This talk was recorded at NDC Manchester in Manchester, England. 
#ndcmanchester #ndcconferences #developer #softwaredeveloper    

Attend the next NDC conference near you: 
https://ndcconferences.com
https://ndcmanchester.com/

Subscribe to our YouTube channel and learn every day:   
/            @NDC 

Follow our Social Media!

https://www.facebook.com/ndcconferences
https://twitter.com/NDC_Conferences
https://www.instagram.com/ndc_conferences/

#ai #ml #sdlc #supplychain 

Generative AI offers incredible opportunities but comes with significant cybersecurity challenges. As adoption accelerates, so do the risks—data theft, model manipulation, poisoned training data, operational disruptions, and supply chain vulnerabilities. This talk introduces the "STOIC" framework—Stolen, Tricked, Obstructed, Infected, Compromised—to help you identify and mitigate these threats.

You'll have some key takeaways around:
* Understanding your Gen AI risks and how they link to the OWASP LLM Top 10 and MITRE ATLAS
* Hardening your systems and securing the supply chain
* Governing with clarity while staying agile

Generative AI is transformative but requires proactive, layered defences to avoid becoming a liability. With the right strategy, it can be a safe and game-changing tool for your organisation.

NDC Conferences

The STOIC framework provides a structured approach to securing generative AI applications through five threat categories: Stolen (data/model theft), Tricked (prompt injection and adversarial manipulation), Obstructed (denial of service), Infected (model poisoning and backdoors), and Compromised (infrastructure vulnerabilities). The framework draws parallels to Microsoft's STRIDE methodology but addresses AI-specific risks like model extraction, jailbreaking, resource exhaustion, and training data poisoning. Key mitigations include input/output validation, supply chain security, access controls, network segregation, continuous monitoring, and integrated DevSecOps pipelines. Unlike traditional software, generative AI's probabilistic nature and unbounded outputs create unique security challenges requiring lifecycle-wide defensive thinking.

STOIC Security: Shielding Your Generative AI App from the Five Deadly Risks - Jeff Watkins