Annual Computer Security Applications Conference (ACSAC) 2023

Generative AI: A Security Case Study for Regulated Financial Service Organizations

ABSTRACT: Security and trust for Generative AI and Large Language Models must fully leverage existing cybersecurity practice, while stretching well beyond that practice to wholly new dimensions of responsible development, application, and operation. These emerging areas are also rapidly evolving with dramatic changes to a) our innovation in AI platforms, algorithms and applications, b) our understanding of AI associated vulnerabilities, c) our understanding of AI threats and d) our consequent efforts to cultivate and sustain trust, across the growing AI ecosystem and market. It is very much worth taking the time to translate these abstract insights and trends, into their concrete expression in real world engagement. In this Case Study session, we will review the security learnings from full lifecycle engagements in hosting Generative AI model training/fine tuning for regulated financial services organizations. We will review the resulting and concrete platform, service and process security and control requirements, resulting from existing conventional and AI regulation and contracts. Finally, we will consider how such requirements are likely to change with new AI-specific regulation and legislation, and the concrete impact on new technical security and control provisions.

BIO: Dennis Moreau is a Sr. Director of Security for AI at Intel Corporation. His technical and research focus is on emergent issues in systemic trust-ability for AI systems. Dennis has been a Sr. Engineering Architect for Cybersecurity in the VMware Offices of the CTO, a Senior Research Technologist in the RSA Office of the CTO, a Founder and CTO of Configuresoft (acquired by EMC), a CTO and Co-PI in Computation Medicine at Baylor College of Medicine. Dennis holds a doctorate in Computer Science and has been tenured as a faculty member in that discipline. He is deeply engaged in directional cybersecurity and trust standards and regulatory efforts globally.

Dennis Moreau