Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

LLM Risk Attributes for AI Category Services

Skyhigh CASB has introduced 17 new sub-categories under the AI services for shadow IT users to develop AI-related threat detection and better AI service classifications. 

We are extending our support by capturing Large Language Model (LLM) details for AI categories on the Cloud Registry to provide a deeper assessment of the risks related to AI services. LLMs are advanced AI models that can understand and generate human-like text based on their input. The LLMs play a crucial role in protecting AI-generated content in Cloud Services.

LLM support in the AI category enhances protection of your AI services against threats. Following are the advantages of including LLMs into AI services:

  • Visibility. Improve visibility into Shadow AI Cloud Services by processing and summarizing the data and quickly responding to potential threats.
  • Risk Assessments. Enhance risk assessment by analyzing historical data and prioritizing threats based on risk scoring.

Skyhigh Collaboration with Enkrypt AI

Enkrypt AI secures Generative AI and governs compliance and risks with seamless monitoring of the AI services. Skyhigh collaborates with Enkrypt AI to enforce controls and offer detailed visibility into AI operations. Accordingly, Enkrypt AI provides the LLM security attribute values for Skyhigh that helps effectively analyze the risks associated with AI services. For more insight into LLM risk and to understand the value proposition of Enkrypt, see Enkrypt AI.

Skyhigh Supported LLM Risk Attributes

In the Cloud Registry, under the AI category, if any service supports LLM, the following risk attributes are displayed for each AI service. You can view the LLM risk attributes on the Registry Overview page:

  • Jailbreak. The degree to which a model can be manipulated to generate content misaligned with its intended purpose.
  • Toxicity. The degree to which a model generates toxic or harmful content like threats and hate speech.  
  • Bias. The degree to which a model generates biased or unfair content that could be introduced due to training data. 
  • Malware. The degree to which a model can be manipulated to generate malware or known malware signatures.

The table below displays the attribute values based on the LLM’s availability with respect to Enkrypt AI assessment: 

Skyhigh Mapping Based on LLM Jailbreak Toxicity Bias Malware
The Skyhigh CSP supports LLM, and the model is available in Enkrypt AI

High/Medium/Low

High/Medium/Low

High/Medium/Low

High/Medium/Low

The Skyhigh CSP supports LLM, and the model is not available in Enkrypt AI

Not Publicly Known

Not Publicly Known

Not Publicly Known

Not Publicly Known

The Skyhigh CSP does not support LLM

NA

NA

NA

NA

View LLM Risk Attributes

Perform the below steps to view the LLM risk attributes:

  1. Go to Governance > Cloud Registry.
  2. Click Filters tab, and then select Artificial Intelligence category under Service Category.

    Select_AICategory.png
     
  3. Click Actions > Settings > Edit Table Columns.
  4. On the Edit Table Columns dialog, under Risk Attributes, select the LLM Models and LLM Supported checkboxes, and then click Save Table Settings. The table on the Cloud Registry page displays only the services with the selected columns.

    Edit table columns.png

To filter the values based on the attributes, perform the steps below. Otherwise, continue from step 8:

  1. On the Risk Attributes category, select LLM Model - Bias from the menu.

    Select LLM Model - Bias.png
     
  2. Select Medium Risk and High Risk value checkboxes, and then click Apply.

    Click Apply.png
     
  3. The table displays the services with medium and high-risk values for the LLM Model - Bias attribute.

    Bias_with_High_Medium.png
  1. Select any service from the table.
  2. On the Registry Overview page, click the Risk tab, and then click the Artificial Intelligence tab.
  3. Under AI Security category, the LLM risk attributes and its values corresponding to the selected service are displayed. 

For more insight into LLM risk and to understand the value proposition of Enkrypt, click the link Powered By:Enkrypt logo.svgEnkrypt AI listed in the Value and Score column. 

NOTE: The risk score for each attribute is derived from the Enkrypt AI. However, Skyhigh evaluates and displays the overall representation of these attributes for each CSP, categorizing them into High, Medium, and Low values.

 

 

 

 

 

 

 

 

Artificial_Inteligence_Tab.png

Risk Weight for LLM Risk Attributes

The LLM risk attributes are zero-weighted and not part of Skyhigh's default risk scoring. As a result, the DNA chart for the Artificial Intelligence tab will be blank. Bars in the DNA chart are only visible if the LLM risk attributes are overridden in the Risk Management. To override the LLM risk attributes, go to Governance > Risk Management and edit the Artificial Intelligence risk category weight. For details about editing the risk category weights, see The Global Risk Weighing. The change in the Artificial Intelligence Risk Category Weight distribution may impact the risk score computation of CSPs within the Cloud Registry.

For details about Artificial Intelligence Risk, see Artificial Intelligence Risk Management.

NOTE: Enkrypt AI evaluates LLM risk attributes' security risk assessment and risk scoring. However, LLM risk attributes are not part of Skyhigh default risk scoring.

Reports

When you download a report for any service, it includes the LLM risk attributes. The supported file formats are CSV, XLS, and PDF (Business Report).

LLM_Risk_Attributes_PDF_Screenshot.png

  • Was this article helpful?