Integrating Identity into AI (Identity-Aware by Design)
Combined Session
Thursday, May 08, 2025 11:00—12:00
Location: B05-06
Thursday, May 08, 2025 11:00—12:00
Location: B05-06
Identity & Cyber: My Brother Is No Longer an Only Child
11:00—11:20
The Rise of Conversational IAM, aka Identity & Access processes built with new LLM (Large Language Model) and RAG (Retrieval Augmented generation) ingredients, enables a unique opportunity to tear down integration barriers between the IAM and Cyberworlds.
Conversational IAM provides tangible cost reduction, efficiency, and security resilience gains in four dimensions.
• User Experience: interaction is only in Natural language: Reporting, UI configuration, and end-user-related Change management costs nearly disappear. "Just ask!" is the new UI paradigm.
•
• Configuration efforts: ‘coding’ Risk Policies, Workflow, Visibility policies, and Entitlement Semantic enrichment in Natural Language only requires 'business domain knowledge'. Write a good PDF, and forget about the code.
•
• Data Augmentation: LLM+RAG technology allows for seamless inquiry of documental sources (e.g. Data Protection Agreements, Credential leak files, etc.) and cross-checking them with structured IAM data.
• Chatbot to Chatbot integration: Imagine a conversation-based integration among Chatbots, each with its specialization. "Hey, SOC Chatbot. Conversational IAM here: Is there anything for me about this human here?"
This session will highlight 'Cyber + IAM' brotherhood user stories and explain how Conversational IAM is the fundamental enabler uniting the IAM+Cyber family.
Paraphrasing Elvis: "You need a lot more conversation, a little less (coding) action instead.'
Leveraging Generative AI for Modernizing IAM (Towards Digital ID Management) Across the Stack
11:20—11:40
Generative AI has a huge potential. The number of solutions in that space is continuously increasing and many of the identity security vendors are releasing or at least announcing solutions. Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will rate the value and potential of generative AI across IAM use cases, with specific emphasis on where these technologies can help in modernizing IGA.
RAGe Against the Machine with BERT for Proactive Cybersecurity Posture
11:40—12:00
In the dynamic landscape of global data privacy and regulatory compliance, the integration of Retrieval-Augmented Generation (RAG) with a custom BERT-GRC classifier represents a pivotal advancement in Governance, Risk, and Compliance (GRC) technologies. This method introduces a scalable framework that combines the contextual depth of Large Language Models (LLMs) with real-time data retrieval to deliver actionable insights for compliance management. The BERT-GRC classifier identifies regulatory gaps in organizational policies, aligning them with evolving standards such as NYCRR 500 and GDPR. By incorporating seq2seq transformers with a dense vector index, the proposed RAG system enhances the precision and adaptability of compliance assessments, surpassing traditional methods limited by static data and manual analysis.
This system has been validated through case studies, including automated gap analysis and policy alignment. Experimental results demonstrate significant improvements in compliance gap detection and response times, highlighting the system’s capability to dynamically adapt to new regulatory demands. The integration of these AI-driven solutions underscores the transformative potential of RAG with a fine-tuned BERT classifier in streamlining GRC processes and reinforcing cybersecurity defenses.
