As companies across the financial services landscape seek to expand their offerings with advanced artificial intelligence (AI) and generative AI (GenAI), how can they ensure they maintain cybersecurity, regulatory compliance and data privacy standards.
Ushur, an intelligent automation and customer experience solution provider, aims to help firms leverage the latest in advanced technology, but not at the expense of security, compliance or ethical responsibility.
To explore how its technology is achieving this, Henry Peter (Henry), CTO, CISO, and Co-founder of Ushur, recently sat down with two of the company’s key leaders: Chandra Sekhar Dash (Chandra), Senior Director of GRC and Cybersecurity, and Vijayendra Shamanna (Viju), VP of AI Labs, both of whom play pivotal roles in Ushur’s innovation, security, and compliance efforts.
Q&A
Henry: Welcome, everyone, I’m Henry Peter, CTO, CISO, and Co-founder of Ushur. Today, I’m joined by two incredible leaders from Ushur. First, we have Chandra Sekhar Dash, our Senior Director of GRC and Cybersecurity, who has been instrumental in ensuring our cybersecurity framework is robust and compliant with all necessary regulations. We also have Vijayendra Shamanna, the VP of AI Lab at Ushur, who leads our innovative AI solutions while addressing the unique risks they present.
Chandra, you’ve played a crucial role in guiding Ushur through some significant certifications and regulatory challenges. Can you share with us your journey in ensuring Ushur remains not only secure but also compliant while continuously innovating?
Chandra: Thank you, Henry. It’s a pleasure to be here. When I joined Ushur, the primary focus was on integrating GRC into every facet of our operations. As an AI-native organization, automation has always been central to our offerings, hence, the need for a strategic approach to cybersecurity and compliance became even more profound. We realized that innovation cannot be at the expense of customer trust and data security. Balancing these competing priorities has been a defining aspect of my work here at Ushur.
As part of this effort, I led the organization through rigorous certification processes, including HITRUST r2, ISO 27001, SOC 2, PCI-DSS, and maintained adherence to global privacy regulations such as GDPR, CCPA, and HIPAA. These certifications serve as benchmarks for security, privacy, and risk management, and they align with Ushur’s core value of prioritizing customer security while driving digital transformation.
It’s not just about meeting compliance standards; it’s about embedding a culture of security across the organization. This includes educating teams about best practices, ensuring secure data handling in our AI models, and continuously reviewing our policies to account for emerging risks—especially as it pertains to GenAI.
Henry: Chandra, it’s impressive how you’ve managed to align cybersecurity with regulatory compliance while still promoting innovation. Viju, turning to you, as we push the boundaries with AI at Ushur, how do we ensure AI systems are governed safely and in compliance with regulatory standards? How do you balance AI innovation with risk management?
Viju: That’s a key question, Henry. AI has the potential to revolutionize industries, but it also introduces risks that need careful management. At Ushur, we integrate AI responsibly by ensuring our models comply with regulatory standards like GDPR, CCPA, and the evolving EU AI Act. This involves a collaborative approach with Chandra and his team to make sure our AI solutions not only deliver value but also meet the highest standards of governance and security.
One of the biggest challenges is maintaining transparency in how AI models make decisions, ensuring no bias is introduced, and managing the risk of adversarial attacks. We also closely monitor data privacy and consent protocols to avoid any mishandling of customer data. Constant collaboration with the GRC team for regular audits, internal checks and red teaming are all part of our strategy to ensure that our AI deployments are safe, secure, and fully compliant.
Henry: That’s a holistic approach, Viju. Chandra, with the introduction of AI and GenAI technologies, you’ve had to manage not just traditional risks but new ones that emerge specifically from these technologies. How do you ensure these evolving risks are adequately addressed within your cybersecurity and GRC frameworks?
Chandra: It’s a great question. The introduction of GenAI and other AI technologies has certainly brought about new and complex risks. While traditional cybersecurity concerns like unauthorized data access, hacking, and system vulnerabilities remain critical, AI introduces unique challenges such as adversarial attacks on AI models, data poisoning, prompt injection, and even biases in machine learning algorithms. As these AI systems become more autonomous, it’s no longer just about protecting the data — we must also safeguard the decision-making processes of the AI itself.
To address these new risks, we’ve evolved our cybersecurity and GRC frameworks. We’ve adopted a “privacy by design” approach for AI systems, embedding privacy and data security from the ground up. Additionally, we’ve implemented continuous monitoring and auditing mechanisms to assess and refine our security protocols around AI models. This allows us to adapt and respond as potential vulnerabilities emerge with new AI developments.
At Ushur, we’ve taken it a step further by integrating robust guardrails into our AI-driven solutions. These include real-time monitoring, content filtering, and continuous model evaluation to ensure that AI-generated outputs meet the highest standards for accuracy, security, and ethical integrity. These safeguards help us detect and mitigate any biases or inaccuracies that might arise, protecting our clients from reputational risks. By proactively managing the flow of data and monitoring every interaction, we ensure that our AI solutions maintain the trust and reliability that our clients rely on.
Henry: That proactive and adaptive approach is essential, especially as AI technology continues to develop. Looking ahead, what do you see as the biggest cybersecurity challenges on the horizon, particularly with the ongoing evolution of AI, and how is Ushur preparing to address them?
Chandra: Looking ahead, the primary challenge will be maintaining a balance between technological advancement and security. As AI continues to advance, especially in areas like deep learning and generative models, we will see more complex risks. AI models themselves could become the target of attacks, such as adversarial inputs that aim to manipulate AI decision-making. There are also concerns around the ethical use of AI, such as biases in algorithms or the unauthorized use of customer data.
To address these risks, Ushur is committed to staying ahead of the curve by investing in AI security and testing. We are also fostering strong partnerships between our cybersecurity, GRC, and AI teams to ensure that every AI project is rigorously vetted for compliance with regulatory requirements. Additionally, we are building scalable risk management frameworks that are adaptable to new AI challenges as they arise, ensuring that we can manage AI-related risks dynamically and proactively.
Henry: Viju, AI technologies like GenAI come with a unique set of risks, especially around bias, fairness, and accountability. How do you ensure that our AI systems are socially responsible, minimizing risks like bias and ensuring fairness in decision-making?
Viju: At Ushur, we take these concerns very seriously. We recognize that AI systems must be designed to serve all customers fairly and equitably. To minimize bias, we ensure that our training datasets are diverse and represent the broad range of users our solutions will serve. Our Training data sets are thoroughly curated by our in-house team of industry experts and annotators to remove any potential sources of bias, privacy leakage, etc. We also implement rigorous testing processes to assess the fairness of our AI models and to identify any unintended biases that might emerge.
Moreover, transparency is key. We design our AI systems to be explainable, so that their decisions can be traced and understood. This transparency is crucial for both our customers and regulatory bodies to trust our AI systems. Finally, in collaboration with the GRC team, we continually assess and evolve our governance practices to ensure that we’re not just meeting the regulatory requirements but are also operating in an ethically responsible manner, promoting fairness and inclusivity across all our AI applications.
Henry: Chandra, it’s clear that your leadership has helped Ushur build a robust and future-proof security and compliance framework. You’ve guided the organization to obtain key certifications like HITRUST r2, ISO 27001, and PCI-DSS, and your focus on evolving risk management is impressive. As we look to the future, what role do you see GRC frameworks playing in the governance of AI technologies and in keeping our customers secure as we continue to innovate?
Chandra: As AI technologies evolve, GRC frameworks will become even more integral in ensuring responsible and secure AI deployment. These frameworks will not only need to manage the traditional aspects of risk and compliance but also incorporate specific guidelines for AI governance, such as model explainability, transparency, and fairness. As regulatory bodies begin to catch up with AI innovation, we expect that GRC frameworks will need to adapt quickly to meet new regulations such as the EU AI Act.
At Ushur, we are preparing by integrating AI governance into our existing GRC structures. We’ve already implemented policies that ensure the ethical use of AI, and we continue to evaluate emerging regulatory frameworks to stay ahead of any new compliance requirements. The future of AI governance will be about creating a dynamic, adaptable system that can handle the complexities and risks associated with AI while maintaining customer trust and compliance.
Henry: Chandra, thank you for sharing these invaluable insights. As we close, I’d like to ask you both to share your thoughts on the future of AI governance in light of evolving regulatory standards and increasing pressure for transparency. How can companies like Ushur stay ahead of emerging risks in this space?
Viju: AI governance in the future will be driven by evolving regulatory frameworks that demand greater transparency, accountability, and ethical usage. At Ushur, we’re taking a proactive approach to AI safety by embedding rigorous technical safeguards into our systems. This includes implementing explainability protocols to ensure that AI decisions are understandable, traceable, and justifiable. We work closely with the GRC team to establish clear governance models that prioritize responsible AI, ensuring that our algorithms are designed to be fair, secure, and unbiased. Our systems are continuously evaluated for risks such as adversarial attacks, and we incorporate monitoring and auditing to detect and mitigate any threats before they can impact our users.
Chandra: I couldn’t agree more. At Ushur, our approach to managing AI-related risks goes beyond compliance – it’s about integrating security, privacy, and ethical considerations into every layer of our AI models. We ensure that all our AI solutions adhere to stringent regulatory frameworks such as GDPR, CCPA, and the evolving EU AI Act, and we continuously adapt our processes to meet new standards. From a technical perspective, we’ve built robust data protection measures directly into our AI systems, employing techniques like data anonymization and secure encryption to safeguard user information. Additionally, we’ve embedded privacy-by-design principles into our AI development lifecycle, which ensures that data security and compliance are considered from the outset. By fostering collaboration across our cybersecurity, GRC, and AI teams, we are able to anticipate and respond to new regulatory and security challenges, ensuring that our AI models are both safe and compliant at all stages of deployment. We are building frameworks that are adaptable to both current and future regulatory standards, enabling us to stay ahead of emerging risks as AI continues to advance at a rapid pace.
Henry: It’s been a fantastic discussion today. Chandra, Viju, thank you both for sharing your insights. Your leadership ensures that Ushur remains at the forefront of AI innovation while adhering to the highest standards of security and compliance.
Chandra: Thank you, Henry and Viju. It’s been a pleasure talking to you.
Viju: Thank you, It was a great discussion!
Copyright © 2018 RegTech Analyst