Overview
It’s been another busy month here at Harmonic. We have released eight(!) new detections across IT and security, legal and finance, and software engineering use cases.
Due to their unstructured nature, these are largely detections that have eluded security teams using traditional, regex-based detections.
Thanks to all the customers who have worked with us on these models!
IT and Security
Four of the eight new detection models are focused on IT and security use cases.
This is an area that stands to benefit from GenAI – as long as the right guardrails are in place. If any of these are exposed to Generative AI (or GenAI-enabled) apps, this can expose highly sensitive data about the organization’s security posture that would be helpful for an attacker. For example, a user might use policies to create realistic disaster recovery plans or scenarios for tabletop exercises. This model will enable these use cases while ensuring no sensitive data goes into tools that may be training on your data.
In this release, we have enabled the following detection models:
- Security Policies. Penetration tests, software inventories, patch management cycles, network configurations, data protection tools, or logging practices.
- Managed System Configurations. Data regarding operating system settings, application configurations, and security protocols.
- Backup and Recovery Plans. Including backup schedules, storage locations, recovery procedures, and the actual backup data.
- Access Control Policies. Data about who is authorized to access specific resources, under what conditions, and what actions they are permitted to perform.
Legal and Finance
Legal teams may use ChatGPT, or similar tools, to assist with large portions of their job. For example, it might help to perform spelling and grammar checks on content or translate bodies of text into other languages for different team members.
Our machine learning team has been working with legal companies to create specific detection models that enable the secure adoption of legal use cases.
This month, we rolled out three new detections:
- Legal Discourse. Detect a wide range of text, from formal contracts and statutes to policies, terms and conditions, and even casual writing that mimics legal jargon.
- Settlement and Dispute Resolutions. This encompasses anything related to the negotiation, drafting, and execution of settlement agreements across various legal fields, such as corporate, employment, and civil disputes.
- Private Credit Agreements. This includes agreements in which private investors–such as family offices, venture capital (VC) funds, and private investment funds–deploy capital into specialized, often privately managed, investment opportunities.
Detecting Proprietary Source Code
While you can already detect source code, this new model focuses on source code that is original and confidential, likely developed by a company for its software or systems. This excludes codes that are based on external, freely distributed codebases, ensuring its uniqueness and intellectual property rights. This code is exclusive to the organization and forms the foundation for its products, services, or internal processes.
It includes algorithms, logic, data structures, and other components that are integral to the software's functionality. If AI models are trained on this data, other companies looking to generate code may be able to generate proprietary source code, potentially eroding competitive advantages.
____
Stay tuned for even more updates in next month’s Product Update blog!
To learn more, email us at info@harmonic.security or request a demo directly here.
.png)