AI and GenAI have become staples in regulated industries. While they bring a lot of exciting opportunities, they also carry a lot of cybersecurity, regulatory and data privacy concerns.
One company that is helping companies in regulated industries, such as financial services, healthcare and insurance to leverage the full capabilities of modern AI systems is Ushur, but not at the expense of security, compliance or ethical responsibility.
To explore how its technology is achieving this, FinTech Global Senior Editor James Haxell recently detailed a conversation between Henry Peter, CTO, CISO, and Co-founder of Ushur, and Chandra Sekhar Dash, Senior Director of GRC and Cybersecurity, and Vijayendra (Viju) Shamanna, VP of AI Labs, both of whom play pivotal roles in Ushur’s innovation, security, and compliance efforts.
With over two decades of expertise in governance, risk, and compliance (GRC) and cybersecurity, Chandra has spearheaded initiatives across diverse industries, including SaaS, pharmaceuticals, healthcare, and telecommunications. At Ushur, he plays a pivotal role in developing robust security and compliance frameworks, managing certification processes, and overseeing AI governance. Meanwhile, Viju leads Ushur’s AI innovation efforts, advancing cutting-edge developments in artificial intelligence.
Ushur is a customer experience automation platform that is on a mission to help companies improve both their customer and employee journeys. Its technology is used by companies in the insurance, banking and healthcare sectors, including Cigna, Irish Life, Aflac, Unum and many more. Its AI-powered technology has numerous use cases, including absence engagement, customer service, onboarding, claims processing, sales, medication adherence, quote and RFP intake, chronic condition management and much more. By streamlining these processes, companies are able to deliver more responsive and empathetic experiences at scale while also achieving operational efficiency far less expensively, faster, and with lower risk than modernizing existing enterprise applications.
As businesses accelerate their use of cutting-edge technologies, ensuring robust data protection, ethical governance, and adherence to industry regulations becomes more critical than ever. This means aligning with regulatory requirements as well as ensuring the security of the tools and their data protection. Chandra Sekhar Dash, Senior Director of GRC and Cybersecurity at Ushur, is at the centre of maintaining the delicate balance between fostering technological progress and maintaining the highest standards of cybersecurity and compliance..
“When I joined Ushur, the primary focus was on integrating GRC into every facet of our operations,” said Dash. As an AI-native organization, automation has always been central to our offerings, hence, the need for a strategic approach to cybersecurity and compliance became even more profound. We realized that innovation cannot be at the expense of customer trust and data security. Balancing these competing priorities has been a defining aspect of my work here at Ushur.”
To achieve this, Sekhar Dash has supported Ushur through numerous certification processes including, HITRUST r2, ISO 27001, SOC 2, PCI-DSS, as well as maintaining adherence to data privacy regulations, such as GDPR, CCPA, and HIPAA. These all serve as a benchmark for security, privacy and risk management and empowers Ushur to innovate and remain compliant.
He added, “It’s not just about meeting compliance standards; it’s about embedding a culture of security across the organization. This includes educating teams about best practices, ensuring secure data handling in our AI models, and continuously reviewing our policies to account for emerging risks—especially as it pertains to GenAI.”
AI Governance and Compliance
Viju Shamanna, VP of AI Labs at Ushur, addressed the challenges of developing AI solutions that are both innovative and secure. He explained how Ushur’s AI systems are governed to ensure they meet rigorous security standards and comply with standards set out by GDPR, CCPA, and evolving regulatory frameworks like the EU AI Act.
One of the biggest challenges the industry faces with AI models is ensuring they are transparent. This includes maintaining transparency in how AI models make decisions, ensuring no bias is introduced, and managing the risk of adversarial attacks.Legislation around the world is changing with a focus on AI solutions being transparent and that important decisions are not made through black box systems.
“Our approach is holistic—we ensure transparency in AI decision-making, mitigate bias, and maintain robust data privacy protocols,” said Shamanna. “By working closely with Chandra and his team, we ensure our AI models not only deliver value but are also safe, explainable, and compliant.”
Shamanna emphasized the importance of continuous monitoring and collaboration between the AI and cybersecurity teams, as well as proactive risk management strategies, to ensure AI models are free from adversarial attacks and data misuse.
How to safely implement Gen AI
GenAI has dominated talks of innovation for the past few years. Its advanced capabilities have captured the minds of many institutions, who are looking at how the technology can transform their customer engagement and help automate repetitive manual tasks for employees. It comes as no surprise that many regulated industries have already engaged with GenAI, with over 40% of financial institutions using the technology in some form according to Statista.
While it is easy to be distracted by the potential benefits GenAI can bring, there are several new and complex risks attached to its use. Dash said, “While traditional cybersecurity concerns like unauthorized data access, hacking, and system vulnerabilities remain critical, AI introduces unique challenges such as adversarial attacks on AI models, data poisoning, prompt injection, and even biases in machine learning algorithms. As these AI systems become more autonomous, it’s no longer just about protecting the data — we must also safeguard the decision-making processes of the AI itself.”
To overcome these risks, Ushur adapted its cybersecurity and GRC frameworks by adopting a ‘privacy by design’ approach for its AI systems. This means privacy and data security are now embedded into them from their foundations. It has also implemented continuous monitoring and auditing processes that monitor and refine security measures around AI. Dash believes this allows Ushur to adapt and respond to potential vulnerability when they emerge with new AI developments.
He added, “At Ushur, we’ve taken it a step further by integrating robust guardrails into our AI-driven solutions. These include real-time monitoring, content filtering, and continuous model evaluation to ensure that AI-generated outputs meet the highest standards for accuracy, security, and ethical integrity. These safeguards help us detect and mitigate any biases or inaccuracies that might arise, protecting our clients from reputational risks. By proactively managing the flow of data and monitoring every interaction, we ensure that our AI solutions maintain the trust and reliability that our clients rely on.”
Commitment to socially responsible AI
Peter’s next question for the interviewees took aim at the bias, fairness and accountability risks that come alongside GenAI. He posed Shamanna the question of how Ushur ensures its AI systems are socially responsible.
Shamanna explained, “At Ushur, we take these concerns very seriously. We recognize that AI systems must be designed to serve all customers fairly and equitably. To minimize bias, we ensure that our training datasets are diverse and represent the broad range of users our solutions will serve. Our Training data sets are thoroughly curated by our in-house team of industry experts and annotators to remove any potential sources of bias, privacy leakage, etc. We also implement rigorous testing processes to assess the fairness of our AI models and to identify any unintended biases that might emerge.”
Additionally, Shamanna pointed to the company’s focus on transparency. All its AI systems it uses are designed with explainability in mind, allowing for decisions to be examined and understood. This allows users to assess any potential concerns around a decision and determine if the AI has made a mistake. “This transparency is crucial for both our customers and regulatory bodies to trust our AI systems,” he added.
On a final note, he pointed back to the collaboration between teams. They work in tandem to assess and evolve governance processes to ensure all AI applications are meeting regulatory requirements but can also be trusted.
The biggest cybersecurity challenges facing AI
Cybersecurity is a major and constant challenge for regulated institutions. As AI continues to evolve, so do new and emerging cybersecurity challenges for firms to combat. Peter asked for Dash’s perspective on what some of those future challenges might be.
Dash said, “Looking ahead, the primary challenge will be maintaining a balance between technological advancement and security. As AI continues to advance, especially in areas like deep learning and generative models, we will see more complex risks. AI models themselves could become the target of attacks, such as adversarial inputs that aim to manipulate AI decision-making. There are also concerns around the ethical use of AI, such as biases in algorithms or the unauthorized use of customer data.”
Ushur is addressing these risks by staying ahead of the curve and investing in AI security and testing. The company’s cybersecurity, GRC and AI teams are all working together to ensure each AI project is rigorously vetted. It is also establishing scalable management frameworks that can adapt to new AI challenges as they arise.
The future of AI compliance
Looking to the future, Dash outlined the role GRC frameworks will play in the governance of AI. He said, “As AI technologies evolve, GRC frameworks will become even more integral in ensuring responsible and secure AI deployment. These frameworks will not only need to manage the traditional aspects of risk and compliance but also incorporate specific guidelines for AI governance, such as model explainability, transparency, and fairness. As regulatory bodies begin to catch up with AI innovation, we expect that GRC frameworks will need to adapt quickly to meet new regulations such as the EU AI Act.”
Staying ahead of the curve, Ushur has already implemented policies covering the use of AI. It also keeps its finger on the pulse of the market and consistently evaluates emerging regulatory frameworks to ensure compliance with evolving regulations that demand greater transparency, accountability, and ethical usage.. “The future of AI governance will be about creating a dynamic, adaptable system that can handle the complexities and risks associated with AI while maintaining customer trust and compliance” said Dash.
Shamanna echoed this, noting that Ushur’s AI solutions are designed with fairness, transparency, and security in mind. “At Ushur, we’re taking a proactive approach to AI safety by embedding rigorous technical safeguards into our systems. This includes implementing explainability protocols to ensure that AI decisions are understandable, traceable, and justifiable.”
As businesses continue to leverage AI and GenAI for innovation, the challenge of balancing cutting-edge technologies with the highest standards of cybersecurity and compliance will only grow. Ushur’s leadership is committed to staying ahead of the curve by integrating robust cybersecurity practices and adaptive risk management frameworks, ensuring that the company’s AI-driven solutions remain secure, compliant, and trustworthy.
“At Ushur, we are not just focusing on compliance—we are embedding security, privacy, and ethical principles into the core of our AI technologies,” concluded Dash. , “We are building frameworks that are adaptable to both current and future regulatory standards, enabling us to stay ahead of emerging risks as AI continues to advance at a rapid pace.”
The full interview transcript can be found here.
Copyright © 2024 RegTech Analyst
Copyright © 2018 RegTech Analyst