Cinder for AI Trust, Risk and Security Management (TRiSM)

At Cinder, we expect to see a cadre of companies providing AI-driven services and nearly all others applying foundational models or tuned AI implementations to their business. In all scenarios, AI Trust, Risk and Security Management (TRiSM) will be critical to leveraging this technology successfully. 

Modern LLMs are non-deterministic, which means that their output is not defined mechanistically by the input. That unpredictability, coupled with the risks inherent to training models of any kind, means that constant oversight and management of models will be required to achieve predictable, reliable business objectives. 

Part of the problem is limiting the risk of feral AI producing offensive or dangerous content, but that’s a subset of the broader and more fundamental issue that TRiSM addresses which is ensuring AI provides reliable information in a manner consistent with law, brand guidelines, and customer expectations. TRiSM means embedding safety principles in your AI, but more fundamentally it means ensuring that AI reliably achieves the mission you give it.

We envision a future where AI is integrated deeply into all sorts of workflows within every enterprise. It will not just be a single model, but many. Those models will operate within and alongside complex systems that include inputs not just from AI but from a range of heuristics and human decisions. At its core, TRiSM will mean orchestrating that complexity in a way that meets the mission of the organization and ensures accountability, observability, flexibility, and security throughout the process. 

At it's core, there are four basic aspects of this, which borrow from Gartner’s thinking on the subject: 

• Accountability. Every AI model should be responsive to clearly defined policies or rules that set expected outcomes and the appropriate processes for achieving decisions. That means determining which datasets should be used to inform a decision (and which should not) and understanding precisely the heuristics and models that contributed to a particular outcome—a process we expect to become more complex as automated systems combine heuristics with inputs from various AI-processes and even human judgements to drive an ultimate output. Real TRiSM will require integrating those processes in a single platform. Cinder powers that possibility.
  
  
• Observability. AI-driven applications and models require constant monitoring, to ensure adversarial actors are not exploiting them and to benchmark model performance. This monitoring requires technical acumen and real subject matter expertise. The Cinder platform pushes powerful technical tooling into a flexible user interface that includes industry-leading human decision tools. In Cinder, users of all kinds can adjust monitoring thresholds, set or change policies and rules, and observe model performance feedback—all without writing any code. Cinder was built for an increasingly-automated future in which human beings will provide direct, thoughtful oversight of the most important decisions. 

• Flexibility. Cinder was built by a team dealing with the most acute and adversarial harms that manifest online. There is no fixed, permanent solution. Cinder benchmarks update in real-time and allow Admins to monitor and adjust output and appropriate thresholds on the fly. Moreover, Cinder has the most sophisticated human review tools on the market. If you identify potential anomalies in AI output—or users that consistently abuse those capabilities—Cinder offers cutting edge tools to investigate and automate the response. With Cinder, you can close the operational gap and build the training data to update your AI in a single operation. 

• Security. Like other automated systems, AI systems have security vulnerabilities. A robust TRiSM program must detect intrusions and efforts to exploit these systems. Cinder has a long history of working with our customers’ most sensitive data and enables continuous monitoring across a range of attack vectors. Any security program should plan for defense-in-depth, and Cinder is a key part of that solution. 

There is no one-size-fits-all TRiSM solution. Every company has different needs and circumstances. That’s why Cinder supports the management of AI in all its forms—powering configuration of API calls, the use of internally-developed models, and the fine-tuning of those models in Cinder itself. All of that is built on the back of Cinder’s endlessly flexible data schema, which allows every customer to define their data in the manner most meaningful to their mission. 

For AI to meet its potential, it must be easy to deploy and monitor safely. Cinder for TRiSM ensures that AI is not just a technical capacity; it is a reliable solution to real business problems.