The AI-based risk assessment tool is the latest in a new wave of AI products sweeping into the security market. Credit: Shutterstock A large language model (LLM) AI assistant designed to work like a website chatbot and help users with third-party risk management tasks is now available from TPRM vendor Prevalent. The idea behind the new tool, dubbed Alfred, is to guide users through common risk assessment and management issues on which they may have limited in-house, human expertise, reducing decision-making time and improving decision accuracy. Behind the scenes, Alfred is based on generative AI technology from Microsoft-backed OpenAI, using generalized data on risk events and observations to generate accurate information about a given customer’s risk profile. The company said that all data is anonymized, and that Alfred’s guidance is couched in industry standards like NIST, ISO and SOC2. The AI is integrated into Prevalent’s existing TPRM solution, in a way designed to be seamless for existing users. Prevalent said in a news release that the AI outputs are continually audited and reviewed for accuracy, and that the data used to train it has been “validated by over 20 years of industry experience.” Brad Hibbert, COO and CSO at Prevalent, said that the company’s clientele has expressed curiosity about the use of AI in risk assessment, despite a natural caution. Prevalent has, therefore, adopted what Hibbert called a “use case-driven approach.” “It’s important to note that AI-related capabilities have been included as features in the Prevalent platform for some time now,” he said. “[Along with] ML analytics and NLP document analysis, but this is the first conversational/generative AI capability.” While Alfred’s underlying decision-making is not, as yet, dependent on customer-provided information, Hibbert said that the user interface and workflow was designed in part around lessons learned from consumer input. He also noted that the company plans additional generative AI features for its platform, including enhanced security artifact review and automated assessment population (essentially filling out complex security forms), but that those were not yet available. “Our development approach continues to focus on solving customers’ real problems,” Hibbert said. “Alfred solves the problem of not having the context or the skilled resources to understand what a risk means, and what to do about it.” Alfred is available for use to all Prevalent platform customers as of now, at no additional charge. The software joins a wave of AI-based tools being added to security products from a wide range of vendors. Just this week, AuditBoard added new AI and analytics capabilities for risk and compliance and last week, Vanta announced that it had baked generative AI into its core security and compliance product. Some of the largest tech vendors are also incorporating generative AI into their security offerings. In March, for example, Microsoft announced its generative AI Security Copilot, a GPT-4 implementation. Related content news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government news analysis Massive security hole in VPNs shows their shortcomings as a defensive measure Researchers found a deep, unpatchable flaw in virtual private networks dubbed Tunnelvision can allow attackers to siphon off data without any indication that they are there. By Evan Schuman May 08, 2024 8 mins Threat and Vulnerability Management Data and Information Security Network Security news DocGo says hackers stole patient data in a recent cyberattack The attack compromised some healthcare data with no material or financial losses, the company said. By Shweta Sharma May 08, 2024 3 mins Data Breach Hacking PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe