The Securities and Exchange Commission (SEC) recently announced new rules on July 26, 2023, mandating that public companies report any significant cybersecurity incidents they experience. This landmark change aims to increase transparency for investors, necessitating a new level of scrutiny and consistency in the handling of cybersecurity incidents. With the growing prevalence of AI systems and their unique attack surfaces, these rules present both challenges and opportunities for public companies looking to adopt next generation AI.
Under the added Regulation S-K Item 106, the SEC expects registrants to outline their methods for identifying, assessing, and managing cybersecurity threats. Companies are also required to explain how their board of directors oversees these risks and the expertise of management in handling them. This directive places a clear responsibility on businesses to develop robust cybersecurity strategies, particularly as they relate to AI systems.
At Mantium, we appreciate the unique complexities AI systems introduce: technical vulnerabilities, reputational threats, and compliance risks. However, we’re also cognizant that with innovative solutions, these challenges can be overcome.
At Mantium, we understand the diverse risks that AI systems bring to the table: technical vulnerabilities, reputational hazards, and compliance risks. But we also know that these challenges are not insurmountable. In response, we have developed innovative solutions like Chirps, an open-source project that aids organizations in identifying sensitive information in vector databases. Chirps is especially useful for Retrieval Augmented Generation (RAG) systems, enabling enterprises to make their documentation available to AI systems for generating accurate and relevant responses.
As organizations grapple with the task of managing and safeguarding sensitive data, Mantium steps in as a trusted partner. Our state-of-the-art solution, engineered for next-generation AI RAG systems, enables granular control over data. This empowers your organization to assign permissions based on data types or individual entries, providing enhanced security and control. Coupled with comprehensive audit and logging features, this means not only secure usage of AI systems but also readiness for regulatory audits and disclosures. This strategic advantage allows for a more confident, transparent, and resilient posture in this new regulatory environment.
One scenario demonstrating the necessity for these safeguards involves personally identifiable information (PII) contained within vector databases. With many conventional systems, anyone with access to the chat interface could potentially query and retrieve this sensitive data, posing significant privacy and compliance risks. However, with Mantium’s solution, organizations can restrict access to such PII data, ensuring only authorized users can access it.
Another critical scenario concerns HIPAA (Health Insurance Portability and Accountability Act) data within an insurance company. It’s not uncommon for an underwriter to require access to a person’s medical information as part of the policy issuance process. In this case, only the underwriter actively working on the policy should have access to this information. By utilizing Mantium’s granular data control solution, insurance companies can manage access to sensitive health data, ensuring only authorized individuals have access and that their activity is closely monitored.
In both scenarios, our innovative approach ensures compliance with regulations, mitigates risk, and protects sensitive information, aligning with the SEC’s new directives on cybersecurity disclosures.
In light of the expanding cyber risk landscape, understanding potential vulnerabilities is crucial. NVIDIA’s AI Red Team has proposed a broad attack surface for AI systems, which outlines various potential vulnerabilities and tactics for mitigating them. Mantium leverages this and other insights to continuously refine our security strategies and protect our AI solutions.
As your organization begins to adopt generative AI and puts next generation AI systems into production, it is prudent to consider the following:
These questions serve as a guidepost to help you navigate the increasingly complex landscape of AI and cybersecurity. As always, at Mantium, we are here to assist you with cutting-edge solutions to address these challenges and meet the requirements of the new SEC rules. Let us help you secure your AI systems and protect your valuable data.
Most recent posts