The AI-based risk assessment tool is the latest in a new wave of AI products sweeping into the security market. Credit: Shutterstock A large language model (LLM) AI assistant designed to work like a website chatbot and help users with third-party risk management tasks is now available from TPRM vendor Prevalent. The idea behind the new tool, dubbed Alfred, is to guide users through common risk assessment and management issues on which they may have limited in-house, human expertise, reducing decision-making time and improving decision accuracy. Behind the scenes, Alfred is based on generative AI technology from Microsoft-backed OpenAI, using generalized data on risk events and observations to generate accurate information about a given customer’s risk profile. The company said that all data is anonymized, and that Alfred’s guidance is couched in industry standards like NIST, ISO and SOC2. The AI is integrated into Prevalent’s existing TPRM solution, in a way designed to be seamless for existing users. Prevalent said in a news release that the AI outputs are continually audited and reviewed for accuracy, and that the data used to train it has been “validated by over 20 years of industry experience.” Brad Hibbert, COO and CSO at Prevalent, said that the company’s clientele has expressed curiosity about the use of AI in risk assessment, despite a natural caution. Prevalent has, therefore, adopted what Hibbert called a “use case-driven approach.” “It’s important to note that AI-related capabilities have been included as features in the Prevalent platform for some time now,” he said. “[Along with] ML analytics and NLP document analysis, but this is the first conversational/generative AI capability.” While Alfred’s underlying decision-making is not, as yet, dependent on customer-provided information, Hibbert said that the user interface and workflow was designed in part around lessons learned from consumer input. He also noted that the company plans additional generative AI features for its platform, including enhanced security artifact review and automated assessment population (essentially filling out complex security forms), but that those were not yet available. “Our development approach continues to focus on solving customers’ real problems,” Hibbert said. “Alfred solves the problem of not having the context or the skilled resources to understand what a risk means, and what to do about it.” Alfred is available for use to all Prevalent platform customers as of now, at no additional charge. The software joins a wave of AI-based tools being added to security products from a wide range of vendors. Just this week, AuditBoard added new AI and analytics capabilities for risk and compliance and last week, Vanta announced that it had baked generative AI into its core security and compliance product. Some of the largest tech vendors are also incorporating generative AI into their security offerings. In March, for example, Microsoft announced its generative AI Security Copilot, a GPT-4 implementation. Related content news CISA inks 68 tech vendors to secure-by-design pledge — but will it matter? CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law. By Jon Gold May 10, 2024 4 mins Regulation Technology Industry Security Practices news Google Chrome gets a patch for actively exploited zero-day vulnerability Details of the use-after-free memory vulnerability were not publicly released, but Google says it’s aware an exploit for the bug exists. By Lucian Constantin May 10, 2024 3 mins Threat and Vulnerability Management Zero-day vulnerability Vulnerabilities news Dell data breach exposes data of 49 million customers The company says the breach compromised non-critical customer data and involved no sensitive personal or financial information. By Shweta Sharma May 10, 2024 3 mins Data Breach Hacking feature Social engineering: Definition, examples, and techniques Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs. By Josh Fruhlinger May 10, 2024 15 mins Phishing Social Engineering PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe