For third-party applications, is your organization putting in place any systemic review to identify new AI features that have been introduced, so that they can undergo an AI risk evaluation?

Applications & Platforms
1.9k viewscircle icon5 Comments
Sort by:
CTO for Digital & IT in Healthcare and Biotech8 months ago

We have introduced a new AI-specific risk analysis step for all new applications, as an add-on to the standard cyber risk evaluation. It's still a work in progress to calibrate how much effort to spend on these new risk evaluations for various kinds of apps, but it is a good first step

Lightbulb on2 circle icon1 Reply
no title8 months ago

Thank you for this response. We feel good that we are catching AI capabilities in net-new applications / vendors, but our existing vendors are turning on capabilities with varying degrees of formal notice and configurability and we're trying to get a better handle on that.

Director of IT in Manufacturing8 months ago

This is in our to-do list, but we have not started to do this yet. However, this would be a combination of our Enterprise Digital team (identify AI capabilities in 3rd party systems we want to utilize) and our Cybersecurity team (risk evaluation).

Lightbulb on1
Director of IT8 months ago

no we dont, but we block AI Apps unknown on our firewall. So as long as the Firewall is able to detect the AI Application, it will be blocked. Good Example is Adobe Acrobat - the AI feature of sending (confidential) documents to the Cloud for analysis was blocked. 
Negative Example ist MS Copilot - depending on which copilot feature and access method, there are some loopholes not detected by the firewall as it is sometimes classified as Bing Search etc.

Lightbulb on2 circle icon1 Reply
no title8 months ago

Thanks, this is very helpful and I appreciate the examples. I'm referring to apps like Jira, AuditBoard, ServiceNow, Workday, etc., that add AI capabilities to the app... where it's not an "AI" app but they are adding AI capabilities.

Content you might like

We are dealing with a specific issue in our VDI non-persistent environment, which operates using Omnissa Horizon (formerly VMware). We are employing a hybrid join for authentication that integrates ADFS and Entra ID.   Here are the details of our problem:   1. **Environment**: VDI non-persistent using Omnissa Horizon 2. **Authentication Method**: Hybrid join with ADFS and Entra ID 3. **Issue**: Users are experiencing difficulties authenticating to Microsoft 365 apps within the virtual machine. The authentication process gets stuck in a loop when attempting to access the smartcard. I would appreciate any insights or experiences from others who have encountered similar issues or have a similar environment working successfully.

Has anyone implemented Zelle directly with EWS (Enterprise Web Services) instead of going through a reseller-hosted experience? What were the biggest architectural, compliance, and operational challenges you encountered, and how did you address them? Can you please share your views on below...

1. Integration Complexity (How did you handle real-time messaging and settlement flows with Zelle via EWS & what middleware or orchestration layers were required?)

2. Compliance & Risk: What additional regulatory or fraud controls did you need to implement without the buffer of a reseller? How did you manage OFAC screening, KYC, and transaction monitoring?

3. Customer Experience: Were there any trade-offs in terms of UI/UX or mobile app integration? How did you handle customer support and dispute resolution? 
4. Operational Overhead: What internal capabilities did you need to build or scale (e.g., 24/7 support, reconciliation, exception handling)? How did you manage updates and changes to the Zelle network?  
5. Cost-Benefit Analysis: Was the direct integration more cost-effective in the long run? How did you measure ROI compared to a hosted solution?

6. Vendor & Network Relationships: What was your experience working directly with Early Warning Services (EWS)? Were there onboarding or certification hurdles?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%

View Results

We implemented Oracle HCM recently including Redwood.  Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

Which business function do you see the most need for automation?

Sales11%

Marketing30%

Accounts Payable22%

Accounts Receivable14%

Legal5%

HR12%

Other (pls comment)3%

View Results