The Hidden Risks of AI in DevSecOps скачать в хорошем качестве

The Hidden Risks of AI in DevSecOps

This video features Question 2 of a panel discussion focused on AI in DevSecOps, examining the top cybersecurity concerns organizations face when implementing AI and how standards and regulations should address the secure use of AI in software development. In this segment, Keng Lim, Founder and CEO of NextLabs, shares his perspective on the security risks associated with AI-driven DevSecOps, including the dangers of over-reliance on AI automation, insider risk, misconfiguration, misuse of AI models, and increased attack surfaces. He emphasizes the importance of maintaining strong human oversight and review processes for AI-generated code and decisions. Keng also outlines key areas where standards and regulations can play a critical role, including security and risk management, accountability and traceability, and AI model governance. He discusses the need for transparency around AI-generated code, version control practices to distinguish human-written and AI-generated code, secure use of SBOMs that include AI components, and policies to govern model validation, updates, drift monitoring, and third-party AI tool vetting. This discussion highlights the growing need for data-centric security, Zero Trust principles, and robust governance frameworks to ensure AI is used responsibly and securely within DevSecOps pipelines. Panelist: Keng Lim, Founder & CEO, NextLabs Background: Entrepreneur and founder of multiple software companies, holder of 90+ patents, and leader in Zero Trust, data-centric security solutions. Topics: AI Security, DevSecOps, AI Governance, Zero Trust, Secure Software Development, Standards and Regulations, Insider Risk Event Details: https://www.nccoe.nist.gov/get-involv... NIST National Cybersecurity Center of Excellence (NCCoE) Secure Software Development, Security, and Operations (DevSecOps) Practices Project Details: https://www.nccoe.nist.gov/projects/s... Subscribe to NextLabs:    / @nextlabsinc   Learn more about NextLabs: Website: https://www.nextlabs.com/ LinkedIn:   / nextlabs   Facebook:   / nextlabsinc   Twitter:   / nextlabs   About NextLabs: NextLabs®, Inc. provides zero trust data-centric security software to protect business critical data and applications. Our patented dynamic authorization technology and industry leading attribute-based zero trust policy platform helps enterprises identify and protect sensitive data, monitor and control access to the data, and prevent regulatory violations – whether in the cloud or on premises. The software automates enforcement of security controls and compliance policies to enable secure information sharing across the extended enterprise. NextLabs has some of the largest global enterprises as customers and has strategic relationships with industry leaders such as SAP, Siemens, Microsoft, AWS, Accenture, Deloitte, Infosys, and IBM. For more information on NextLabs, please visit http://www.nextlabs.com. Why NextLabs? NextLabs is a proven industry innovator and leader with 80+ patents awarded and another 30+ pending in dynamic authorization and ABAC. NextLabs solutions have been validated by industry leaders and analysts such as SAP, Microsoft, NIST, and Gartner. Comprehensiveness and performance of the NextLabs portfolio is unique in the industry.