Interview: Strategies employed by a CSO to safeguard his environment against generative AI risks

Interview: Strategies employed by a CSO to safeguard his environment against generative AI risks

In February, travel and expense management company Navan (formerly TripActions) chose to go all-in on ⁣generative AI‍ technology for a ⁤myriad of business and customer ‍assistance uses.

The⁣ Palo Alto, CA ‍company turned to ChatGPT from OpenAI and coding assistance tools from GitHub Copilot to ‌write, test, and fix code; the decision has boosted⁢ Navan’s operational efficiency and reduced overhead costs.

GenAI tools have also been used to build a conversational⁤ experience for the company’s client virtual assistant, Ava. Ava, a travel and expense chatbot ⁤assistant, offers customers answers to questions and a conversational booking experience. It can also offer data to business travelers, such as company travel spend, volume, and granular carbon emissions details.

Through genAI, many of ⁣Navan’s 2,500 employees have been able to eliminate redundant tasks and create code far faster than if they’d generated it from scratch. However, genAI tools are not without security ⁣and regulatory‌ risks.‌ For example, 11% of data employees paste into ChatGPT is confidential, according to a report from cyber security provider CyberHaven.

Navan

Navan CSO Prabhath Karanth

Navan CSO Prabhath Karanth⁢ has had to deal with the security risks posed by genAI, including data security leaks, malware, and potential regulatory violations.

Navan has a license for ChatGPT, but the company has allowed employees to use their own public instances of the technology — potentially leaking data outside company walls. That led the company to curb leaks and other threats through⁤ the use of monitoring tools⁤ in conjunction with a clear set of corporate guidelines.

One SaaS tool, for example, flags an employee when they’re ⁢about to violate company policy, which has led to greater awareness about security among workers, according to Karanth.

Computerworld spoke to Karanth about how he ⁢secured his organization from misuse and intentional or unintentional threats related to genAI. The following are excerpts from that interview.

For what purposes does ⁣your company use ChatGPT? “AI has been around a long time, but the adoption ⁤of AI in business to solve specific⁤ problems — this year it has ‍gone to⁢ a whole different ‍level. ‍Navan was one of the early adopters. We were one of the first⁣ companies in the travel and expense space that realized this tech ‌is ‍going to be disruptive. We adopted very early on in our⁢ product workflows…and also in our internal operations.”

Product workflows and internal operations. Is that ⁢chatbots to help employees answer questions and help customers to do ‍the same?⁤ “There are a few applications on [the] product side. We do have a workflow assistant called Ava, which is a chatbot powered by this technology. There are a ‍ton of features on our product. For ⁣example, there’s a dashboard where an admin can look ⁣up ‍information around travel and expenses related to their company. And internally, to power our operations, we’ve looked at…

2023-09-25 07:48:05
Original from www.computerworld.com

Exit mobile version