You Should Know What AI is Really Doing in TPRM

There's plenty of talk about AI today, making it hard to break through noise and understand what it's really doing for your third-party risk management program (TPRM). We're here to cut through the hype and clear things up for you.

BUYER BEWARE: HOW TO SPOT FALSE CLAIMS ABOUT AI INNOVATION IN CYBERSECURITY PRODUCTS

Cybersecurity companies and security rating services often exaggerate the ways in which they use AI. Plus, "AI" can mean many things: from deep learning, natural language processing and large language models, to rudimentary automation and asset mapping.

So how do you know what you're really getting in your TPRM solution?

Here's how to spot the marketing fluff:

• Generic Statements: Is it clear what type of AI is being used? If not: red flag.

• No Use of Machine Learning or LLMs: If the company doesn't mention these sophisticated AI types, they are probably using really basic technology.

• No Mention of Data Creation or Curation Procedures: If a company talks about AI but doesn’t discuss how human experts create and curate data to train their models, you should be wary about “junk in, junk out.”

• Ask Yourself: Is AI Necessary? The answer is often “no” when a solution only uses AI to automate or speed up a process via a rule-based algorithm, or are repackaging an existing functionality with some type of AI to benefit from the buzziness of the term. 

Marketing fluff is not a new issue. Savvy buyers know that companies tend to overinflate their value or try to manipulate buyers via tactics like exaggeration or instilling fear, uncertainty, and doubt (FUD). When it comes to AI, keep a healthy dose of skepticism at the ready and prepare to ask questions to clarify the true value of the AI the vendor promotes. 

Read our blog, "Buyer Beware: How to Spot False Claims About AI Innovation in Cybersecurity Products" to learn more tips and how Black Kite is bringing true AI innovation to the market.

ARTIFICIAL INTELLIGENCE IN TPRM: THE NLP ENGINEER'S GUIDE TO BUILDING A DOMAIN-AWARE AI

In TPRM, there is a lot of documentation to go through, including vendor questionnaires and compliance frameworks. The more vendors you have, the more complicated this becomes. AI can help, but only if it's built to do the job right. It needs to be painstakingly fine-tuned for TPRM.

Gokcen Tapkan, Director of Data Research at Black Kite and pioneer of our UniQuE(TM) Parser comments on the process of fine-tuning a TPRM-specific AI: "The training of Large Language Models (LLMs) is a fascinating process that commences with an extensive and diverse dataset. This dataset can be derived from various sources such as domain experts and user feedbacks (if saved)."

In our latest research paper, "Artificial Intelligence in TPRM, Volume 2: The NLP Engineer's Guide to Building a Domain-Aware AI," we peel back the layers of creating a successful AI engine and how our Parser models outperform the benchmark ADA and Gecko embedding models.

Check out these helpful resources today!