AI Framework Security Risk Assessment

The Rapid GenAI Security Risk Assessment offering by DeepSeas partners with clients to assess high risk shadow usage of public Gen AI models and map information about GenAI applications inventory, usage policies, AI strategy architecture, compliance gap and risks.

The engagement provides the client with insights of Shadow AI risks, high risk users and sensitive data exposure through traffic analysis of browser based interactions from employees on AI Chatbots and other supported public models . Additionally, we perform risk workshops with relevant stakeholders to identify security gaps in GenAI models, usage, data protection and governance that help clients understand, prioritize and implement controls to secure their GenAI apps, data and monitor usage while maintaining compliance with applicable laws and regulations.

Our robust deliver methodology enables a standardized approach for the Rapid AI Security Risk Management and comprises of the following phases: -

 1.           Phase 1 – Assess

This initial phase assesses the exposures and threats in usage of Gen AI applications and models within your environment combining scanning outcomes through our partner's Gen AI Risk monitoring platform with our consultative assessment to provide insights of Shadow AI usage and potential security challenges related to GenAI adoption.

 2.           Phase 2 – Baseline

This Phase establishes the GenAI security requirements, safeguards, governance model and operational processes contextualized for your environment to ensure alignment with compliance standards and prioritizing remedial actions for gaps identified.

 3.           Phase 3 – Implement

This phase would help clients with implementation of security solutions to meet the baseline requirements to secure AI usage, guardrails and policies to protect sensitive data exfiltration and safeguards for hybridprivate AI models and GenAI applications in the ecosystem.

 4.           Phase 4 - Monitor

This phase which follows the implementation of the Gen AI security monitoring solution would be steady state in which we help administer the platform and monitor any configuration drifts, AI Runtime anomalies detection and incidents from Shadow AI usage and threats target GenAI applications.

 For scope of this project, we will execute only Assess phase and provide you with a detailed report on applicable use case and policies implemented, Shadow AI usage, Gen AI risks.

 The Rapid AI Security Risk Assessment includes the following service elements: 

• Implement and configure the Gen AI Shadow AI scanning solution
• Kickoff and GenAI Assessment
• GenAI Risk Workshop with key stakeholders
• Findings Summary
• Executive Summary Briefing

The deliverable Materials, resulting from completion of the Services, are detailed below:

The service(s) described in this Statement of Work will be delivered by DeepSeas according to the following assumptions, which will govern all work, deliverables, and interactions:

1. Services will be conducted remotely unless otherwise noted.

2. All work not specifically described in this Statement of Work will be subject to a Change Order. In these cases additional fees may apply.

3. All scheduled work will be performed during DeepSeas-defined normal business hours, which are Monday-Friday from 8:00am to 5:00pm. Any work performed outside of normal business hours will be subject to a Change Order.

4. Delivery delays caused solely by client or their agent are not covered under this Statement of Work and will be subject to a Change Order.

5. The Client will collaborate via DeepSeas' collaboration tools.

6. All DeepSeas projects will be initiated by an initialization call, not to exceed 1hr, including:

a. Client PoC’s

• Client main project point of contact (POC)
• For technical projects, DeepSeas requires an assigned technical POC.

b. DeepSeas PoC’s

• Project Manager
• Delivery Lead
• Where applicable, Delivery Support

 c. Agenda

• Project goals and objectives overview
• Timeline Review
• Deliverable Review
• Overview of the closeout process

1.   Client to assign a Single Point of Contact (Client POC) responsible for Client coordination and logistics.

2.   Client is responsible for providing DeepSeas with key stakeholder information such as name and email address

3.   The Client is responsible for scheduling and coordination of internal Client resources for all project work.

4.   The Client is responsible for the approval and implementation of draft documents within the organization.

5.   Client to provide necessary access, accurate and up-to-date inventory and asset information, and timely support for the DeepSeas delivery consultant during the assessment, planning, and implementation phases.

6.   Client to ensure that all relevant stakeholders are aware of the planned security measures and are trained to use the new security tools and processes.

7.   Client to review and approve all deliverables produced by DeepSeas as part of the Project. This includes providing feedback and revisions in a timely manner to ensure that the Project stays on track and meets the agreed-upon timelines.

8.   Client to allocate appropriate resources to support the Project, including personnel, equipment, and other necessary resources. This may involve reassigning staff members to work on the Project or acquiring new resources as needed.

9.   Client to provide the DeepSeas consultant with access to all necessary data and information required for the Project.

10. Client to provide advanced notification of any cancellations (including reschedules) according to CANCELLATIONS disclosure below.

• Client will have the following responsibilities before, during, and after the engagement:
• Including the DeepSeas delivery team on invites leveraging the client’s video conferencing platform.
• Provide necessary help to complete integration pre-requisites for the Gen AI Risk Assessment scanning tool
• Collaborate via DeepSeas’ collaboration tools.
• Having Client POC, empowered by executive management, to be available as needed.

As the provider of the services described in this Statement of Work, DeepSeas will have the following responsibilities before, during, and after the engagement:

1. Supplying a primary point of contact for all services being delivered.

2. Providing expertise to collaboratively develop an appropriate solution and timeframe.

3. Delivering all services referenced in this Statement of Work on time and aligned with Client’s expectations.

4. Timely billing for all services and expenses.