AI Access Security
View the Risk Scores Assigned to GenAI Apps
Table of Contents
Expand All
|
Collapse All
AI Access Security Docs
View the Risk Scores Assigned to GenAI Apps
Application risk scores help you quickly identify risky GenAI apps, so you can take
action to protect your environment.
Where Can I Use This? | What Do I Need? |
---|---|
|
One of the following:
|
To help you quickly identify the GenAI apps that pose the greatest threats to your
organization, AI Access Security assigns each GenAI app a risk score.
These risk scores enable you to quickly identify risky GenAI apps, so you can take
action to protect your environment. For example, to protect your environment, you
could create a policy rule to block the app. You might also choose to tag the
app as Unsanctioned.
An app's risk score is between 1 (low risk) and 5 (high risk) and is based on the
SaaS app attributes. Some attributes are
common to all SaaS apps, while a subset of attributes are unique to GenAI apps.
GenAI attributes are attributes such as the data type for user input to
the app, the data type of the output generated by the app, and whether
user-submitted data is used by the app to train its GenAI models. Based on GenAI
attribute values, the risk score calculation determines the GenAI risk.
In addition to the GenAI attributes, the risk score calculation uses the following
types of attributes to determine the app's general SaaS risk.
- Compliance attributes, which identify whether an app adheres to various regulatory requirements and standards.
- Identity Access Management attributes, which identify an app's authentication and access control capabilities.
- Security and Privacy attributes, which identify product features for protecting data. This category of attributes includes attributes such as whether the app encrypts data at rest and data in transit.
A GenAI app's final risk score is a combination of the general SaaS risk (calculated
from SaaS attributes) and the GenAI risk (calculated from GenAI attributes). The
risk score calculation gives extra weight to the GenAI risk when determining the
final risk score.
- Log in to Strata Cloud Manager.To navigate to the Activity Insights dashboard, select InsightsActivity Insights Applications.Locate the GenAI apps in the table. If necessary, you can filter the table to show only the GenAI apps.
- Add Filter and add the GenAI Application filter.Set the GenAI Application filter to TRUE.To identify the GenAI apps that pose the greatest threats, examine the risk score values in the Risk column.
Risk Score Meaning 4-5 High Risk — Very likely to be a risk. 3 Medium Risk — Represents a moderate risk. 1-2 Low Risk — Unlikely to be a risk. Take action on the riskiest apps.For example, you can create policy rules to block these apps or tag the apps as Unsanctioned.