Resilient Cyber w/ Ed Merrett - AI Vendor Transparency: Understanding Models, Data and Customer Impact

In this episode of Resilient Cyber, Ed Merrett, Director of Security & TechOps at Harmonic Security, will dive into AI Vendor Transparency.

We discussed the nuances of understanding models and data and the potential for customer impact related to AI security risks.

Ed and I dove into a lot of interesting GenAI Security topics, including:

• Harmonic’s recent report on GenAI data leakage shows that nearly 10% of all organizational user prompts include sensitive data such as customer information, intellectual property, source code, and access keys.
• Guardrails and measures to prevent data leakage to external GenAI services and platforms
• The intersection of SaaS Governance and Security and GenAI and how GenAI is exacerbating longstanding SaaS security challenges
• Supply chain risk management considerations with GenAI vendors and services, and key questions and risks organizations should be considering
• Some of the nuances between self-hosted GenAI/LLM’s and external GenAI SaaS providers
• The role of compliance around GenAI and the different approaches we see between examples such as the EU with the EU AI Act, NIS2, DORA, and more, versus the U.S.-based approach