Key takeaways from Thoropass Connect 2024: Emerging threats and opportunities from AI

Thoropass recently held its first-ever Thoropass Connect, a one-day in-person event for infosec leaders and compliance professionals to network, safeguard their organizations for the future, and gain takeaways to apply to their day-to-day. At the event, Thoropass Sr. Customer Success Manager Elise Spitzer moderated a panel discussion on Emerging Threats and Opportunities from AI, featuring OpStream’s Mor Cohen-Tal, Sinch’s Dan Ross, and AIMon Labs’ Puneet Anand. The group discussed how they’re leveraging AI to propel their organizations forward while safeguarding against the emerging threats posed by AI. In case you missed it, here are the key takeaways. 

Organizations are using AI to be proactive and efficient

Mor Cohen-Tal is the co-founder and CTO of OpStream, a procurement operations platform that revolutionizes organizations’ purchasing processes. Her team leverages AI to free up manual time by streamlining audits and automatically monitoring systems for risk. As a fast-moving startup, OpStream relies on AI to stay agile, proactive, and compliant.

Dan Ross, Head of GRC at Sinch, a market leader in the CPAS space, explained how Sinch is leveraging AI to help Sinch manage security for its 4,500+ global employees. AI allows Sinch employees to gain secure, flexible access to critical systems while detecting and blocking fraudulent access attempts. 

For more on how AI Opstream, Sinch, and AIMon Labs are leveraging AI, watch this short snippet from the panel: 

AI brings new complexities and challenges

As a leader at an AI-native company, safeguarding proprietary data is top-of-mind for Puneet Anand, CEO and co-founder of AIMon, which optimizes LLM apps to produce high-quality, reliable outputs. As a company on the cutting edge of innovative, industry-transforming technology, AIMon’s cybersecurity policy requires added layers of protection training data, training models, and techniques. 

For Dan Ross, external and internal threads are top of mind. AI-specific vendors, for example, require added risk management measures beyond what you would do with any third party. There are also new measures to combat insider risks, most arising from unintentional employee behaviors. For instance, say a team member was to use an LLM to help answer an internal question. This behavior could pose a threat if your data is not correctly classified, which speaks to why compliance for LLMs is so important. 

For more on protecting against internal and external AI threats, check out this short clip from the event:  

Bring your team together around AI

Developing policies around AI is one thing – enforcing and maintaining them is another. For employees, security awareness training can be just another chore, said Mor Cohen-Tal. That’s why her approach is to communicate the outcomes and the why, framing security awareness training through the lens of protecting customer data. Additionally, reminding employees on how SOC 2 compliance, for example, is tied to their ability to sell the product and drive revenue ensures that security policies resonate. 

Meanwhile, Sinch has a dedicated AI leader, and “everything goes through the AI team,” according to Dan Ross. For smaller teams, Ross said establishing an internal risk register to remove personal biases around potential AI threats is a start. Being able to score AI tools for risk based on shared internal processes is where organizations can start to win. 

To learn more about how industry leaders are enforcing AI policies internally, watch this short clip from the event: 

There are new ethical considerations for organizations using AI

For Puneet Anand, whether an AI app is ethical almost always depends on the data it’s trained on and how it’s labeled. At AIMon and organizations like it, adequate data labeling is critical. The AIMon team follows explicit instructions for quality assurance when labeling data, allowing the model to train and yield the expected output. Beyond that, organizations need to ensure that any data they’re sending into an AI model is anonymized and free of private information.

Ethical AI starts with really understanding the technology, said Mor Cohen-Tal. After you’ve slowly and safely adopted an AI tool, manage your expectations. While you strive for bias-free and moral AI, don’t make your goal perfection because AI is not perfect, according to Tal-Cohen. “We should strive for AI to help us be better,” she said, “but perfect cannot be the enemy of the good enough.” In line with this mentality, the goals of adopting AI safely and understanding its implications are suitable. 

To dive deeper on future considerations for the ethical use of AI, check out this excerpt from the event: 

Last thoughts on emerging threats and opportunities from Thoropass Connect 2024

With an all-star speaker lineup and unique sessions, we’re still basking in the glow of Thoropass 2024. Along with the panel on emerging threats and opportunities from AI, our panel on navigating the responsible and ethical use of AI was not to be missed. But perhaps most exciting was our product showcase, in which Thoropass VP of Product, Andrew Persons, and Co-Founder and CEO, Sam Li, unveiled and gave attendees an exclusive look at our latest product innovations built to revolutionize your compliance process. These include new automated access reviews, AI-powered questionnaires, multi-product workspace, the Thoropass Integration Partner Program, and more. 

Ready to secure your spot at Thoropass Connect 2025? Sign up now for updates. To learn more and see how you can reach all your compliance goals in one platform, talk to a Thoropass expert today.