Securing the AI Ecosystem

• Architect Secure AI Integration: Understand the data flow and architecture of enterprise GenAI tools1 to maintain the secure service boundary and apply existing organisational controls.

• Implement proactive data controls: Apply technical measures like data discovery, classification, and LLM firewalls (where applicable) to prevent unauthorised data access, accidental loss, and to enforce data-handling policies for data inputs and outputs.

• Monitor and manage risk (MEASURE & MANAGE): Select and apply quantitative and qualitative metrics to assess and track AI risks and trustworthiness characteristics throughout the AI lifecycle, enabling real-time monitoring and timely response.

• Detect and respond to security incidents: Identify and track emergent AI risks (such as adversarial examples, data poisoning, model exfiltration) and manage incidents by following documented procedures for tracking, responding to, and recovering from errors, and communicating incidents to relevant AI actors.

• Manage system connectivity: Enforce the policy that staff are not permitted to connect third-party GenAI software to university systems without explicit approval from DIT.

Julio is a cybersecurity and technology leader with 15+ years of experience in the IT sector, I specialise in tech leadership. Some of my specialities is cyber risk management, technical leadership, industrial cybersecurity (OT/IoT) and technical training/education.