Deploy Securely

Deploy Securely focuses on managing cybersecurity risks at the intersection of artificial intelligence and software security. It offers guidance on AI security, data protection, risk management, legal considerations regarding AI, and strategies for using AI tools securely. The content targets CISOs, business leaders, and developers involved in AI deployments.

Artificial Intelligence Governance Cybersecurity Risk Management Legal and Compliance Issues in AI Data Protection and Privacy Strategies for Secure AI Deployment Intellectual Property in AI Investing in Cybersecurity Regulatory Frameworks for AI and Cybersecurity

The hottest Substack posts of Deploy Securely

And their main takeaways

Use ChatGPT Team without having your data retained forever

255 implied HN points • 19 Jan 24

Model training is off by default in ChatGPT Team, an improvement from previous versions.
ChatGPT Team brings customers under OpenAI's business terms of service, offering indemnification against claims.
Enterprise controls in ChatGPT Team are locked behind an upgrade, affecting data retention settings and security measures.

Master AI (governance) before it masters you

255 implied HN points • 17 Jan 24

🕹 Technology AI Security Governance Regulation Privacy

AI security and governance is crucial for businesses.
StackAware AI Security Maturity Model helps secure AI deployments.
The blueprint is designed for CISOs, CDAOs, and general counsels.

Answering the top 10 security questions non-technical executives ask about AI

216 implied HN points • 26 Jan 24

🕹 Technology AI Cybersecurity Compliance Privacy Training

Understand your business requirements before embarking on an AI project.
Develop clear policy guidance and maintain an AI asset inventory for security and privacy.
Awareness and training are key to defending against AI-powered threats like fraud and phishing.

Block AI tools from scraping your site in 3 minutes

216 implied HN points • 10 Jan 24

🕹 Technology AI Tools Web scraping Artificial Intelligence Cybersecurity Compliance

Block major generative AI tools from scraping your website by adding specific directives to your robots.txt file.
Consider modifying your site's terms and conditions to prevent undesired activities like scraping by AI tools.
Blocking AI tools may impact your search and social media rankings, so find a balance between cybersecurity and potential repercussions.

Steal this NDA template to protect your data from AI training

176 implied HN points • 16 Jan 24

💼 Business Legal AI Data handling Risk management

Protecting confidential information is crucial in business operations.
Including specific AI language in NDAs can help address risks and increase transparency.
Addressing potential unintended training risks and data exposure in legal agreements is important for safeguarding information.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

How to structure intellectual property ownership agreements when training AI models

117 implied HN points • 02 Feb 24

🕹 Technology AI Intellectual Property Ownership Regulations

Prevent unintended exposure of confidential data when developing AI models
Reduce uncertainty about the IP ownership of the products of AI training
Specify training techniques and data sources to prevent data leakage

Understand how generative AI tools retain your data without dissecting their terms of service

78 implied HN points • 09 Feb 24

🕹 Technology AI Data security Legal Compliance

New products and services in the AI world frequently emerge, making it challenging to keep track of them all.
Excessive data retention poses security risks as well as legal implications.
It is crucial to stay updated on the data retention policies of service providers to manage security and legal risks effectively.

StackAware and Mithril Security: making private AI a reality

117 implied HN points • 12 Jan 24

🕹 Technology AI Cybersecurity Privacy Data Management Artificial Intelligence

Mithril Security offers tools for securing sensitive AI deployments.
StackAware assists companies in managing risks related to cybersecurity, compliance, and privacy in AI deployments.
Partnership between StackAware and Mithril Security combines expertise in AI threats and confidential AI for secure deployments.

Your security policies are terrible

58 implied HN points • 31 Jan 24

🕹 Technology Security Policies AI Compliance Data

Most security policies are often stagnant 'check the box' artifacts.
Lack of accountability in security policies can lead to unclear responsibilities.
Writing security policies as (no-)code can help maintain updates and improve clarity of accountability.

Get a Microsoft 365 Copilot security teardown without hours of documentation review

39 implied HN points • 24 Jan 24

🕹 Technology Security Privacy Data Governance AI Governance Data Management

Microsoft 365 Copilot provides detailed data residency and retention controls favored by enterprises in the Microsoft 365 ecosystem.
Be cautious of insider threats with Copilot as it allows access to considerable organizational data, potentially leading to inadvertent policy violations.
Consider the complexities of Copilot's retention policies, especially in relation to existing settings and the use of Bing for web searches.

Zoom's AI misstep

157 implied HN points • 08 Aug 23

🕹 Technology AI Data Privacy Cybersecurity

Zoom updated its terms to allow training AI models earlier this year.
Zoom clarified that it won't use audio, video, or chat content for AI training without opt-in.
Be cautious about opting into Zoom's generative AI features to avoid your content becoming part of their AI models.

Fearing the sheriff more than the bandits

157 implied HN points • 21 Jul 23

🕹 Technology Cybersecurity Compliance Risk management Government Regulation Data Protection

The fear of repercussions from authorities like prosecutors and regulatory agencies is often greater than that from hackers.
Cybersecurity professionals and their teams face severe consequences for non-compliance, even if the breach was not entirely their fault.
A flawed liability regime and focus on performative compliance rather than actual security measures contribute to the prioritization of checking boxes over protecting data.

Data classification mastery: 5 simple categories for handling sensitive information

19 implied HN points • 07 Feb 24

🕹 Technology Data Management Cybersecurity Data Privacy Regulations AI Governance

Effective AI governance requires clear data classification policies and procedures.
Avoid unnecessarily complex ascending levels of data sensitivity for easier management.
Utilize practical categories like Public, Confidential-Internal, and Confidential-External for better data handling.

How to define risk appetite and tolerance

157 implied HN points • 12 Jul 23

🕹 Technology Cybersecurity Risk management Compliance Business impact

Risk appetite is the baseline level of cybersecurity risk an organization is willing to accept.
Risk appetite should be defined in fungible units like dollars or engineer-hours, not security-specific terms.
Risk tolerance is the speed at which an organization must address risk above the established appetite to avoid compliance issues.

What is the difference between supply chain, third-party, and vendor risk management?

176 implied HN points • 10 Feb 23

Cybersecurity risk management addresses potential malicious events affecting data.
Vendor risk management involves compensating parties for goods or services, providing control.
Supply chain risk management includes managing risks from third, second, and fourth parties.

Deploy Securely investor resource center

117 implied HN points • 06 Jul 23

💼 Business Investing Cybersecurity Venture Capital Private Equity

Cybersecurity is a profitable industry.
Investors can benefit from resources and guides in cybersecurity investing.
Different types of investors, like VCs, PEs, and micro-PE firms, have specific resources available.

Harness AI

78 implied HN points • 28 Jul 23

🕹 Technology AI Cybersecurity Risk management Blogging Email Marketing

StackAware has pivoted to AI risk management.
Deploy Securely is now the official blog of StackAware.
A new email course highlighting StackAware's revised value proposition has been launched.

Frame AI risk using the NIST RMF

98 implied HN points • 09 Jun 23

🕹 Technology AI Risk management Security Governance Compliance

The NIST AI Risk Management Framework provides a governance, risk, and compliance framework for artificial intelligence.
The document highlights the challenges in AI risk management, including identifying and cataloging risks, emergent risks, and availability of reliable metrics.
The criteria to evaluate AI systems include validity, safety, security, accountability, transparency, privacy, and fairness in managing harmful bias.

The PyPI lockdown of 2023

98 implied HN points • 02 Jun 23

🕹 Technology Cybersecurity Malware Security Measures

PyPI, a popular repository for Python developers, suspended new uploads and user registrations due to an influx of malicious code.
Malicious packages on PyPI pose severe security threats, like running unintentional malware in your system.
Security measures to take include verifying package provenance, checking package names for accuracy, and using trusted hosts with pip.

Deploying Securely with ChatGPT

98 implied HN points • 16 Mar 23

🕹 Technology Artificial Intelligence Cybersecurity Policy

Generative AI tools can be risky but offer significant benefits.
Having a security policy template can help organizations use AI tools securely.
The provided policy template may need customization based on individual circumstances.

Deconstructing the National Cybersecurity Strategy

78 implied HN points • 03 Mar 23

🕹 Technology Cybersecurity Regulation Government Policy Data Privacy Business strategy

The National Cybersecurity Strategy emphasizes the need for businesses to adapt their cybersecurity strategies accordingly.
The strategy addresses the importance of defending critical infrastructure and the need to streamline cybersecurity regulations.
Business leaders should be aware of potential regulatory changes impacting software security and consider the implications of a national cyber insurance backstop.