Matteo Meucci

Building Trustworthy AI in Industry: Beyond Traditional Cybersecurity

Is your secure code enough to build trustworthy AI? Discover why traditional security fails and how to evolve your SDLC for this new era.

Building Trustworthy AI in Industry: Beyond Traditional Cybersecurity
#1about 3 minutes

Why trustworthy AI requires more than cybersecurity

AI systems introduce behavioral risks that traditional security practices like secure coding and penetration testing do not fully address.

#2about 3 minutes

Understanding the new risks and attack vectors in AI

AI's probabilistic nature creates unique risks like bias and toxicity, while new attack vectors like prompt injection expand the traditional attack surface.

#3about 2 minutes

Why traditional security tools are insufficient for AI

Tools like SAST and DAST, designed for explicit code, cannot adequately assess emergent AI behaviors like bias, hallucinations, or malicious prompt following.

#4about 4 minutes

How AI accelerates vulnerability discovery for attackers and defenders

AI models can be used to find and explain security issues in code, accelerating the race between attackers discovering exploits and defenders performing remediation.

#5about 3 minutes

Evolving from a secure SDLC to a trustworthy AI SDLC

The software development lifecycle must expand to a trustworthy AI SDLC, integrating concerns like data quality, model fairness, and continuous monitoring from the start.

#6about 1 minute

A security model covering data, model, code, and inference

A comprehensive GenAI security model must address four distinct areas: data governance, model validation, secure source code, and inference-time behavior monitoring.

#7about 1 minute

Defining the three dimensions of trustworthy AI

Trustworthy AI is built on three pillars: responsible AI for fairness and transparency, AI security for robustness, and AI privacy for data protection.

#8about 1 minute

Operationalizing trust with practical OWASP frameworks

OWASP provides practical frameworks like the Top 10 for LLMs and the AI Testing Guide to help organizations translate abstract principles into concrete practices.

#9about 4 minutes

Using the OWASP AI Testing Guide for layered validation

The OWASP AI Testing Guide provides a structured, risk-driven strategy for testing each layer of an AI system, from data and infrastructure to the model and application.

#10about 4 minutes

Assessing organizational readiness with the OWASP AI Maturity Assessment

The OWASP AI Maturity Assessment helps organizations evaluate their readiness for AI by assessing governance, policies, skills, and operational controls through a structured journey.

#11about 1 minute

Conclusion: Trustworthy AI requires organizational redesign

Building trustworthy AI is not just a technical challenge but an organizational one, requiring new skills, processes, and a commitment to continuous monitoring.

Related jobs
Jobs that call for the skills explored in this talk.

Featured Partners

Related Articles

View all articles

From learning to earning

Jobs that call for the skills explored in this talk.