{
  "docId": "019dd923-5e88-73ef-bd5d-d8e3155278d5",
  "docSlug": "77909cdb81dba749",
  "documentTitle": "2023 AI Here and Now Gartner Business Quarterly 3Q23",
  "authorId": "Gartner",
  "authorName": "Gartner",
  "documentKindSlug": "consulting-deck",
  "documentKindLabel": "Consulting deck",
  "sourceTypeSlug": "industry_analyst",
  "sourceTypeLabel": "Industry analyst",
  "presentationDate": null,
  "orientation": "landscape",
  "aspectRatio": 1.778,
  "pageNumber": 46,
  "pageCount": 77,
  "prevPage": 45,
  "nextPage": 47,
  "slideType": "key_takeaways",
  "function": "recommend",
  "density": "overcrowded",
  "nDataPoints": 0,
  "notes": "Mentions Gartner's AI TRiSM framework.",
  "elementsJson": [
    "big_number",
    "headline_text",
    "paragraph",
    "numbered_list"
  ],
  "metadataConfidence": 1,
  "imagePath": null,
  "slideHref": "/slides/019dd923-5e88-73ef-bd5d-d8e3155278d5/46",
  "deckHref": "/decks/019dd923-5e88-73ef-bd5d-d8e3155278d5",
  "deckJsonHref": "/decks/019dd923-5e88-73ef-bd5d-d8e3155278d5.json",
  "deckAnchorHref": "/decks/019dd923-5e88-73ef-bd5d-d8e3155278d5#slide-46",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "CISOs should adjust security controls and implement our AI trust, risk and security management (AI TRiSM) framework — governance practices establishing security policies that are specific to AI.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd952-5643-744f-8952-31c5f0584b93",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": null,
      "kind": "framework",
      "text": "AI TRiSM",
      "attrs": null,
      "subkind": null,
      "toolName": "Structuring frame",
      "toolSlug": "structuring-frame",
      "confidence": null,
      "componentId": "019dd952-5643-744f-8952-36e0423caa17",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.6,
        "w": 0.25,
        "x": 0.68,
        "y": 0.23
      },
      "kind": "list",
      "text": "Recommendations: Adapt your control strategy to hybrid development models... Team up with the data science team... Train your security champions... Apply AI TRiSM principles... Add requirements for testing... Monitor model operation tool improvements.",
      "attrs": null,
      "subkind": "bullet",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "4d394b95-22dd-4b7e-8829-bd359e873c35",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.25,
        "x": 0.41,
        "y": 0.48
      },
      "kind": "paragraph",
      "text": "Implementing controls for GenAI applications will depend heavily on what kind of AI architecture an organization is using. If an organization builds and trains an in-house model, security and development teams share responsibility for protecting against the entire AI attack surface. Using synthetic data might improve security but also reduce the accuracy of the applications. These techniques are not available when hosting a pretrained out-of-the-box model.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "12ed715d-cf7f-44e2-a1c5-bfa2d877f957",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.2,
        "w": 0.25,
        "x": 0.41,
        "y": 0.68
      },
      "kind": "paragraph",
      "text": "With third-party models, companies must still address adversarial direct and indirect \"prompt injections,\" or the insertion of hidden instructions or context in the application's conversational or system prompt interfaces, or in the generated outputs. There are also digital supply chain management challenges related to the model itself. Then, even when hosting an out-of-the-box third-party application or model, CISOs and their teams will be responsible for infrastructure and data security, but will also have to be involved in managing third-party risks and vulnerabilities.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "1621348b-6311-4905-a4d3-c03972029f81",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.25,
        "w": 0.25,
        "x": 0.41,
        "y": 0.23
      },
      "kind": "paragraph",
      "text": "In addition to using third-party generative AI applications and services, many organizations will build their own versions that will pose new risks, such as attacks on ML models and data poisoning. That in turn creates new requirements for AI application security. CISOs should adjust security controls and implement our AI trust, risk and security management (AI TRiSM) framework — governance practices establishing security policies that are specific to AI.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "40ec859d-04fd-425c-97c4-34050301d6a6",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.03,
        "w": 0.15,
        "x": 0.8,
        "y": 0.92
      },
      "kind": "source-note",
      "text": "Gartner Business Quarterly 3Q23 | 46",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "7d83740e-58cc-456f-948a-2c9d2e8dc03d",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.24,
        "x": 0.123,
        "y": 0.23
      },
      "kind": "title",
      "text": "Development of new generative AI applications for the enterprise",
      "attrs": null,
      "subkind": "headline",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "0b1aded9-d3f2-4b6e-b830-4febca93c25e",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [
    {
      "name": "List presentation",
      "slug": "list-presentation",
      "agent": null,
      "layer": "slide",
      "matchId": "16c86598-6030-44d6-bbb9-76a271bd2445",
      "evidence": "Recommendations: Adapt your control strategy to hybrid development models... Team up with the data science team... Train your security champions...",
      "confidence": 0.8
    }
  ],
  "frameworks": [
    {
      "name": "AI TRiSM",
      "slug": null,
      "matchId": "3b94d04c-ea36-440c-93f4-9f5a961f1dca",
      "evidence": "Mentioned in text as a framework for governance practices.",
      "confidence": 1
    }
  ],
  "arcBeats": [
    {
      "to": 77,
      "from": 41,
      "beatId": "d4d1cd2f-fc50-47a7-b518-719d2cc33a44",
      "arcName": "The Sparkline",
      "arcSlug": "sparkline",
      "beatName": "New Bliss",
      "beatSlug": "sparkline-new-bliss",
      "evidence": "The document concludes by providing guidance and recommendations for businesses looking to leverage AI.",
      "position": 3,
      "confidence": 0.8,
      "parentBeatName": "Resolution",
      "parentBeatSlug": "resolution"
    }
  ],
  "loops": [],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}