Tag: API

Posted on

Agentforce: The New AI Wave

Last month, I attended Dreamforce 2024, the world’s largest software conference, in San Francisco. This massive annual event is always a great learning experience. Dreamforce’s 2024 key announcement was a New AI Era with Agentforce.

Agentforce is synonymous with AI Agent. As I explained in my previous blog about AI agents, I will explain Agentforce in the context of Salesforce/MuleSoft.

The study found that 90% of businesses say that their industry has become more competitive in the last three years, and 48% say it has become much more competitive. This led to decreased margins, force to more productivity, and transformed businesses to remain relevant in the market for any industry.

So the question is, how do we close this gap and become relevant to the market for any industry?

We started the AI journey with Predictive analytics as the first wave of AI. Next, we move into the Generative AI wave. Now we are next inflection point as Agentforce or AI agent. So AI Agent is waiting for us to ultimately close this gap and of course, the way that we’re going to do this is to get more time back, more productivity, and have more business growth with AI agents.

agentforce

So here are a few queries, I am trying to explain

What is Agentforce?

The newest Salesforce tool allows customers to build and customize autonomous agents to scale their workforce. It is a UX for customers to leverage with their data sources to deliver more human-like interactions.

How does Agentforce help customers achieve business goals?

Agentforce gives companies a 24/7 agent to engage on their behalf to resolve sales, service, and marketing-related.

topics including customer service cases and prospect engagement.

With Agentforce, companies can drive productivity to deliver higher profitability, while building stronger customer relationships.

How does MuleSoft enhance Agentforce?

Salesforce primarily focuses on the front end “human assistant” type of agents with the Agentforce UX, while MuleSoft primarily focuses on back-end domain expert agents who manage domain complexity (inventory, payroll.) and power other prompts or agents.

MuleSoft expands the actionability of the Agentforce agent by providing API actions and other domain assets for

broader context to the role, knowledge, actions, guardrails, and channel.

How are customers accessing data for Agentforce?

The Agentforce messaging encourages customers to use Data Cloud to bring in their data and ground Agentforce. To add MuleSoft into this conversation, leverage our value prop for MuleSoft + Data Cloud; where MuleSoft accelerates value against four use cases (on-premises, transactional, unstructured, activation):

On-premise data: MuleSoft can run locally and stream data to Data Cloud, giving Agentforce additional context for improved grounding and better decision making.

Transactional data: Transactional systems will want queuing, error handling, and delivery controls for ingestion

— functionality MuleSoft can easily deliver so that Agentforce agents aren’t slowed down.

Unstructured data: MuleSoft offers pre-built accelerators for unstructured data ingestion to Google Drive,

Confluence, and SharePoint as well as OCR for images. Agentforce agents can have immediate access to data

from scanned images like government identification.

Activation: Use MuleSoft to respond to data events in Data Cloud and drive action in real time to any downstream system for full circle updates.

What is the agent use cases that MuleSoft supports?

● Service Agents: Agentforce needs contextual data from external systems in order to deflect cases faster

● Sales Agents: MuleSoft can upload, and share leads from and with partners without compromising data integrity, securely with your governance rules. Near real-time synchronization with external systems ensures that Agentforce can engage with prospects starting at the moment leads come in.

● Commerce Agents: Setting up and managing storefronts requires data from external systems including product information, inventory levels, and pending vendor shipments. MuleSoft connects to external systems for near real-time updates so Agentforce can respond with accurate information.

● Employee Service Agents (Workday): Automating onboarding and provisioning for new hires requires data from external systems, and in some cases is unstructured data found in pdf, jpg, and png files like scanned government I.D.s and manually filled out forms. MuleSoft’s Intelligent Document Processing makes it easier to upload unstructured data so that you can share it faster with Agentforce.

How is Agentforce different from the MuleSoft AI Chain (MAC) Project?

MAC Project mainly targets a technical person, i.e. MuleSoft users and developers. With the MAC Project, customers can create powerful agents, fully composed in the MuleSoft Anypoint Platform and benefit from its End-to-End Lifecycle Governance and Management capabilities. With API Management, you can sprinkle it on top of LLM specific policies, to further implement the security aspects when interacting with LLMs. MAC Project is an open source project, which is currently being productized. Agentforce is more for non-technical users who wants to build powerful agents directly in Salesforce. It is fully integrated into every Salesforce Cloud and provides out-of-the-box integration to the Salesforce ecosystem.

Posted on

AI Agents: A New Era Of AI Integration

What are AI Agents?

An artificial intelligence (AI) agent refers to a system or program capable of autonomously performing tasks on behalf of a user or another system by designing its workflow and utilizing available tools. Autonomous AI agents can understand and interpret customers’ questions using natural language and translate them into business solutions.

AI journey

In recent years AI has gained a lot of momentum. Predictive analytics make the first wave of AI. Industries entered into 2nd wave of AI as generative AI. Now we are entering into 3rd wave of AI-autonomous agents. AI autonomous agents are creating a new horizon of AI implementation and AI strategy. AI autonomous agents are creating a paradigm shift that will transform how we execute our tasks and business processes daily.

How do AI agents work?

AI agents are autonomous in their decision-making process, but it require goals and environments defined by humans. Here are a few steps to define an AI agent’s goals.

  1. Data preparation and data collection — AI agents start with gathering data from all sources including customer data, transaction data, and social media. These data help to understand context and user-defined goals for AI agents.
  2. Decision-making – AI agents analyze the collected data based on machine learning models to identify patterns and decision-making.
  3. Action execution – Once a decision is made, AI agents can execute the business actions. This action includes customer queries, processing documents, executing any process, or any complex user flow.
  4. Learning and Adoption – AI agents continuously learn from each interaction, refining algorithms to improve accuracy and effectiveness. AI agents keep updating their knowledge base and enhancing their models.

How are AI agents helping organizations?

  1. Agents become building blocks that will engage with data and services on your behalf.
  2. Developers will be freed from repetitive coding tasks as AI agents get this work done.
  3. The organization will monitor and secure a network of agents in a single-agent control plane.

How AI agents will be enabling AI integration?

An AI agents provide an AI unification layer which enables your integration with AI LLMs. This feature is categorized into 3 ways.

Easy: Almost no-code development and leveraging existing skills.

Flexible: It enables you to connect multiple LLMS and switch at any time into any model. It also allows us to connect multiple databases and leverage AI innovation as they arrive.

Manageable: Deploy your AI building blocks anywhere and secure these building blocks. Easy to control from one place and reduce operating cost.

AI autonomous agents in MuleSoft

The MuleSoft Solution Engineering Team is working on an open-source AI agents project as MAC(MuleSoft AI Chain). This powerful AI agent tool can connect multiple LLMs and models to provide a unification layer for LLMs. MAC connector enables speech-to-text and text-to-speech for multiple LLMs/model providers. MAC connector leverages existing MuleSoft skills and API knowledge to integrate with any client systems. You can secure and manage this AI agent through API Manager.

Types of AI agents

Scheduled — Run in a defined window and are completely autonomous

Composed — Agents that can be triggered via APIs to be used, e.g., on a portal, as part of integrations, data assessment

Event-Driven — Agents that can be triggered on Events to service distributed applications and consumers.

Batched — Agents that process a large set of data and distribute it intelligently to multiple consumers.

Please reach out to us if you would like to know more about AI agent and integration with your systems.

Posted on

AI-Powered Experiences
Connect | Automate | Scale

Over the last few years, Generative AI has played a significant role across organizations. It is also very  interesting that just 2% expect few to no barriers to bringing Generative AI into their organization.

In IT, change is the only constant. We migrated to the cloud, we’re managing an explosion of customer data, and we’re starting to automate our processes. We expect this AI inflection point more nervous than other big waves of innovation. To manage these inflection points it is very important to streamline our AI journey.

Our first priority is to unlock our data and make it discoverable. We need to create new experiences to unlock your data, from anywhere, and to make it discoverable. This includes on-premises, hybrid/cloud data, as well as data in any format, including structured and unstructured data. Integration/APIs help you to build a framework to unlock data across all of your disparate systems.

Since data is everywhere and sources are spread across your organization. It is a human-centric task. To mitigate these human-centric tasks we need to create workflows & automate manual tasks across structured and unstructured data with minimal coding. This can be achieved by leveraging APIs, data cloud, and automation tools like RPA and IDP.

Next, we talked about the importance of building securely. With a backlog of ongoing projects, we need a way to scale the use of these API building blocks across the business, with security and governance. We need a way to protect and implement security policies across every API in your digital space before you launch your next application, like an e-commerce platform or even a mobile app. Universal API Management allows us to bring security and governance to any API.

And finally, we need just one more piece – an AI model. AI model interacts with LLMs via an API. As we make our inventory data discoverable, composable, and automated – we can build those experiences using AI models. when we bring these technologies together with an LLM, we can create intelligent AI-driven experiences. We can implement predictive and generative capabilities by using discoverable and consumable data via APIs.

Posted on

Generative AI (GenAI): Security

Generative AI (GenAI): Security

Generative artificial intelligence (generative AI) is a new buzzword across the industries. Generative AI is an artificial intelligence technology that can produce various types of content, including text, imagery, audio, and synthetic data.

All organizations are investing large amounts of their budget in GenAI technology. Recently Amazon completed a $4 billion investment in generative AI development. As per a recent study barely scratching the Generative AI use case and opportunity.

Before implementing any Generative AI solution make sure you completely understand the organization’s business problem to implement Gen AI solution, because any generative AI solution takes a lot of money, time, and brain power.

Evolution of LLMs

Generative AI has just blown up within the last year or two years, but it has been around for decades. Generative AI is based on large language models (LLM).  LLM has been evolving for a while technically five to ten years approx. All companies (like AWS, Microsoft, and Open AI) are presenting their standard based on their business requirements. Here is the evolution story of LLMs & GenAI.

AI Attacks

There are four types of AI attacks.

  1. Poisoning – This AI attack can lead to the loss of reputation and capital. This is a classic example of thrill-seekers and hacktivists injecting malicious content which subsequently disrupts the retraining process.
  2. Inference – This AI attack can result in the leakage of sensitive information. This attack aims to probe the machine learning model with different input data and weigh the output.
  3. Evasion – This AI attack can harm physical safety. This type of attack is usually carried out by Hacktivists aiming to get the product of a competitive company down and has the potential to seriously harm the physical safety of people.
  4. Extraction – This AI attack can lead to insider threats or cybercriminals. Based on this the attacker can extract the original model and create a stolen model to find evasion cases and fool the original model.

Type of AI Malware

  • Black Mamba – Black Mamba utilizes a benign executable that reaches out to a high-reputation API (OpenAI) at runtime, so it can return synthesized, malicious code needed to steal an infected user’s keystrokes. It has the below properties.
    • ChatGPT Polymorphic Malware
    • Dynamically Generates Code
    • Unique Malware code
  • Deep Locker – The Deep Locker class of malware stands in stark contrast to existing evasion techniques used by malware seen in the wild. It hides its malicious payload in benign carrier applications, such as video conference software, to avoid detection by most antivirus and malware scanners. It has the below properties.
    • Targeted identification
    • Logic detonation Mechanism
    • Facial and voice recognition
  • MalGAN – Generative Adversarial Networks serve as the foundation of Malware GAN and are used to create synthetic malware samples. For Mal-GAN’s complex design to function, it is made up of three essential parts: the generator, substitute detector, and malware detection system based on machine learning. It has the below properties.
    • Generative Adversarial Malware
    • Bypass ML-based Detections
    • Feed-forward Neural Networks

AI Security Threats

  • Deepfake Attacks
  • Mapping and Stealing AI Models
  • Spear Phishing (Deep Phishing)
  • Advanced Persistent Threats (APTs)
  • DDoS and Scanning of the Internet.
  • Data poisoning AI Models
  • PassGAN and MalGAN
  • Auto Generation of Exploit code
  • Ransom Negotiation Automation
  • Social Engineering

AI Security Defense Strategy

As we learned in AI several AI malware and threats are impacting different parts of the AI ecosystem. Our AI must be smart enough that it detects its threats and mitigates risk. ML-based malware detectors detect risk and generate insights into its severity. Here are a few approaches should implement to protect your AI systems.

  • Intelligent Automation
    • Automated response and Mitigation
    • Indicators of Compromise (IOCs) extraction and correlation
    • Behavioral and anomaly detection
  • Precision Approach
    • High Accuracy and Precision
    • Identify, Understand, and Neutralize
    • Prioritize Risk
  • Define the Area for defense
    • Identify the most vulnerable area.
    • Apply a broad spectrum of defense.
    • System resiliency

AI involvement in security

  • Malware detection – AI systems help prevent phishing, malware, and other malicious activities, ensuring a high-security posture and analyzing any unusual behavior.
  • Breach risk prediction – Identify the most vulnerable system and protect against any data leak.
  • Prioritize critical defense – AI-powered risk analysis can produce incident summaries for high-fidelity alerts and automate incident responses, accelerating alert investigations.
  • Correlating attack patterns – AI models can help balance security with user experience by analyzing the risk of each login attempt and verifying users through behavioral data, simplifying access for verified users
  • Adaptive response – AI model automated response and generate an alert if the system identifies any threats. This creates the first layer of security defense.
  • Applied Machine learning – AI models are self-train. If models identify any new risk pattern apply new security models to all protected systems.
Posted on

Zero Trust API Security Architect

The cybersecurity threat landscape has changed dramatically in the last couple of years. Every day new kinds of threats are coming and impacting the organization’s business. Infosec/Security teams have always had challenges with this new threat to find the root cause and mitigate these risks.

To mitigate and overcome these constant/real-time threats and risks, the security fraternity introduces Zero Trust Architecture (ZTA) Or Zero Trust Strategy (ZTS).  ZTA is not a product or application, but it is a concept and practice to mitigate any risk for your organization.

What is ZTA/ZTS?

Zero Trust is an information security model that denies access to applications and data by default. Threat prevention is achieved by continuously validating for security configuration and posture before being granted or keeping access to applications and data across users and their associated devices. All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented.

Here are the basic properties for ZTA/ZTS

  • Default deny
  • Access by policy only
  • For data, workloads, users, devices
  • Least privilege access
  • Security monitoring
  • Risk-based verification

How API implement ZTA/ZTS?

API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). In API security we establish certain rules and processes to mitigate security risks.  These rules and processes are around Zero trust architecture or strategy. Here are a few basic strategies in API security to implement ZTA.

  1. All API communications are secured regardless of network location – This risk can be mitigated by ensuring all communication happens over an encrypted communication channel (TLS) and implementing a proper Cross-Origin Resource Sharing (CORS) policy. The endpoint for API needs to be exposed through the HTTPS protocol.
  2. All API endpoints are authenticated regardless of their environments (Prod, QA, Dev) — By default, all APIs need to be authenticated and authorized using username/password, JSON Web Token (JWT), OAuth, OpenID Connect, or third-party services.
  3. All API resources are protected and restricted to all users by default — Running multiple versions of an API requires additional management resources from the API provider and expands the attack surface. As per ZTA, make sure all API versions and their resources are restricted if it is not used by the user. Always validate and properly sanitize data received from integrated APIs before using it.
  4. Access to API resources is determined by dynamic policy including the client identity, application/service, and the requesting asset – Any API requires resources such as network bandwidth, CPU, memory, and storage. It is easy to exploit these resources by simple API calls or multiple concurrent requests. According to Zero Trust Architect, all APIs must implement API policies like:
    • Client identity (ClientID/Client-Secret)
    • Execution timeouts (Rate limiting)
    • Maximum allowable memory
    • Maximum number of file descriptors
    • Maximum number of processes
    • Maximum upload file size
  5. Implement or configure API monitoring posture and API Alert system — API monitoring helps identify and resolve performance issues as well as security vulnerability issues before they negatively impact users, which can impact user experience. The alert system notifies the operation team to mitigate risk quickly.
  6. Continuous API security risk assessments – Continuous risk assessments help the Infosec/Security team identify any security risk gap. By conducting the security risk assessments, organizations establish a baseline of cybersecurity measurements, and such baselines could be referenced to or compared against future results to improve overall cyber posture and resiliency further and demonstrate progress. A Free Security assessments tool VAT is available to mitigate any security risk for your organization.

https://www.vanrish.com/secassessment/

Organizations that have adopted the Zero Trust API model, see trust as fundamental to creating a positive, low-friction work culture for their clients and empowering the organization at all levels. Many of our Vanrish Technology clients, we worked with have many of the technologies in place that can be leveraged toward full Zero Trust architect model adoption.

Posted on

API Security

Modern-day APIs are the building block for integration and application for any organization. Every day organizations are using APIs to unlock new features and enable innovation. From banks, retail, and transportation to IoT, autonomous vehicles, and smart cities, APIs are a critical part of modern mobile, SaaS, and web applications and can be found in customer-facing, partner-facing, and internal applications.

Organizations are exposing sensitive data, such as Personally Identifiable Information (PII) through APIs, and because of this have increasingly become a target for attackers. Due to this organizations are concerned about their API security & compliance. API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). According to the Open Web Application Security Project (OWASP) 2023, these API threats are categorized into 10 different categories

  1. Broken Object Level Authorization (BOLA) – Object-level authorization is an access control mechanism that is usually implemented at the code level to validate that a user can only access the objects that they should have permission to access.
    Comparing the user ID of the current session (e.g. by extracting it from the JWT token) with the vulnerable ID parameter isn’t a sufficient solution to solve Broken Object Level Authorization (BOLA).

    For example, any API providing a listing of all school revenue based on the school’s name of any county could be a security threat like this API endpoint: /county/{schoolName}/revenues.
    Hacker simply manipulates {schoolName} in the above endpoint’s school name to get all revenue details for all schools.

    To mitigate this risk Use the authorization mechanism to check if the logged-in user has access to perform the requested action on the record in every function that uses an input from the client to access a record in the database.
  2. Broken Authentication – API authentication is very vulnerable and an easy target for attackers. Attackers can gain complete control of other users’ accounts in the system, read their personal data, and perform sensitive actions on their behalf.

    API authentication flow and process need to be well protected and “Forgot password / reset password” should be treated the same way as authentication mechanisms. Make sure you know all possible flows to authentication to API (Mobile/Web/any link) and it gets well protected with authentication.
  3. Broken Object Property Level Authorization – When authorizing a user to access an object using an API endpoint, It is very important to validate that the user has permission to access the specific or all object properties.
    An API endpoint is considered as vulnerable if :
    • The API endpoint exposes properties of an object that are considered sensitive and should not be read by the user.
    • The API endpoint allows a user to change, add/or delete the value of a sensitive object’s property which the user should not be able to access.

      When you are exposing any API endpoint, always make sure that the user has access to the object’s properties you expose and avoid using any generic methods like to_json() and to_string().
  4. Unrestricted Resource Consumption – Enabling any API request, requires resources such as network bandwidth, CPU, memory, and storage. These resources have limited bandwidth and money associated with these resources.

    It is easy to exploit these resources by simple API calls or multiple concurrent requests. An API is vulnerable if at least one of the following limits is missing or set inappropriately.
    • Execution timeouts
    • Maximum allowable memory
    • Maximum number of file descriptors
    • Maximum number of processes
    • Maximum upload file size
    • Number of operations to perform in a single API client request (e.g. GraphQL batching)
    • Number of records per page to return in a single request-response
    • Third-party service providers’ spending limit
  5. Broken Function Level Authorization If any of the administrative API flows like delete, update, or create expose to unauthorized users it will be an easily vulnerable API endpoint. The best way to find broken function level authorization issues is to perform a deep analysis of the authorization mechanism while keeping in mind the user hierarchy, different roles or groups in the application, and asking the following questions:
    • Can a regular user access the administrative endpoint?
    • Can a user perform sensitive actions (e.g. creation, modification, or deletion) that they should not have access to by simply changing the HTTP method (e.g. from GET to DELETE)?
    • Can a user from Group X access a function that should be exposed only to users from Group Y, by simply guessing the endpoint URL and parameters?

      To mitigate this risk, the enforcement mechanism(s) must deny all access by default, requiring explicit grants to specific roles for access to every function.
  6. Unrestricted Access to Sensitive Business Flows — When you create an API endpoint some endpoints are more sensitive and critical than others. It is very important to understand which API endpoint and business flow you are exposing to the customer. Any restricted business flow exposed to clients can harm your business. In general, technical impact is not very severe but business impact might hurt your company’s credibility.

    For example, if your company offers a discount for one customer 20% and another customer 30% through API, if the first customer knows this discount variation, it will impact the credibility of the company as well as revenue loss.
    The mitigation planning should be done in two layers:
    • Business – identify the business flows that might harm the business if they are excessively used.
    • Engineering – choose the right protection mechanisms to mitigate the business risk.
  7. Server-Side Request Forgery – Server-Side Request Forgery (SSRF) vulnerability occurs when you are consuming remote APIs and resources without validating the remote endpoint or user-supplied URL. SSRF enables attackers to force the application to send formatted requests to an unknown destination even if protected by a firewall. Successful exploitation might lead to internal services enumeration (e.g. port scanning), information disclosure, bypassing firewalls, or other security mechanisms.

    The SSRF risk cannot be eliminated but you can mitigate these risks by isolating the resource fetching mechanism in your network, accepting media types for a given functionality, disabling HTTP redirections, Validating and sanitizing all client-supplied input data, and Using a well-tested and maintained URL parser to avoid issues caused by URL parsing inconsistencies.
  8. Security Misconfiguration — Security Misconfiguration vulnerability occurs when the latest patches are missing on the server or systems are outdated, Transport Layer Security (TLS) is missing, A Cross-Origin Resource Sharing (CORS) policy is missing, Error messages include stack traces or expose other sensitive information. Attackers often attempt to find unpatched flaws, common endpoints, services running with insecure default configurations, or unprotected files and directories to gain unauthorized access or knowledge of the system. These Security misconfigurations not only expose sensitive user data but also system details that can lead to full server compromise.

    Security misconfiguration risk can be mitigated by a repeating hardening process leading to fast and easy deployment, ensuring all communication happens over an encrypted communication channel (TLS), and implementing a proper Cross-Origin Resource Sharing (CORS) policy.
  9. Improper Inventory Management — It is important for organizations not only to have a good understanding and visibility of their own APIs and API endpoints but also how the APIs are storing or sharing data with external third parties. Multiple versions of APIs need to be properly managed, secure, patched and well-documented. Hackers usually get unauthorized access through old API versions or endpoints left running unpatched and using weaker security. requirements.
    Improper Inventory Management security vulnerability can be mitigated by documenting all hosted APIs for all environments (Prod or Non-Prod), Generating documentation automatically by adopting open standards and avoiding using production data with non-production API deployments.
  10. Unsafe Consumption of APIs — Unsafe Consumption of APIs vulnerability occurs when your developers tend to adopt weaker security standards, for instance, in regard to input validation, sanitization, URL redirections and not implementing timeouts for interactions with third-party services.
    This vulnerability can be mitigated by implementing proper data validation, and schema validation. Ensuring all API interaction happens on secured communication channels like TLS. Maintain an allowlist of well-known locations integrated APIs may redirect yours to do not blindly follow redirects.
Posted on

Generative AI for Public Sector: An API Opportunity

The disruptive power of AI extends to every industry, opening up unlimited possibilities for new business opportunities. It turns imagination into reality, insights into action, and possibility into discovery. Generative AI is a type of AI that produces content such as text, audio, code, videos, images, or any other content based on prompts input by the user. Generative AI models use complex computing processes like deep learning to analyze patterns from large sets of historical data to create new business opportunities.

Generative AI is a one of the most promising technologies that can help the public sector to improve productivity and service quality. However, it is important to ensure that the technology is used responsibly and ethically.

Generative AI can enable the public sector to improve productivity and service quality. Generative AI has a wide range of applications in the public sector. It can be used to extract information and automate paper-based processing. It can also be used to automate repetitive and mundane tasks, enabling staff to take on higher value work, optimize resource allocation, and enhance decision making. It also uses to summarize large amounts of information from different sources, such as public health data and economic indicators, to identify patterns, trends, and correlations for Government to take decision in favor public.

Here are a few examples of tasks that Generative AI can perform in the public sector:

  • Providing support to clients such as chatting, responding, and delegating task to correct department.
  • Writing and editing documents and emails
  • Coding tasks, such as debugging and generating templates and common solutions.
  • Summarizing information.
  • Research, translation, and learning

To ensure the responsible use of GenAI tools and maintain public trust , the public sector should align with the “FASTER” principles:

  • Fair: Content should comply with human rights, accessibility, procedural and unbiased obligations
  • Accountable: Content generated by these tools should make sure it is factual, legal, ethical, and compliant with the legal terms of use.
  • Secure: In pub-sec security is paramount goal. Content generated by Generative AI should appropriate for the security classification of the information and privacy & personal information are protected. Compliance with PII data.
  • Transparent: In Government sector, it is very important that your all procedural is transparent, and users know that they are interacting with an AI tool.
  • Educated: It is very important to document the strengths, limitations, and responsible use of the Generative AI tools. It should also highlight; how to create effective prompts and to identify potential weaknesses in the outputs.
  • Relevant: Generative AI tools should support user and organizational needs, contributes to improved outcomes and become relevant to society and business.

Since Generative AI has a wide range of benefits in the public sector, there are also some challenges associated with its use.

Here are Some of these challenges:

  1. Ethical dilemmas: Generative AI can be used to create deepfakes by manipulating videos and images. That can be used to spread misinformation and create confusion among public.
  2. Dependency on technology: Generative AI is dependent on the latest technology and underline system. It is based on how secure your data technology and how your data is communicating with AI models.
  3. Equity and accessibility issues: Generative automated certain task that led some job displacement. Which lead to accessibility and equity concern.
  4. Staff resistance to change: If Pub-Sec staff perceive Generative AI as a threat to their job then they may be resistance to change into Generative AI process.
  5. Project delays and failures: Generative AI projects are complex and time consuming. This may be delay or failure of project implementation.
  6. Regulatory issues: In Public Sector, data are fragmented which raises compliance and regulatory issue. This may be concerns about data privacy, security, and ownership.
  7. Cybersecurity risks: AI in the public sector raises cybersecurity risks. This may be concern about hacking, data breaches and other cyber threats.

API is helping GenAI to import the AI model and enable data for Generative AI. We can mitigate some of these risks by implementing API based approach for Generative AI in public sector.

Here are the few challenges in pub-sec Generative AI which is mitigated by API implementation.

  • Security: According to recent finding Generative AI makes it easier for hacker to find and exploit vulnerabilities. If your Generative AI models are communicating with your organization data through API, it will mitigate vulnerabilities risk many folds. Government sector can implement strict control of their data in a number of ways like MFA or API access permission.
  • Data control: Through API implementation in Generative AI, pub-sec can eliminate any data leakage and data abuse. Through API governance they can monitor data usage by Generative AI models. Government sector can also implement API rate limiting or IP restriction for any API to get tighter control on their sensitive data.
  • Fairness and relevancy:  Accuracy of Generative AI model or LLM are based on independent and relevancy of data. Generative AI models in pub-sec only work when Generative AI model follows compliances and relevant to use-case. API implementation does make sure data is relevant and independent for LLM. API also restrict any unwanted data for AI models and reduce processing time to cleansing unwanted data.   
  • Data Separation: APIs keep data separated from Generative AI Models or LLM (Large Language Model) implementation. This enable LLM to work on different set of data at the same time and enable faster innovation within government sector.
  • Fast delivery: APIs enable faster delivery of generative AI models. During your development of LLM models you focus only on models not on data deliveries. This may enable two stream of development team. One team focus only on data delivery and second team can focus only on Large language models development. This may empower to team for faster project deliveries.

Public sector adoption on Generative AI is still in the early stages, but it needs to accelerate. This will enable faster public project deliveries and AI bot assistances.

Posted on

Generative AI: How API making powerful customer experiences

Generative AI is more like a child where you instruct child that don’t bounce basketball inside home, but child goes to bounce a soccer ball inside home. But this was not your expectation from child and then this action falls outside of your expectation. Now you add more parameters with your instruction then the child is more likely to get the response that you want.

Generative AI is the same, the more context and parameter we can give to generative AI the better our service replies, the better emails, the better product recommendations get from your Generative AI Models.

We’re all seeing some amazing demos of generative AI these days. Models trained on the whole internet are able to hold a conversation, explain their reasoning, and perform well at a broad variety of tasks.

You’ve probably started to play with Chat GPT, Google Bard, or Microsoft Bing. In your company folks are already experimenting with different ways of data to use it in their work.

These chat interfaces, as an initial proof of concept, are truly amazing. it’s already becoming clear, the ability to create significant business value and it will be dependent on your ability to INTEGRATE and MANAGE these systems and data.

But there are multiple barriers standing in the way of our ability to implement AI.

  • Fragmented data is hard to ingest into AI models.
  • Missing context leads to poor recommendations.
  • Lack of trust in how the LLMs will use your data.
  • Difficulty in acting on the recommendations because AI is completely detached from business processes.
  • And of course, overall security risks of accessing data across various systems.

Technology is moving fast, and the recent introduction of AI innovation is exciting, especially with the promise of increased productivity. If you look at a public source like Hugging Face, there are over 250k AI models compared to only 32 significant industry-produced machine learning models in 2022. If you pair these figures with the fact that the average enterprise has over 1000 applications, suddenly you have a lot of API integrations to account for.

Without addressing your system integration challenges, you risk deploying AI that results in generic data in, and generic insights out.

Generative AI and API ecosystem

Let’s find how API fits into this Large-language models (LLMs) or generative AI space.

You can start with an LLM of your choice, such as Salesforce CodeGen or OpenAI’s CoPilot.

A large language model (LLM) is a deep learning algorithm that can perform a variety of natural language processing (NLP) tasks.

As you know, big models incur big cost, and LLM’s are expensive.

So large language models are exposed as APIs to reduce cost. As we know, APIs are the easiest way to get data in and data out from these LLM. These LLM’s are open for anyone to use. These APIs are also pulling data from your existing system as well as legacy system. Now you are enabling APIs which is required for your business process and adding data context which is make sense to business use-case.

Next, you can establish control over the APIs for your LLM by applying governance and security policies using Universal API Management. In this way, you can assure that your organization is leveraging AI while remaining secure and conformant. Once your APIs are secured then you can add automation and integration flow with your APIs which communicate with your internal systems. Enabling AI data through API You can push and pull data from a variety of data sources, including 3rd party applications, to ensure that you are using the latest data with the latest technology and building a complete 360 view of your customer.

API Safely unlock generative AI capabilities through a layer of trust Use Universal API management (UPIM) to provide security and governance for AI driven systems. The integration and automation tools also ensure the customer 360 is all up to date with the latest data, making powerful customer experiences possible.

Posted on

Why Airlines Need Digital Transformation

When the Wright brothers flew their first plane they never imagined that after 100 years this industry will be one of the biggest and most complex. Initially Airlines were a part of luxury transportation but nowadays it is a necessity for most. Every day thousands of airplanes are flying and millions of passengers are reaching their destination.

To streamline the whole process, all departments of airlines should work synchronously and efficiently. There are a lot of variables involved to execute one task efficiently with a very little margin for error. The airline industry is the best example of machines and humans working together in harmony, which allows tasks to be completed quickly and accurately without any errors. The Airline’s biggest challenge is finding ways to reduce costs while still providing quality service.

Airline industries need to put forward the best process in place in order to remain competitive and profitable. All processes, including, operational structure, route network, fleet size, and pricing strategy need to be digitized and transparent to compete against their competitors and continue to be cost-effective.

Successful Adoption of Digital Transformation is the key to success to Airlines business.

Digital transformation allows Airlines to enable data efficiently and securely. It also helps in reducing the cost of operation and increases the efficiency.

Here are few area where Digital Transformation is helping Airlines to work efficiently and cost-effective .

Market & Partner Data – The Covid pandemic was a big disruption for the Airline market. Tracking and monitoring real-time Covid data after the pandemic is very important in managing your operation efficiently. Airlines work with their partner to get Market Data, Events, Weather, Traveler In-Flux, Reviews, and External Traveler Information for their operation. Integration with partner data is very important to get contextual insights for airlines.

Travel  Data – To run the airline industry efficiently their passenger System of Record needs to integrate efficiently. Those system are not limited to  Passenger service system (PSS),Computer reservation system ( CRS), Global distribution system (GDS), Enterprise Resource Planning (ERP), Traveler Profile, Fare, Schedule, Availability, Preferences, Assets, and Distribution with Offers & Orders (NDC).

Intent & Sentiment Data – Social Media Platform is one of the invaluable tools for airlines to stay ahead of their competitors. By leveraging Sentiment & Intent Behavior analysis on social media platforms, airlines can better understand passenger preferences and tailor services accordingly. This helps the Airlines build customer loyalty and increase profits over time.

Customer & Services Data – Managing historical customer and service data help airlines to get their customer sentiment and preference. These data includes Demographic and Identity Data, Profile, Cases Contact Center History, and Service Interactions data. This data helps airlines to understand passenger preference and provide better service. 

Marketing & Loyalty – Digital Transformation combining predictive analytics and human-centric design to create a more personalized experience to drive growth in loyalty, satisfaction and incremental revenue. It also helps in marketing to track Campaign Metrics, Digital Footprint, Experiential Targeting, Audience Segmentation, Digital Marketplace. 

Devices & Location Data – Airlines operation depends on IoT Sensor Data, Telemetry, Mobile, Voice, Geolocation, Location-Based data. This Intelligence based data is revolutionizing procurement through real time decision making. Allow the operational team to know the exact location of goods at any given time.

These are the big impact of digital transformation in airlines industries

  • Quicker time to market
  • Smooth Transitioning
  • Enhanced Business Agility
  • Reduce cost
  • Innovate and drive operational excellence   
Posted on

Security for Critical Data

When organization is migrating to digital transformation, data security is a big concern. Digital transformation impacts every aspect of business operation and execution. The volume of data that any organization creates, manipulates, and stores digitally is growing, and that drives a greater need for data governance. Large volume of data security is the biggest challenge for any organization for their entire data lifecycle. 

Data security is a process to protect sensitive data from unauthorized access, corruption, or theft  during the entire data lifecycle.

Here are a few steps to mitigate data risk and implement data security.

  • Event Monitoring
  • Data Detection
  • Data Encryption
  • Data Audit Trail

Event Monitoring – This activity includes Prevention, mitigation, and monitoring threats to sensitive data.

  • Monitor user activity – Know who is accessing data from where with real-time event streaming and min 3-6 months of event history.
  • Prevent and mitigate threats – Define and  build Transaction Security policies using declarative conditions or code to prevent and mitigate threats.
  • Drive adoption and performance – Analyze user behavior to enable security training for organization and find security bottlenecks to improve user experience.
  • Event Log Files – Create event log file for rich visibility into your org for security, adoption and performance purposes

Data Detection –  Find and classify the sensitive data quickly and mitigate data risk. 

  • Monitor Data Classification Coverage – Determine which data in your organization have been categorized versus uncategorized. High sensitive data needs to be secure properly. Label data appropriately to manage data security.

Data Encryption – Encrypt sensitive data at rest while preserving business functionality.

  • Encrypt data and maintain functionality – Protect data and attachments while data search, lookups, transportation and storage.
  • Key Management – Data encryption key management is very important to secure organization data. It includes control and authorization of data encryption keys.
  • Policy Management – Data policy management is defining and managing rules or procedures for accessing data. It allows individuals to follow certain processes to access data during storing or transit.. 

Data Audit Trail – It allows strengthening data integrity for an extended period. This strengthening data integrity process enables compliance and gains insights.

  • Data History – Store data as long as you can use this historical data for audit Trail or delete if you do not need this data.
  • Data retention policy – Data retention policy defines what data or how long this historical data needs to be stored for audit. Based on sensitivity of data you can archive from 3-6 months or more.
  • Insight of data – Create insight and dashboard for data audit transparency. It allows any organization to track any compliance or data security issue.