The AI-based risk assessment tool is the latest in a new wave of AI products sweeping into the security market. Credit: Shutterstock A large language model (LLM) AI assistant designed to work like a website chatbot and help users with third-party risk management tasks is now available from TPRM vendor Prevalent. The idea behind the new tool, dubbed Alfred, is to guide users through common risk assessment and management issues on which they may have limited in-house, human expertise, reducing decision-making time and improving decision accuracy. Behind the scenes, Alfred is based on generative AI technology from Microsoft-backed OpenAI, using generalized data on risk events and observations to generate accurate information about a given customer’s risk profile. The company said that all data is anonymized, and that Alfred’s guidance is couched in industry standards like NIST, ISO and SOC2. The AI is integrated into Prevalent’s existing TPRM solution, in a way designed to be seamless for existing users. Prevalent said in a news release that the AI outputs are continually audited and reviewed for accuracy, and that the data used to train it has been “validated by over 20 years of industry experience.” Brad Hibbert, COO and CSO at Prevalent, said that the company’s clientele has expressed curiosity about the use of AI in risk assessment, despite a natural caution. Prevalent has, therefore, adopted what Hibbert called a “use case-driven approach.” “It’s important to note that AI-related capabilities have been included as features in the Prevalent platform for some time now,” he said. “[Along with] ML analytics and NLP document analysis, but this is the first conversational/generative AI capability.” While Alfred’s underlying decision-making is not, as yet, dependent on customer-provided information, Hibbert said that the user interface and workflow was designed in part around lessons learned from consumer input. He also noted that the company plans additional generative AI features for its platform, including enhanced security artifact review and automated assessment population (essentially filling out complex security forms), but that those were not yet available. “Our development approach continues to focus on solving customers’ real problems,” Hibbert said. “Alfred solves the problem of not having the context or the skilled resources to understand what a risk means, and what to do about it.” Alfred is available for use to all Prevalent platform customers as of now, at no additional charge. The software joins a wave of AI-based tools being added to security products from a wide range of vendors. Just this week, AuditBoard added new AI and analytics capabilities for risk and compliance and last week, Vanta announced that it had baked generative AI into its core security and compliance product. Some of the largest tech vendors are also incorporating generative AI into their security offerings. In March, for example, Microsoft announced its generative AI Security Copilot, a GPT-4 implementation. Related content feature The inside story of Cyber Command’s creation Cartoons, Starbucks cards, and Hollywood storyboards: The ‘Four Horsemen of Cyber’ — CISA’s Jen Easterly, Lt. Gen. S.L. Davis, retired US Navy Vice Admiral T.J. White, and former NSA chief Paul Nakasone — revealed at RSA By Cynthia Brumfield May 20, 2024 8 mins Aerospace and Defense Industry CSO and CISO Military news analysis SEC rule for finance firms boosts disclosure requirements Amendments to Regulation S-P requires broker-dealers, investment companies, registered investment advisers, and transfer agents to disclose incidents to customers. By Evan Schuman May 17, 2024 5 mins Data Breach Financial Services Industry Data Privacy feature DDoS attacks: Definition, examples, and techniques Distributed denial of service (DDoS) attacks have been part of the criminal toolbox for over twenty years, and they’re only growing more prevalent and stronger. By Josh Fruhlinger May 17, 2024 10 mins DDoS Cyberattacks news FCC proposes BGP security measures Protecting the Border Gateway Protocol is as important as protecting the border. By Gyana Swain May 17, 2024 1 min Regulation Network Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe