Just a scratchpad of ideas for future enterprise AI security
1) Custom LLM boundaries based on company policies
2) Code scanning of functional blocks for Level-1/2 validation for IP
3) Approved plugin's
4) Private Only AI access for company network(SSO, RBAC and Firewall, WAF like boundary)
5) Employee Trainings ( Just like how slack and char messages are accessible for admins, AI chat history is, use Intelligently)
6) Custom Org/Team level AI modeling for data.
7) AI Council part of Enterprise Security team.
8) Access to the company specific AI data for non employees is dangerous, Protecting the custom training models need a policy, NW blundary and hard Auth-Z and Auth-N controls