Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Generative AI: Balancing security with innovation

The speed at which artificial intelligence (AI)—and particularly generative AI (GenAI)—is upending everyday life and entire industries is staggering. Slowing the progression of AI may be impossible, but approaching AI in a thoughtful, intentional, and security-focused manner is imperative for fintech companies to nullify potential threats and maintain customer trust while still taking advantage of its power.

AI threats to fintech companies

When I think about possible AI threats, top of mind to me is how AI can be weaponized:

  1. Threats to identity. Whether it’s deep fakes or simply more sophisticated phishing attempts, AI is making it easier to steal identities and ramping up the need for more accurate, faster authentication.
  2. Misinformation and manipulation of data. As AI becomes more powerful, its ability to manipulate data is increasing and making it difficult to stem the tide of misinformation. Additionally, related issues during use are risk of hallucinations and prompt engineering.
  3. Exploiting technology vulnerabilities. Bad actors have the potential to train AI to spot and exploit vulnerabilities in tech stacks or business systems.

While we can’t plan for every new threat that AI poses, it’s imperative to have the right AI usage guardrails in place at Discover® Financial Services and know how to quickly address any vulnerabilities.

Our approach to securing against AI threats and ensuring Responsible AI

At Discover, we’ve established an AI Governance Council, which consists of a cross-functional team of data scientists, cybersecurity experts, audit and compliance personnel, legal representatives, technologists, and decision-makers who collaborate to set standards to establish a framework for the adoption of AI in a responsible manner.

By including a wide range of participants who represent different facets of how AI is being used, unique use cases, and differing perspectives, we can create AI guardrails applicable across business units within Discover. Additionally, it’s paramount within the financial services sector to ensure responsible AI and adherence to regulatory guidance for model risk. Keeping our AI approach interpretable and managing bias becomes crucial.

At a high level, these guardrails relate to:

  1. Limiting access to all public large language models and preventing employees from using customer data within any public generative AI models
  2. Clear intake process that teams complete when they want to use public, vendor, or homegrown AI tools and models.
  3. Established risk management framework to evaluate the use cases and validate the controls to manage relevant risks
  4. Continuous authentication and authorization to maintain the principles of least privilege and context of user entitlement.
  5. Proper data labeling and logging to maintain confidentiality
  6. Human-in-the-loop validation to ensure each AI use case is reviewed and approved by a subject matter expert to ensure the accuracy and quality of the output is fit for purpose
  7. Recording inputs and documenting what we’re inputting into any language models—and the outcomes to ensure the integrity of the processes
  8. Established feedback loops so that we’re quickly getting and responding to feedback about using the models
  9. Required training for any employee using AI models in their work to ensure their work adheres to standards related to AI trust, transparency, trustworthiness, and the like.

As we deploy our guardrails, we also evangelize across teams at Discover through our internal learning platform, Discover Technology Academy, through various events and emails and required security training.

Managing GenAI testing and access with trusted partners

We don’t have the luxury of waiting to see how AI evolves before it affects our everyday life. We must deal with the threats it poses in real time—while taking advantage of the competitive advantages it offers.

To us, that takes shape by using closed language models, with AI partners we trust, to run proof of concepts and other tests that help us understand how to use GenAI in a trustworthy and transparent way. We have partnerships with large tech companies to test their AI offerings and tools in controlled, managed experiments.

Conclusion

As the Chief Information Security Officer (CISO) at Discover, I am both excited and sober about how generative AI will change the fintech landscape in the coming years. The trust we build with our customers is our most important asset—and we don’t take that for granted. Having clear guidelines for how employees can engage with and use AI models and mechanisms to enforce guidelines will help us enable innovation while ensuring the security of our customers, their data, and their assets.

Visit Discover Technology to learn more about Discover’s approach to security, AI, reliability and more.

Author

Shaun KhalfanShaun currently serves as the Senior Vice President, Chief Information Security Officer for Discover Financial Services. In this role, he is responsible for implementing the information security strategy, enabling the business, and securing customer data, digital assets, and payments with a focus on enabling digital transformation. 

Shaun has over 20 years of IT experience with specialization in information security and risk management. Shaun has held roles in increasing responsibility at the Department of Defense, culminating in the role of Chief Information Security Officer for the Department of Homeland Security, US Customs and Border Protection. He was Vice President, Chief Information Security Officer at Freddie Mac and most recently, he served as Managing Director, Chief Information Security Officer at Barclays International.

He serves on the board of the Kohl Children’s Museum, is an adjunct professor at Carnegie Mellon University, and an independent director at Valimail, a venture backed e-mail security company. Shaun is also a Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and a graduate of the Department of Defense Executive Leadership Development Program.

Artificial Intelligence
Read More from This Article: Generative AI: Balancing security with innovation
Source: News

Category: NewsSeptember 7, 2023
Tags: art

Post navigation

PreviousPrevious post:7 ways to ensure the success of product-centric reliabilityNextNext post:The multi-cloud era – a faster path forward for enterprises and Managed Services Providers

Related posts

휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
May 9, 2025
Epicor expands AI offerings, launches new green initiative
May 9, 2025
MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
May 9, 2025
오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
May 9, 2025
SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Recent Posts
  • 휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
  • Epicor expands AI offerings, launches new green initiative
  • MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.