start talking about the risk of a given AI model. Continuing...

Artificial Intelligence Risk Scoring System (AIRSS) - Part 1 07.11.2023

AI cyber risk management needs a new paradigm. Logging CVEs and using CVSS just does not make sense for AI models, and won't cut it going forward. That's why I launched the Artificial Intelligence Risk Scoring System (AIRSS). A quantitative approach to measuring cybersecurity risk from artificial intelligence systems, I am building it in public to help refine and improve the approach. Check out th...

How should we track AI vulnerabilities? 30.10.2023

The Cybersecurity and Infrastructure Security Agency (CISA) released a post earlier this year saying the AI engineering community should use something like the existing CVE system for tracking vulnerabilities in AI models. Unfortunately, this is a pretty bad recommendation. That's because: - CVEs already create a lot of noise - AI systems are non-deterministic - So things would just get worse In t...

Generative AI and Unintended Training 23.10.2023

🔐 Think self-hosting your AI models is more secure? It might be...or not! In this video, we dig into the topic of AI model security and introduce the concept of "unintended training." ▶️ Key Highlights: - The myth that self-hosting AI models is necessarily better for security - Decision factors when choosing between SaaS vs. IaaS - Defining "Unintentional Training" and its implications Read more...

Who should make cyber risk management decisions? 23.10.2023

It's a tougher challenge than many security folks talk about. Who should have the final say about whether to accept, mitigate, transfer, or avoid risk? - Cybersecurity? - Compliance? - Legal? The answer: None of them. Check out this episode of Deploy Securely to learn who should. Or read the original blog post here: https://blog.stackaware.com/p/who-should-make-cyber-risk-management

Listen to the Deploy Securely podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.