Upgrade to Pro — share decks privately, control downloads, hide ads and more …

生成AIのガバナンスの全体像と現実解

fnifni
December 17, 2024
Technology
1
120

 生成AIのガバナンスの全体像と現実解

本スライドは、2024/12/18に開催された第111回日本クラウドセキュリティアライアンス勉強回にて登壇した際の投影資料です。
This slide presentation was made at the 111th Japan Cloud Security Alliance Study Session held on 12/18/2024.
https://www.cloudsecurityalliance.jp/site/?page_id=35676

#genai #governance #csa

fnifni

December 17, 2024
Tweet

More Decks by fnifni

See All by fnifni
生成AIのガバナンスとこれから
fnifni
0
110
AWS re:Inforce 2024 に コミュニティから登壇してきた話
fnifni
0
27
COM224: How organizations are actually applying AWS security best practices
fnifni
0
33
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
fnifni
0
24
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
fnifni
0
100
信頼ルールはGoogle Drive共有の孫の手になるか?
fnifni
0
220
ゼロトラスト導入支援ってどんなことやってるの?
fnifni
0
52
ログの話
fnifni
0
55
re:Inforce 2021 ReCap
fnifni
0
180

Other Decks in Technology

See All in Technology
コンテナセキュリティのためのLandlock入門
nullpo_head
2
300
リクルートのデータ基盤 Crois 年3倍成長!1日40,000コンテナの実行を支える AWS 活用とプラットフォームエンジニアリング
recruitengineers
PRO
2
320
私なりのAIのご紹介 [2024年版]
qt_luigi
1
100
PHPからGoへのマイグレーション for DMMアフィリエイト
yabakokobayashi
1
140
ガバメントクラウドのセキュリティ対策事例について
fujisawaryohei
0
320
目玉アップデート!のSageMaker LakehouseとUnified Studioは何たるかを見てみよう!
nayuts
0
230
KubeCon NA 2024 Recap / Running WebAssembly (Wasm) Workloads Side-by-Side with Container Workloads
z63d
1
220
セキュリティ系アップデート全体像と AWS Organizations 新ポリシー「宣言型ポリシー」を紹介 / reGrowth 2024 Security
masahirokawahara
0
380
Postman と API セキュリティ / Postman and API Security
yokawasa
0
180
LINEヤフーのフロントエンド組織・体制の紹介【24年12月】
lycorp_recruit_jp
0
500
Kubernetesトラフィックルーティング徹底解説/Kubernetes-traffic-deep-dive
oracle4engineer
PRO
5
1k
MLOps の現場から
asei
5
600

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
247
1.3M
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Adopting Sorbet at Scale
ufuk
73
9.1k
Become a Pro
speakerdeck
PRO
26
5k
How to Think Like a Performance Engineer
csswizardry
21
1.2k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Six Lessons from altMBA
skipperchong
27
3.5k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
800
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
Building Applications with DynamoDB
mza
91
6.1k
Visualization
eitanlees
145
15k
Bash Introduction
62gerente
608
210k

Transcript

  1. Governance of Generative AI The overall picture and real-world solutions

    for the governance of generative AI. Hirokazu Yoshida / 2024.12.18 / At the Cloud Security Alliance Study Session #111

  2. ੜ੒AIͷΨόφϯε ੜ੒AIͷΨόφϯεͷશମ૾ͱݱ࣮ղ ٢ాͻΖ͔ͣ / 2024.12.18 / ୈ111ճ Cloud Security Allianceษڧձʹͯ

  3. Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job

    : Security Engineer & Director Community : Security-JAWS Founder Certi fi cation : ɹɹɹPIIP / PIPM Recent work : General Security ɹData Governance / Zero Trust ɹSIEM / EDR / SASE, DLP…etc CySec : 2nd Graduates
  4. None

  5. Attention ! • ຊηογϣϯͷ಺༰͸ɺݸਓͷݟղͰ͋Γɺಛఆͷஂମͷओு΍ҙݟ Λࣔ͢΋ͷͰ͸͋Γ·ͤΜ

  6. ಥવͰ͕͢

  7. ੜ੒AIͷ੎͍͸Ϡό͍Ͱ͢Ͷ(ޠኮྗ)

  8. Trend Trends in Generated AI (subjective) • ~2022/11: ChatGPTҎલ͸ઐ༻AI͕ओྲྀ (

    ғޟ, ҩྍ, ੡඼඼࣭etc…) • 2023/1~6: ڪΖ͘͠൚༻తͰݡ͍gpt-3.5Λ࢖ͬͨاۀઐ༻ChatGPTߏஙϒʔϜ • 2023/7-12: اۀઐ༻ChatGPTݬ໓͔ΒͷRAGϒʔϜ ( OpenAIத৺ ) • 2024/1-6: ੜ੒AIઓࠃ࣌୅ ( SaaS౥ࡌAI, ೖྗtokenര૿, Anthropic/Googleͷ୆಄, Claud-3͕ IQ100௒͑) • 2024/7-10: ௚ۙͷτϨϯυ ( ࠷ڧAI͕2िସΘΓ,௿ίετԽͱੑೳڧԽ, ग़ྗtokenര૿, GPT-4o ϚϧνϞʔμϧ/ϘΠεϞʔυ, ChatGPTߴ౓ͳԻ੠Ϟʔυ, ChatGPT-o1ෳࡶͳਪ࿦ܭࢉʹಛԽ, GitHub SparkͰର࿩͠ͳ͕ΒΞϓϦ։ൃ, ClaudeͰPC্ͷλεΫΛ୅ཧ࣮ߦ)

  9. ΋ͷ͍͢͝଎౓ͷਐԽ/ൃల/ల։ ҰํͰ໌Β͔ʹͳΔϦεΫ

  10. Risks posed by AI • όΠΞεͷ͋Δ݁Ռ΍ࠩผతͳ݁Ռͷग़ྗ • ϑΟϧλʔόϒϧɺΤίʔνΣϯόʔݱ৅ • ଟ༷ੑͷ૕ࣦ

    • ෆద੾ͳݸਓ৘ใͷऔѻ͍ • ੜ໋ɾ਎ମɾࡒ࢈ͷ৵֐ • ϒϥοΫϘοΫεԽɺ൑அʹؔ͢Δઆ໌ཁٻ • ΤωϧΪʔ࢖༻ྔٴͼ؀ڥͷෛՙ • ػີ৘ใͷྲྀग़ • ѱ༻ • ϋϧγωʔγϣϯ • ِ৘ใɺޡ৘ใΛӏವΈʹ͢Δ͜ͱ • ஶ࡞ݖͱͷؔ܎ • ࢿ֨౳ͱͷؔ܎ • όΠΞεͷ࠶ੜ੒ "*ࣄۀऀΨΠυϥΠϯʢୈ൛ʣ IUUQTXXXNFUJHPKQQSFTTIUNM

  11. ͦΜͳத AIʹର͢Δࣾձతͳૌٻ͕׆ൃʹ

  12. Social appeal for AI governance • EU AI Act •

    AIγεςϜͷ։ൃ΍ར༻ʹؔ͢Δن੍๏Ͱ͋Γɺੈքॳͷแׅత ͳAIن੍ ( 2024/5 EUධٞձʹͯ࠷ऴঝೝ ) • 2022೥11݄Ҏ߱ͷChat GPT౳ͷੜ੒AIͷ୆಄Λड͚ͯɺ౰ॳҊ Ͱ͸໌֬ʹ͸ن੍ର৅ͱͳ͍ͬͯͳ͔ͬͨʮ൚༻໨తܕAIϞσ ϧʯʹ͍ͭͯ΋ɺಠࣗͷن੍͕ઃ͚ΒΕΔํ਑ͱͳͬͨ ਓ޻஌ೳʢ"*ʣ๏ɿධٞձ͕"*ʹؔ͢Δੈքॳͷنଇʹ࠷ऴঝೝ IUUQTXXXDPOTJMJVNFVSPQBFVFOQSFTTQSFTTSFMFBTFTBSUJ fi DJBMJOUFMMJHFODFBJBDUDPVODJMHJWFT fi OBMHSFFOMJHIUUPUIF fi STUXPSMEXJEFSVMFTPOBJ

  13. Social appeal for AI governance • EU AI Act (

    ͬ͘͟Γղઆ ) • ʮAIγεςϜʯͱʮ൚༻ੜ੒AIγεςϜϞσϧʯΛఆٛ • ʮఏڙऀ (։ൃऀ, ্ࢢऀ, ӡ༻ऀ)ʯͱʮར༻ऀʯʹରͯ͠ • ݸਓతͰඇ৬ۀతͳར༻ʹ͍ͭͯ͸ର৅֎ • 4ஈ֊ͷϦεΫͷఔ౓ʹԠͨ͡ن੍ΛఆΊͨ ( ੍ࡋنఆ͋Γ )

  14. Social appeal for AI governance • EU AI Act ͷ4ஈ֊ͷϦεΫͷఔ౓ʹԠͨ͡ن੍

    ( ͬ͘͟Γղઆ )

  15. Social appeal for AI governance • ਓؒத৺ͷ AI ࣾձݪଇ •

    2019 ೥ 5݄ʹ࠾୒͞ΕͨOECD ͷ AI קࠂҊʹج͍ͮͯɺ౷߹Πϊϕʔγϣϯઓ ུਪਐձٞ ( ಺ֳ෎ ) ͕ܾఆͨ͠ • ࣾձશମ͕ओମͱͳΓ࣮ݱ͢΂͖ AI ࣾձݪଇ͕ఆΊΒΕΔͱͱ΋ʹɺ͜ͷݪଇ Λ౿·͑ͯɺAI ͷ։ൃɾӡ༻౳ͷ౰ࣄऀͱͳΔࣄۀऀ͕ɺ֤ࣗͷ AI ͷ։ൃɾӡ ༻౳ͷ໨త΍ํ๏౳ʹԠ͡ɺ࣮ࢪ͢΂͖໨ඪʢAI ։ൃར༻ݪଇʣΛࣗΒఆΊɺ९ क͢΂͖Ͱ͋Δ 0&$%೔ຊ੓෎୅ද෦ʮ"*ʢਓ޻஌ೳʣʹؔ͢Δཧࣄձקࠂ͕࠾୒͞Ε·ͨ͠ ೥݄೔ ʯ IUUQTXXXPFDEFNCKBQBOHPKQJUQS@KB@IUNM

  16. Social appeal for AI governance • ਓؒத৺ͷ AI ࣾձݪଇ •

    ᶃਓؒத৺ͷݪଇ • ᶄڭҭɾϦςϥγʔͷݪଇ • ᶅϓϥΠόγʔ֬อͷݪଇ • ᶆηΩϡϦςΟ֬อͷݪଇ "*ݪଇ࣮ફͷͨΊͷΨόφϯεɾΨΠυϥΠϯ7FS IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFBJ@TIBLBJ@KJTTPQEG@QEG • ᶇެਖ਼ڝ૪֬อͷݪଇ • ᶈެฏੑɺઆ໌੹೚ٴͼಁ໌ ੑͷݪଇ • ᶉΠϊϕʔγϣϯͷݪଇ

  17. Algorithmic Accountability Act of 2022 • ΞϧΰϦζϜઆ໌੹೚๏ ( 2022೥ถࠃٞձԼӃఏग़ )

    • اۀ͕࢖༻ɾൢച͢ΔࣗಈԽγεςϜͷӨڹΛධՁ͢Δ͜ͱΛٻ ΊɺࣗಈԽγεςϜ͕͍ͭɺͲͷΑ͏ʹ࢖༻͞Ε͍ͯΔ͔ʹ͍ͭ ͯ৽ͨͳಁ໌ੑΛ૑ग़͠ɺফඅऀ͕ॏཁͳҙࢥܾఆͷࣗಈԽʹͭ ͍ͯे෼ͳ৘ใΛಘ্ͨͰબ୒Ͱ͖ΔΑ͏ʹ͢Δ΋ͷͰ͋Δɻ "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFS IUUQTXXXXZEFOTFOBUFHPWJNPNFEJBEPD "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFSQEG

  18. Algorithmic Accountability Act of 2022 (Excerpts) • ͢ͰʹࣗಈԽ͞Ε͍ͯΔҙࢥܾఆϓϩηεΛؚΊɺاۀ͕ॏཁͳҙࢥܾఆΛ ࣗಈԽ͢Δ͜ͱʹΑΔӨڹΛධՁ͢ΔͨΊͷجຊతͳཁ݅Λఏڙ͢Δɻ •

    ถ࿈๜औҾҕһձ ( FTC ) ʹର͠ɺධՁͱใࠂͷͨΊͷߏ଄Խ͞ΕͨΨΠυ ϥΠϯΛఏڙ͢Δن੍Λઃ͚Δɻ • ॏཁͳҙࢥܾఆΛߦ͏اۀͱɺͦͷϓϩηεΛՄೳʹ͢Δٕज़Λߏங͢Δا ۀͷ૒ํ͕ɺӨڹΛධՁ͢Δ੹೚Λෛ͏Α͏ʹ͢Δɻ • બ୒ͨ͠ӨڹධՁจॻͷFTC΁ͷใࠂΛٛ຿෇͚Δɻ

  19. ཁ͸AIͷ։ൃ΍ར׆༻ʹ͍ͭͯ ૊৫ͱͯ͠ΨόφϯεΛޮ͔ͤΖ ͱ͍͏͜ͱ

  20. ͦ΋ͦ΋ΨόφϯεͬͯԿʁ

  21. What is governance? • ޠҙͱͯ͠͸ʮ౷࣏ɺࢧ഑ɺ؅ཧʯ • ◦◦◦ΨόφϯεͳͲɺ઀ଓ͢Δݴ༿ʹΑͬͯҙຯ߹͍͕มΘΔ • จ຺ʹΑͬͯඍົʹҙຯ͕มΘΔͷͰɺఆٛ͸ཁ֬ೝ •

    ͜͜Ͱ͸ɺňੜ੒AIͷ։ൃɾఏڙɾར׆༻Λ૊৫͕ఆΊͨͱ͓Γʹ ίϯτϩʔϧ͢Δ͜ͱʼnͱఆٛ͠·͢ • NIST CSF 2.0ͰʮGovernʢ౷࣏ʣʯ͕௥Ճ͞Εͨ

  22. What is governance? • NIST CSF 2.0ʹ͓͚ΔʮGovernʢ౷࣏ʣʯ • ૊৫ͷഎܠͷཧղɺαΠόʔηΩϡϦςΟઓུ ͱαΠόʔηΩϡϦςΟɾαϓϥΠνΣʔϯɾϦ

    εΫͷཱ֬ɺ໾ׂɺ੹೚ɺݖݶɺํ਑ɺαΠόʔ ηΩϡϦςΟઓུͷ؂ࢹʹऔΓ૊Ή΋ͷ • ૊৫ͷϛογϣϯͱར֐ؔ܎ऀͷظ଴ʹরΒ͠ ͯɺଞͷ5ͭͷػೳͷ੒ՌΛୡ੒͠ɺ༏ઌॱҐΛ ͚ͭΔͨΊʹ૊৫͕ԿΛ͢΂͖͔ࣔͨ͢Ίͷ੒ ՌΛఏڙ͢Δ

  23. What is governance? • NIST CSF 2.0ʹ͓͚ΔʮGovernʢ౷࣏ʣʯͷΧςΰϦ • ૊৫తจ຺ •

    ϦεΫϚωδϝϯτઓུ • ໾ׂ / ੹೚ / ݖݶ • ϙϦγʔ • ؂ಜ • αΠόʔηΩϡϦςΟαϓϥΠνΣʔϯϦεΫϚωδϝϯτ

  24. ཁ͸ର৅ͷࣄฑʹରͯ͠ ઓུʹج͍ͮͨϙϦγʔΛ࡞Γ ϙϦγʔΛ਱ߦ͢ΔͨΊͷ૊৫ΛఆΊ ੹೚/໾ׂ/ݖݶΛׂΓৼΓ ؂ࢹ͢Δ͜ͱ

  25. ͦΜͳ͜ͱ஌ͬͯΒ͊ʂ

  26. Ͱ͸ʮੜ੒AIͷʯΨόφϯεͱͳΔͱ ్୺ʹख͕ࢭ·Δͷ͸ͳͥʁ

  27. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  28. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  29. ࢀߟυΩϡϝϯτ͋Δ΍Ζʁ

  30. Excerpts of documentation on governance of generative AI • LLM

    AI αΠόʔηΩϡϦςΟͱΨόφϯεͷνΣοΫϦετ • զ͕ࠃͷAIΨόφϯεͷࡏΓํ ver. 1.1 • AI ݪଇ࣮ફͷͨΊͷ ΨόφϯεɾΨΠυϥΠϯ Ver. 1.1 • AIࣄۀऀΨΠυϥΠϯʢୈ1.0൛ʣ • AWS ੜ੒ AI ϕετϓϥΫςΟεϑϨʔϜϫʔΫ v2 • NIST AIϦεΫϚωδϝϯτϑϨʔϜϫʔΫ • ISO/IEC 42001 ( AI ϚωδϝϯτγεςϜ)

  31. ࢥͬͨΑΓͨ͘͞Μग़ͯͯ;͊ʔ

  32. ಡΜͰΈΔͱཻ౓όϥόϥͩ͠ ͲΕࢀߟʹ͢Ε͹͍͍ͷʁʼʻ

  33. ॻ͍ͯ͋Δ͜ͱ΋ଟذʹΘͨΔ શ͘৽͍͠࿮૊Έ΍औΓ૊ΈΛ ͠ͳ͍ͱ͍͚ͳ͍ʁ

  34. ͦΜͳΘ͚Ͱ ੔ཧͯ͠Έ·ͨ͠

  35. • ಠஅͱภݟͰ੔ཧ͠·ͨ͠ • ҟ࿦͸ೝΊ·͢ • ͜ͷେ࿮ͷϕʔε͸ɺ ʮզ͕ࠃͷAIΨόφϯεͷ ࡏΓํ ver. 1.1ʯΛࢀߟ

    • ͜ΕΛݟͳ͕Β࿩͠·͢ big picture

  36. • ಠஅͱภݟͰ੔ཧ͠·ͨ͠ • ҟ࿦͸ೝΊ·͢ • ͜ͷେ࿮ͷϕʔε͸ɺ ʮզ͕ࠃͷAIΨόφϯεͷ ࡏΓํ ver. 1.1ʯΛࢀߟ

    • ͜ΕΛݟͳ͕Β࿩͠·͢ big picture https://bit.ly/genai-gov-structure

  37. ͱɺͦΕͧΕͷղઆͱ֤࿦ʹೖΔલʹ

  38. ࣮͸མͱ͠Ͳ͜Ζ͕༻ҙ͞Ε͍ͯ·͢

  39. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • ๏త߆ଋྗͷͳ͍اۀΨόφϯεΨΠυϥΠϯ͕๬·͍͕͠ɺ ݪଇ͔ΒاۀΨόφϯε΁ͷม׵͕༰қͰ͸ͳ͍ • νΣοΫϦετ͸ɺ൒͹ٛ຿ͷΑ͏ʹܗࣜతͳෛ୲૿ʹͳΔݒ೦ ͕͋ΔͷͰ޷·͘͠ͳ͍͕ɺܦݧ͕ෆ଍͍ͯ͠Δ૊৫޲͚ʹ༻ҙ ͤ͟ΔΛಘͳ͍

  40. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • ϦεΫϕʔεͷϚωδϝϯτ • ඞཁҎ্ʹજࡏతͳϦεΫ΁ͷݒ೦ͰAIͷར׆༻્͕֐͞ΕΔ Մೳੑ͕͋Δ • খن໛ͳར׆༻ͱେن໛ͳར׆༻ͰҟͳΔͷͰɺϦεΫධՁ΍ ϚωδϝϯτͷࡏΓํΛఏڙ͢Δ͜ͱͰɺAIͷࣾձ࣮૷Λଅਐ Ͱ͖Δ

  41. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • தؒతͳΨΠυϥΠϯͷΞ΢τϥΠϯ • AI ར׆༻ͷج൫࡞Γɿऔ૊ΈͷશࣾԽɺAI Ψόφϯε΁ͷҙࣝ޲্ɺAI Ϧ ςϥγʔͷ޲্ • AI γεςϜͷ։ൃɾಋೖɿϓϦϯγϓϧͷ࡞੒ɺϚωδϝϯτମ੍ͷ੔උɺ ΤεΧϨʔγϣϯϓϩηεͷཱ֬ɺϦεΫϚωδϝϯτϓϩηεͷࡦఆ • AI γεςϜͷӡ༻ɿϞχλϦϯάɺ಺෦؂ࠪɺ֎෦ධՁͷ׆༻ɺεςʔΫϗ ϧμʔͱͷؔ܎ߏஙɺվળͱਐḿ؅ཧ

  42. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • ݱ࣌఺Ͱ͸ɺ๏త߆ଋྗͷ͋Δن੍ʹ͍ͭͯ͸ෆཁ • ैۀһͱͷԣͷͭͳ͕Γ͕伴ʂͱ͍ͯ͠Δ

  43. Ͱ͸ɺ֤࿦

  44. ҰମԿΛͨͯ͘͠ ੜ੒AIͷΨόφϯεʹऔΓ૊Ήͷ͔

  45. ҰମԿΛͨͯ͘͠ ੜ੒AIͷΨόφϯεʹऔΓ૊Ήͷ͔

  46. ਓؒத৺ͷAIࣾձݪଇΛ࣮ݱ͍ͨ͠

  47. We want to realize human-centered AI social principles. • ฏ੒̏̍೥݄̏̎̕೔

    ౷߹Πϊϕʔγϣϯઓུਪਐձܾٞఆ • ਓؒத৺ͷAIࣾձݪଇͱ͸ɺجຊཧ೦ͱϏδϣϯΛࢧ͑Δ΋ͷ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  48. We want to realize human-centered AI social principles. • جຊཧ೦

    • ਓؒͷଚݫ͕ଚॏ͞ΕΔࣾձ(Dignity) • ଟ༷ͳഎܠΛ࣋ͭਓʑ͕ଟ༷ͳ޾ͤΛ௥ٻͰ͖Δࣾձ (Diversity & Inclusion) • ࣋ଓੑ͋Δࣾձ(Sustainability) ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  49. We want to realize human-centered AI social principles. • ϏδϣϯɿSociety

    5.0 ࣮ݱʹඞཁͳࣾձมֵʮAI-Ready ͳࣾձʯ • ࣾձશମ͕ AI ʹΑΔศӹΛ࠷େݶʹڗड͢ΔͨΊʹඞཁͳมֵ͕ߦ ΘΕɺAI ͷԸܙΛڗड͍ͯ͠Δɺ·ͨ͸ɺඞཁͳ࣌ʹ௚ͪʹ AI Λ ಋೖͦ͠ͷԸܙΛಘΒΕΔঢ়ଶʹ͋ΔɺʮAI ׆༻ʹରԠͨࣾ͠ձʯ • ߏ੒ཁૉ͸ʮਓʯ,ʮࣾձγεςϜʯ,ʮ࢈ۀߏ଄ʯ,ʮΠϊϕʔγϣϯ γεςϜ(ΠϊϕʔγϣϯΛࢧԉ͢Δ؀ڥ)ʯ,ʮΨόφϯεʯ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  50. We want to realize human-centered AI social principles. • Ϗδϣϯͷߏ੒ཁૉɿʮAI-Ready

    ͳࣾձʯͷΨόφϯε • ͦͷଞͷϏδϣϯͷߏ੒ཁૉʹ͍ͭͯٞ࿦͞ΕΔ಺༰΍໨తઃఆ Λߋ৽͢Δඞཁ͕͋Γɺ༷ʑͳεςʔΫϗϧμʔ͕ڠಇͯ͠ɺ ϧʔϧɺ੍౓ɺඪ४Խɺߦಈنൣ౳ͷΨόφϯεʹ͍ͭͯ໰୊Λ ઃఆɾධՁɾҙࢥܾఆΛߦ͏͜ͱɻ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  51. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    • ਓؒத৺ͷݪଇ • ڭҭϦςϥγʔͷݪଇ • ϓϥΠόγʔͷݪଇ • ηΩϡϦςΟͷݪଇ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG • ެฏੑɺઆ໌੹೚͓Αͼ ಁ໌ੑͷݪଇ • ެฏڝ૪֬อͷݪଇ • Πϊϕʔγϣϯͷݪଇ

  52. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    • ਓؒத৺ͷݪଇ • ڭҭϦςϥγʔͷݪଇ • ϓϥΠόγʔͷݪଇ • ηΩϡϦςΟͷݪଇ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG • ެฏੑɺઆ໌੹೚͓Αͼ ಁ໌ੑͷݪଇ • ެฏڝ૪֬อͷݪଇ • Πϊϕʔγϣϯͷݪଇ

  53. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    : ਓؒத৺ͷݪଇ • AI͸ಓ۩Ͱ͋ΓɺਓؒͷೳྗΛ֦ு͢Δ΋ͷͰ͋ΔɻͦͷͨΊɺ AI͕΋ͨΒ݁͢Ռͷ੹೚͸ਓؒͰ͋ΔͨΊɺڭҭ΍దਖ਼ʹར༻Ͱ ͖ΔΑ͏ͷ࢓૊ΈΛಋೖ͢Δ͜ͱɻ͢΂ͯͷਓ͕AIͷԸܙΛڗड Ͱ͖ΔΑ͏࢖͍қ͍γεςϜͷ࣮ݱʹ഑ྀ͢Δ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  54. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    : ϓϥΠόγʔอޢͷݪଇ • େݪଇͱͯ͠ɺݸਓͷࣗ༝ɺଚݫɺฏ౳͕৵֐͞Εͳ͍Α͏ʹ ͠ɺਖ਼֬ੑɾਖ਼౰ੑͷ֬อͱຊਓͷ࣮࣭తͳؔ༩͕Ͱ͖ΔΑ͏ʹ ͠ͳ͚Ε͹ͳΒͳ͍ • ύʔιφϧσʔλͷॏཁੑɾཁ഑ྀੑͷอޢͷҝʹจԽతഎܠ΍ ࣾձͷڞ௨ཧղͷ΋ͱʹ͖Ίࡉ΍͔ʹݕ౼͢Δඞཁ͕͋Δ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  55. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    : ηΩϡϦςΟ֬อͷݪଇ • ηΩϡϦςΟ͸ϦεΫϕʔεͰ͋ΓɺಘΒΕΔརӹͱόϥϯεΛ औΓͳ͕Βࣾձͷ҆શੑͱͱ΋ʹ࣋ଓՄೳੑΛ޲্͢Δ • ࣋ଓՄೳੑͷͨΊʹɺ୯Ұ͋Δ͍͸গ਺ͷಛఆ AI ʹҰٛతʹ ґଘͯ͠͸ͳΒͳ͍ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  56. ͜͜·ͰͰ Ͳ͏Ͱ͠ΐ͏ʁ

  57. ʮੜ੒AIͷΨόφϯεʯ ํ๏࿦ʹ໨͕ߦ͖͕ͪͩͱࢥ͍·͢

  58. ԿΛͨͯ͘͠ ੜ੒AIͷΨόφϯεʹऔΓ૊Ήͷ͔

  59. ͜͜Λ౿·্͑ͨͰ ૊৫ʹམͱ͠ࠐΉͨΊʹ ஈ֊Λ౿Έ·͢

  60. AIݪଇ࣮ݱͷͨΊͷΨόφϯε ΨΠυϥΠϯVer1.1

  61. Relatively abstract guidelines • ؀ڥɾϦεΫ෼ੳ • AIΨόφϯεΰʔϧઃܭ • γεςϜσβΠϯʢAIϚωδϝϯτγεςϜઃܭʣ •

    ӡ༻ • ܧଓతͳධՁ • ΞδϟΠϧΨόφϯεͷ࣮ફ

  62. Governance Guidelines for AI Principles of Practice. • ؀ڥɾϦεΫ෼ੳ •

    اۀ΍ࣄۀ෦୯Ґͷํ਑ΛܾΊΔʹ͋ͨͬͯ͸ɺAI γεςϜ͕΋ ͨΒ͠͏Δਖ਼ෛͷΠϯύΫτɺAI γεςϜͷ։ൃ΍ӡ༻ʹؔ͢Δ ࣾձతड༰ɺͦͯࣗࣾ͠ͷࣄۀൣғ౳ʹরΒͯ͠ෛͷΠϯύΫτ ͕ܰඍͰ͸ͳ͍ͱ൑அͨ͠৔߹ʹ͸ɺࣗࣾͷ AI शख़౓ʢAI γε ςϜͷ։ൃɾӡ༻࣌ʹٻΊΒΕΔ४උ͕ͲΕ͚ͩͰ͖͍ͯΔͷ ͔ʣΛߟྀ͢΂͖Ͱ͋Δɻ

  63. Governance Guidelines for AI Principles of Practice. • AIΨόφϯεΰʔϧઃఆ •

    ϚνϡχςΟϞσϧͷΑ͏ͳ΋ͷͰ͋Γɺݱঢ়ͱඞཁͳਫ४ͱͷ ဃ཭Λ໌Β͔ʹ͢Δ΋ͷ • ಛఆͨܰ͠ඍͰ͸ͳ͍ϦεΫʹରͯ͠ɺΰʔϧΛઃఆ͠ɺݱࡏʹ ͓͍ͯͲͷΑ͏ͳࢪࡦ͕ෆ଍͍ͯ͠Δͷ͔ΛՄࢹԽ͢Δɻ • ֤޻ఔʹ͓͚Δ࣮ફྫ͕ଟ͘ܝࡌ͞Ε͍ͯΔͷͰɺͦΕΛࢀ ߟʹΰʔϧઃఆΛ͍ͯ͘͠ɻ

  64. Governance Guidelines for AI Principles of Practice. • γεςϜσβΠϯʢAIϚωδϝϯτγεςϜઃܭʣ •

    ઃఆͨ͠AIΨόφϯεΰʔϧʹ޲͔ͬͯɺဃ཭Λղফ͍ͯ͘͠ମ੍΍࿮૊ΈΛ࡞ Δ޻ఔ • εςʔΫϗϧμʔʹରͯ͠ɺဃ཭ΛධՁ͢ΔͨΊͷσʔληοτΛఏڙ͢Δ • AIϚωδϝϯτγεςϜʹܞΘΔਓࡐʹAIྙཧʹؔ͢ΔϦςϥγʔڭҭ΍ ݚमΛఏڙ͢Δ • ࣄۀऀؒɾ෦໳ؒͰ৘ใڞ༗͠ɺڠྗͯ͠AIϚωδϝϯτΛڧԽ͢Δ

  65. Governance Guidelines for AI Principles of Practice. • ӡ༻ •

    AIϚωδϝϯτγεςϜͷӡ༻ঢ়گʹ͍ͭͯઆ໌Մೳͳঢ়ଶͷ֬ อ • ݸʑͷAIγεςϜͷӡ༻ঢ়گʹ͍ͭͯઆ໌Մೳͳঢ়ଶΛ֬อ͢Δ • ίʔϙϨʔτΨόφϯεɾίʔυͷඇࡒ຿৘ใͱͯ͠Ґஔ͚ͮͯ ੵۃతͳ৘ใͷ։ࣔ

  66. Governance Guidelines for AI Principles of Practice. • ܧଓతͳධՁ •

    AI ϚωδϝϯτγεςϜٴͼݸʑͷ AI γεςϜͷӡ༻ঢ়گʹͭ ͍ͯઆ໌Մೳͳঢ়ଶΛ֬อ͢Δ (಺෦؂ࠪ, ࣗݾධՁ, ֎෦؂ࠪ) • ࣾ֎εςʔΫϗϧμʔ͔ΒͷϑΟʔυόοΫΛड͚Δ

  67. Governance Guidelines for AI Principles of Practice. • ΞδϟΠϧΨόφϯεͷ࣮ફ •

    εςʔΫϗϧμʔͷؔ༩ͷ ԼͰAIΨόφϯεͷࡏΓํ Λݕ౼͠ɺϚνϡχςΟϞ σϧΛؚΊɺඞཁʹԠͯ͡ վగΛߦ͏͜ͱɻ "*ݪଇ࣮ફͷͨΊͷΨόφϯεɾΨΠυϥΠϯ7FS IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFBJ@TIBLBJ@KJTTPQEG@QEG

  68. ΍͍ͬͯ͘͜ͱͷ֎࿮͸෼͔͚ͬͨͲ த਎͕ந৅తͰͰ͖Δؾ͕͠ͳ͍

  69. ϚνϡχςΟϞσϧ͸ྲྀߦ͍ͬͯΔ͕ ૊৫ʹ߹Θͤͯ࡞ΔͷͰେม

  70. ૊৫׆ಈͷதͰ ੜ੒AIͷͨΊʹ ৽͍͠औΓ૊Έ͕ඞཁͳͷʁ

  71. ૊৫ʹ͸ ϓϥΠόγʔͱηΩϡϦςΟʹ औΓ૊Ή࢓૊Έ͕طʹ͋Δ

  72. NIST Cyber Security Framework v2.0 NIST Privacy Framework

  73. Incorporation into the organization's existing activities • NIST Privacy FrameworkͰ͸ɺαΠόʔηΩϡϦςΟʹؔ࿈͢Δϓϥ

    ΠόγʔΠϕϯτʹ͍ͭͯɺ๷ޚͷ෦෼͚ͩϓϥΠόγʔʹಛԽͨ͠ ܗʹͰ͖Ε͹ݕ஌ɾରԠɾ෮چͷ෦෼͸NIST CSFͱಉ͡࿮૊ΈͰର ԠͰ͖Δͱ͍ͯ͠Δ • ϙΠϯτ͸ɺ૒ํʹGovernͱϦεΫϚωδϝϯτઓུ͕͋Δͱ͜Ζ

  74. ͜͜ʹੜ੒AIͷจ຺Λ ৫ΓࠐΜͰ֦ு͍ͯ͘͠

  75. NIST AI Risk Management Framework

  76. Structure of NIST AI Risk Management Framework • લ൒͸ɺAIʹؔ࿈͢ΔϦεΫΛͲͷΑ͏ʹϑϨʔϜϫʔΫԽͰ͖Δ͔ ͱ͍͏ٞ࿦ͱτϥετϫʔδͳੜ੒AIγεςϜͷಛ௃ʹ͍ͭͯ֓આ

    • ޙ൒͸ɺCoreͰ͋ΔGovernͱMapɺMeasureɺManageʹ͍ͭͯղ આ͍ͯ͠Δ "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  77. ·ͣɺલ൒෦෼

  78. • Elements for framing risks associated with AI Overview of

    AI actors and TEVV tasks at each stage of the generative AI life cycle

  79. • Elements for framing risks associated with AI Trustworthy Generative

    AI Features "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  80. ͜ΕΒ͸ ϦεΫΞηεϝϯτͷࡐྉͱ ΨόφϯεͷΞ΢τϓοτཁૉ ͱ΋ݴ͑Δ

  81. ࣍ʹɺޙ൒෦෼

  82. Check your current location

  83. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ϦεΫΛ༧ଌɺಛఆɺϚωδϝϯτ͢ΔͨΊͷϓϩ ηεͱจॻ΍εςʔΫϗϧμʔશମΛؚΉ૊৫ͷ࿮ ૊ΈɺͦΕΒͷ੒ՌΛୡ੒͢ΔͨΊͷखॱͷ֓આ • AI ͷϦεΫϚωδϝϯτػೳΛ૊৫ͷݪଇɺํ਑ɺ ઓུత༏ઌࣄ߲ͱ੔߹ͤ͞ΔͨΊͷ࢓૊Έ

  84. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ੜ੒AIͷϥΠϑαΠΫϧͷ֤ஈ֊ͰߦΘΕΔ׆ಈͷ தͰͲͷΑ͏ͳϦεΫ͕͋Γͦ͏͔ͷίϯςΩετ Λચ͍ग़͢ػೳ • ΍ͬͯΔࣄ͸ϦεΫΞηεϝϯτʹࣅͯ·͕͢ɺ ϦεΫͷϞσϧԽʹ͸৮ΕΒΕ͍ͯͳ͍ • Mapͷ݁Ռ͸ɺMeasureͱManageʹఏڙ͞ΕΔ

  85. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • Map͞ΕͨAIϦεΫͱؔ࿈͢ΔΠϯύΫτΛ෼ੳɺධ ՁɺϕϯνϚʔΫɺϞχλʔ͢ΔͨΊͷఆྔతɾ ఆੑతɺ·ͨ͸ࠞ߹๏ͷπʔϧ΍ٕ๏΍ํ๏࿦ • AIγεςϜ͸σϓϩΠલʹςετ͞Ε·͕͢ɺӡ༻த ʹ΋ఆظతʹςετ͞ΕΔ΂͖ • ͦͷͨΊɺMapͰಛఆ͞ΕͨAIϦεΫΛܭଌ͢ΔͨΊ ͷϝτϦΫε΍ํ๏࿦ΛจॻԽ͢Δ͜ͱ͕ॏཁ

  86. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • MAP͞ΕͯɺMeasure͞ΕͨϦεΫʹϦιʔεΛׂΓ ౰ͯͯňॲஔʼn͢Δ͜ͱ • ॲஔ͸ɺΠϯγσϯτ΍ࣄ৅΁ͷରԠɺճ෮ɺί ϛϡχέʔγϣϯʹؔ͢ΔܭըͰߏ੒͞Ε͍ͯΔ

  87. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ͦΕͧΕΛͲ͏࣮ફ͢Δ͔ͷৄࡉ͕هࡌ͞Ε͍ͯΔ • શ෦΍Δ΋ͷͰ͸ͳ͘ɺࣗ෼ͨͪͷ૊৫ΛऔΓר͘ ؀ڥ΍AIϥΠϑαΠΫϧʹ͓͍ͯɺऔࣺબ୒΍ඞཁͳ ڧ౓Λબ୒͢Δ΋ͷ • ͦͷͨΊɺݱࡏ஍ͱཧ૝ܥͷ2ύλʔϯ͕Ͱ͖Δ͸ͣ

  88. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ͜ΕΒΛ࠷ऴతʹAI RMF ϓϩϑΝΠϧʹམͱ͠ࠐΉ • ϢʔεέʔεʹԠͨ͡ϓϩϑΝΠϧͷ·ͱ·ΓͰɺ ϑϨʔϜϫʔΫར༻ऀͷཁ݅΍ϦεΫڐ༰౓ɺ Ϧιʔεʹجͮ͘ಛఆͷઃఆɺAI RMFͷ֤ΧςΰϦɾ αϒΧςΰϦΛͲ͏࣮૷͍͔͕ͯ͘͠هࡌ͞ΕΔ

  89. ͱݴ͏Θ͚Ͱ Playbookʹඈͼ͍ͭͯͨਓ͸ ·͋ɺམͪண͚ͱ͍͏͜ͱ

  90. One factor that could lead you astray • ňϦεΫϚωδϝϯτϑϨʔϜϫʔΫʼnͱ͍͏໊લͷͱ͓Γɺ Ψόφϯεͱ͸είʔϓ͕ҟͳΔ

    ( ΨόφϯεʼϦεΫϚωδϝϯτ ) • ੜ੒AIͷΨόφϯεΛ΍Γ͍͖ͨͯ͘ͳΓ͜ͷจॻʹඈͼͭ͘ͱɺ ࠞཚͨ͠Γɺ࢖͍ํΛؒҧ͑ͯ΍ͨΒࡉ͔͘ͳͬͨΓɺ ݪཧओٛతʹͳͬͨΓͱͪΐͬͱ͓͔͍͜͠ͱʹͳΔ͔΋͠Εͳ͍

  91. ͜͜·ͰͷυΩϡϝϯτΛ၆ᛌͯ͠ ੜ੒AIͷΨόφϯεͷશମ૾͕ ݟ͖͑ͯͨͱࢥ͍·͢

  92. Ͱ͕͢ɺͳ͔ͥͩ Ͱ͖Δؾ͕͠·ͤΜΑͶʁ

  93. ౷੍ͷ࿮૊Έ͕෼͔ͬͯ΋ ੜ੒AIͦͷ΋ͷɾ։ൃϓϩηε͕ ӢΛ௫ΉΑ͏ͳ΋ͷ͔ͩΒ

  94. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  95. νΣοΫϦετ͕ग़͍ͯΔ͔Β ͦΕΛ΍Ε͹͍ʔΜ͡Όͳ͍ʁ

  96. The nail is in the co ff i n fi

    rst. • ňAIݪଇ࣮ફͷͨΊͷΨόφϯεΨΠυϥΠϯ Ver.1.1ʼnͰड़΂ΒΕ͍ͯ Δͱ͓ΓɺνΣοΫϦετ͸൒͹ٛ຿ͳ΋ͷʹͳΓ͕ͪͰɺ ϦεΫϕʔεͷରԠΛ્֐͢Δ໘͕͋Δ • NIST CSFͷGovernͰ΋ňϦεΫϕʔεʼnͰରԠ͢ΔΑ͏ʹͱड़΂͍ͯΔ • νΣοΫγʔτ͸ɺख͕͔͔ؒΔׂʹɺͲ͜·Ͱ͍ͬͯ΋νΣοΫ γʔτͳͷͰϢʔεέʔε΍ݱ৔ʹϑΟοτ͠ͳ͍

  97. ͭ·Γ ňԿΛ͢Ε͹͍͍͔ʼn͸෼͔ͬͯ΋ ň۩ମతʹͲ͏͢Ε͹͍͍͔ʼn·Ͱ 1ϚΠϧҎ্ͷဃ཭͕͋Δ

  98. ͜ͷဃ཭͸ ňੜ੒AIͷΨόφϯεͷ࣮ߦΛ ೉͍ͯ͘͠͠Δཁૉʼn ͱݴ͍׵͑ͯ΋͍͍

  99. ෼ղͯ͠Έ·͠ΐ͏

  100. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  101. ཁ͢Δʹ ϦεΫΛϞσϧԽΛ͢Δཁૉͱ ੔ཧ͢΂͖಺༰ͷཧղ͕ ଍Γͯͳ͍

  102. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  103. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • NIST AI RMFͷਤ͕ࢀߟʹͳΓ·͢ͷͰɺ͜ΕΛϕʔεʹࣗ෼ͨͪ ͷϢʔεέʔεʹ౰ͯ͸Ί͍ͯ͘͜ͱͰɺ໌Β͔ʹ͢Δ

  104. • Elements for framing risks associated with AI Overview of

    AI actors and TEVV tasks at each stage of the generative AI life cycle [reprint]

  105. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  106. Elements that make it di ff i cult to implement

    the governance of generative AI • ର৅ͱ͢Δੜ੒AIͱؔ࿈͢Δ৘ใΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓ ѻ͓͏ͱ͍ͯ͠Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ؆୯ͳϞσϧʹϢʔεέʔεΛ౰ͯ͸ΊͯɺΠϝʔδ͠қ͘͢Δ

  107. Elements that make it di ff i cult to implement

    the governance of generative AI • ؆୯ͳϞσϧʹϢʔεέʔεΛ౰ͯ͸ΊͯɺΠϝʔδ͠қ͘͢Δ ੜ੒"*αʔϏεར༻ʹؔ͢Δ஫ҙϙΠϯτݕग़ϑϨʔϜϫʔΫΛ ߟ͑ͯΈͨ IUUQTXXXGOJGOJOFUBJGSBNFXPSL "*ݪଇ࣮ફͷͨΊͷΨόφϯεɾΨΠυϥΠϯ7FS IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFBJ@TIBLBJ@KJTTPQEG @QEG

  108. Elements that make it di ff i cult to implement

    the governance of generative AI • ؆୯ͳϞσϧʹϢʔεέʔεΛ౰ͯ͸ΊͯɺΠϝʔδ͠қ͘͢Δ • ͜ͷΠϝʔδͷ͠΍͢͞͸݁ߏେࣄ • ಛʹϓϥΠόγʔͷ෦෼͸ɺײ͡Δͱ͜Ζ͕ਓͦΕͧΕͳͷͰɺ ༷ʑͳਓ͕ؔΘ͍ͬͯ͘ඞཁ͕͋Δ • ઐ໳஌͕ࣝͳͯ͘΋Πϝʔδ͠қ͍Α͏ʹɺಉ͡ֆΛΈͳ͕Βߟ͑ ΒΕΔΑ͏ʹ͢Δͷ͸ɺεςʔΫϗϧμʔΛר͖ࠐΉ্Ͱ΋େࣄ

  109. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  110. Elements that make it di ff i cult to implement

    the governance of generative AI • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • OWASPňLLM AI αΠόʔηΩϡϦςΟͱΨόφϯεͷνΣοΫϦετ ʙ ࣦഊ͠ͳ͍େن໛ݴޠϞσϧಋೖͷͨΊʹʙʼnͷϞσϧԽ͞ΕͨڴҖͷྫ • OWASPňOWASP Top 10 for LLM Applicationʼn • re:Invent 2023 SEC214ňThreat modeling your generative AI workload to evaluate security riskʼn

  111. Elements that make it di ff i cult to implement

    the governance of generative AI • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • IriusRiskࣾͷJeff͸ɺೖྗͨ͠γεςϜͷ֓ཁ΍ߏ੒ਤʹج͍ͮ ͯɺڴҖϞσϧΛੜ੒ͯ͘͠ΕΔੜ੒AI • ༗ঈ൛ͱίϛϡχςΟ൛ (ແঈ) ͕͋Δ͕ɺγεςϜߏ੒ΛͲ͜·Ͱ ೖྗ͢Δ͔೰·͍͠ͱ͜Ζ

  112. ࢒೦ͳ͕Β ੜ੒AIͷ։ൃϓϩηεʹ͓͚Δ ڴҖϞσϧ͸੔ཧ͞Ε͍ͯͳͦ͞͏

  113. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  114. Elements that make it di ff i cult to implement

    the governance of generative AI • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍ "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  115. Elements that make it di ff i cult to implement

    the governance of generative AI • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍ "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  116. Elements that make it di ff i cult to implement

    the governance of generative AI • ΞΧ΢ϯλϏϦςΟͱಁ໌ੑ͸τϥετϫʔδͷલఏ • ಁ໌ੑ • ઃܭ্ͷҙࢥܾఆ΍τϨʔχϯάσʔλ͔ΒɺϞσϧͷτϨʔχϯάɺ Ϟσϧͷߏ଄ɺҙਤ͞ΕͨϢʔεέʔεɺσϓϩΠɺσϓϩΠޙɺ·ͨ ͸ΤϯυϢʔβͷҙࢥܾఆ͕ɺ͍ͭɺͲͷΑ͏ʹɺ୭ʹΑͬͯߦΘΕͨ ͔ʹ·ͰٴͿ • ΑΓߴ͍ϨϕϧͷཧղΛଅ͢͜ͱͰɺ AI γεςϜʹର͢Δ৴པΛߴΊΔ

  117. Elements that make it di ff i cult to implement

    the governance of generative AI • ΞΧ΢ϯλϏϦςΟ • ϦεΫͱΞΧ΢ϯλϏϦςΟͷؔ܎͸ɺจԽతɺ๏తɺ෼໺తɺ ࣾձతίϯςΫετʹΑͬͯҟͳΔ • ݁Ռ͕ਂࠁͰ͋Δ৔߹ɺAI ͷ։ൃऀ΍σϓϩΠϠ͸ɺͦͷಁ໌ੑ ͱΞΧ΢ϯλϏϦςΟͷ׳ߦΛൺྫత͔ͭੵۃతʹௐ੔͢Δ͜ͱΛ ݕ౼͢Δඞཁ͕͋Δ

  118. Elements that make it di ff i cult to implement

    the governance of generative AI • આ໌Մೳੑ • Ϟσϧ͕ਪ࿦ʹͲͷΑ͏ʹ౸ୡ͔ͨ͠Λઆ໌Ͱ͖Δඞཁ͕͋Δ৔߹ • AI γεςϜ͕ͲͷΑ͏ʹग़ྗʹ౸ୡ͔ͨ͠Λཧղ͢Δ͜ͱ • Ξϓϩʔνͷͻͱͭͱͯ͠ɺग़ྗͱೖྗʹؔ͢ΔϞσϧͷಈ࡞Λ؍ ࡯͢ΔɺϞσϧʹґଘ͠ͳ͍ϒϥοΫϘοΫεΞϓϩʔν͕͋Δ • ϞσϧΛ໰Θͳ͍ͷͰɺͲΜͳϞσϧͰ΋࢖͑ΔΞϓϩʔν

  119. Elements that make it di ff i cult to implement

    the governance of generative AI • આ໌Մೳੑ (ϒϥοΫϘοΫεͷ಺༁) • ಛ௃ྔͱ༧ଌ஋ͷؔ܎ͷՄࢹԽ (ICE, PDP) • ۙࣅϞσϧʹΑΔઆ໌Մೳੑ ( Surrogate Model, LIME, SHAP) • Ծ૝αϯϓϧʹΑΔઆ໌Մೳੑ ( Counterfactual Explanations ) • ը૾σʔλʹ͓͚Δઆ໌Մೳੑ ( Saliency Map ) ࢀߟ"*ެฏੑɾઆ໌Մೳ"*ʢ9"*ʣͷ֓આͱಈ޲೔ຊ૯ݚ IUUQTXXXKSJDPKQ.FEJB-JCSBSZ fi MFDPMVNOPQJOJPOQEGQEG

  120. Elements that make it di ff i cult to implement

    the governance of generative AI • ղऍՄೳੑ • ܾఆ໦΍ϧʔϧϕʔεͷγεςϜͳͲɺΑΓղऍՄೳͳΞϧΰϦζ Ϝ΍ख๏Λ࢖༻͢Δ͜ͱͰɺϞσϧͷॏΈΛ؍࡯͠ɺ಺෦ͷ࢓૊Έ Λཧղ͢Δ͜ͱ • ઢ্ճؼ ʻ σγδϣϯπϦʔ ʻ χϡʔϥϧωοτϫʔΫͷॱʹ ෳࡶʹͳ͍ͬͯ͘ • Ϟσϧͷ಺෦ϝΧχζϜ͕ग़ྗʹͲͷΑ͏ʹӨڹ͢Δ͔ΛจॻԽ

  121. Elements that make it di ff i cult to implement

    the governance of generative AI • ղऍՄೳੑ • ҙࢥܾఆΛઆ໌Ͱ͖Ε͹ɺҎԼͷΑ͏ͳಛੑ΋આ໌Ͱ͖Δ • ެฏੑ • ϓϥΠόγʔ • ৴པੑ·ͨ͸ݎ࿚ੑ • ҼՌؔ܎ ࢀߟ*OUFSQSFUBCMF.BDIJOF-FBSOJOH IUUQTDISJTUPQINHJUIVCJPJOUFSQSFUBCMFNMCPPLJOUFSQSFUBCJMJUZJNQPSUBODFIUNM

  122. Elements that make it di ff i cult to implement

    the governance of generative AI • ղऍՄೳੑ (ෆཁͳέʔε) • େ͖ͳӨڹΛٴ΅͞ͳ͍৔߹ • े෼ʹݚڀ͞Ε͍ͯΔ৔߹ • ղऍՄೳੑ͕޷·͘͠ͳ͍݁ՌΛٴ΅͢৔߹ • Ϣʔεέʔε্ɺൈ͚݀୳͠ͷϦεΫ͕ߴ͍৔߹ ࢀߟ*OUFSQSFUBCMF.BDIJOF-FBSOJOH IUUQTDISJTUPQINHJUIVCJPJOUFSQSFUBCMFNMCPPLJOUFSQSFUBCJMJUZJNQPSUBODFIUNM

  123. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦΕͧΕ͸૬ޓʹࢧ͑߹͏ಛੑ • ಁ໌ੑ͸ɺγεςϜͰňԿ͕ى͔ͬͨ͜ʼnʹճ౴Ͱ͖Δ • આ໌Մೳੑ͸ɺγεςϜͰňͲͷΑ͏ʹʼnܾఆ͞Ε͔ͨʹճ౴Ͱ͖Δ • ղऍՄೳੑ͸ɺγεςϜͰňͳͥʼnܾఆ͞Ε͔ͨʹճ౴Ͱ͖Δ

  124. ͦΕͧΕ͸ݫີͳ΋ͷͰ͸ͳ͘ ͳ͍΋ͷΑΓ͋Δํ͕৴པͰ͖ΔΑͶ ͱ͍͏χϡΞϯε

  125. ͳΜͰ ಁ໌ੑ, આ໌Մೳੑ, ղऍՄೳੑ͕ ඞཁͩͬͨΜ͚ͩͬʁ

  126. Algorithmic Accountability Act of 2022 [reprint] • ΞϧΰϦζϜઆ໌੹೚๏ ( 2022೥ถࠃٞձԼӃఏग़

    ) • اۀ͕࢖༻ɾൢച͢ΔࣗಈԽγεςϜͷӨڹΛධՁ͢Δ͜ͱΛٻ ΊɺࣗಈԽγεςϜ͕͍ͭɺͲͷΑ͏ʹ࢖༻͞Ε͍ͯΔ͔ʹ͍ͭ ͯ৽ͨͳಁ໌ੑΛ૑ग़͠ɺফඅऀ͕ॏཁͳҙࢥܾఆͷࣗಈԽʹͭ ͍ͯे෼ͳ৘ใΛಘ্ͨͰબ୒Ͱ͖ΔΑ͏ʹ͢Δ΋ͷͰ͋Δɻ "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFS IUUQTXXXXZEFOTFOBUFHPWJNPNFEJBEPD "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFSQEG

  127. ňੜ੒AIͷΨόφϯεͷ࣮ߦΛ ೉͍ͯ͘͠͠Δཁૉʼn͸ ϦεΫΛϞσϧԽΛ͢Δཁૉͱ ੔ཧ͢΂͖಺༰͕ཧղͰ͖Ε͹ ղܾ͢Δʁ

  128. ·ͩ଍Γͳ͍ ·ͩͰ͖Δؾ͕͠ͳ͍

  129. ͦΕ͸ Ωϟϯόε

  130. It means that everyone involved in generative AI sees the

    same picture. • ଟ͘ͷਓ͕ͨͪؔΘ্͍ͬͯ͘Ͱɺಉ͡΋ͷΛݟͨ΄͏͕ޮ཰͕͍͍ • ஌ࣝΪϟοϓɾೝࣝΪϟοϓ͸࢓ํͳ͍͕ɺଟ͘ͷεςʔΫϗϧ μʔ͕ؔ༩͢Δ্Ͱ஫ҙ͢΂͖ͱ͜Ζ͸ň৘ใΪϟοϓʼn • ஌ࣝΪϟοϓɾೝࣝΪϟοϓ͸ɺଟ༷ͳεςʔΫϗϧμʔ͕ؔ༩͢ ΔதͰղܾ͢Δཁૉ • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ ver. 1.1ʯͰड़΂͍ͯΔɺ ैۀһͷԣͷͭͳ͕Γͷྗͷൃش͠Ͳ͜Ζʂ

  131. ͜ΕΒΛ ੜ੒AIͷϢʔεέʔεϓϩϑΝΠϧ ͱͯ͠ɺ·ͱΊɾӡ༻͢Δ͜ͱΛ ఏҊ͠·͢

  132. What is a Generative AI Use Case Pro fi le?

    • Ϣʔεέʔεͷ֓ཁͱ࢖༻͍ͯ͠ΔϞσϧɺઆ໌ՄೳੑͱղऍՄೳੑͷ ఆྔతͳධՁํ๏ɺσʔλͷऔѻ͍ϙϦγʔɺϓϥΠόγʔ΁ͷӨ ڹɺؔ࿈͢Δ๏ن੍ɺϦεΫΞηεϝϯτͷΠϯϓοτͱ݁ՌͳͲ͕ ू໿͞Ε͍ͯΔ΋ͷ • AICoEͷΑ͏ͳɺϚϧνεςʔΫϗϧμʔ͕ؔ༩͢Δ૊৫͕ɺ ੜ੒AIͷϢʔεέʔεϓϩϑΝΠϧͷΑ͏ͳҰͭͷΩϟϯόεΛғΜͰ ٞ࿦͢ΔΑ͏ͳ࢖ΘΕํΛΠϝʔδ͍ͯ͠·͢

  133. What is a Generative AI Use Case Pro fi le?

    • ࣅͨΑ͏ͳࢥ૝ͷ΋ͷ͸ɺAmazon SageMaker ϞσϧΧʔυ͕͋Δ • Ϟσϧͷ࢖༻໨త΍ϦεΫධՁɺτϨʔχϯάͷৄࡉͱϝτϦΫεɺ ධՁ݁Ռͱॴݟɺߟྀࣄ߲ɺਪ঑ࣄ߲ɺΧελϜ৘ใͱ͍ͬͨͦͷଞ ͷ஫ҙࣄ߲ͳͲͷৄࡉ৘ใΛΧλϩάԽͨ͠΋ͷ • JSONεΩʔϚͰ·ͱΊΒΕ͍ͯΔ • ී௨ʹ΍ΔͳΒNotionʹ·ͱΊΔ͕ɺDX؍఺Ͱ͸γεςϜͰॲཧͰ͖Δ σʔλΧλϩάʹ͢Δͷ͕ཧ૝

  134. What is a Generative AI Use Case Pro fi le?

    • ʲNew!ʳAmazon AI αʔϏεΧʔυ͕ൃද (2024/11/30) • ૝ఆϢʔεέʔεɺ੍ݶࣄ߲ɺ੹೚͋ΔAIʹؔ͢ΔઃܭɺύϑΥʔ Ϛϯε࠷దԽͷϕετϓϥΫςΟεͳͲΛఏڙ • Amazon Rekognition Face Matching • Amazon Textract AnalyzeID • Amazon Transcribe – Batch (ӳޠ-ถࠃ) • Amazon Nova Reel / Canvas • Amazon Titan Image Generator • Amazon Titan Text Emveddings

  135. ݁ہɺϧʔϧΛ࡞ͬͯ ਓྗͰӡ༻͢Δͬͯ͜ͱʁ

  136. ϞχλϦϯάŋΤϯϑΥʔεϝϯτ෼໺ Ͱ෦෼తʹӡ༻Λॿ͚Δ΋ͷ͕ ग़࢝Ί͍ͯΔ

  137. Help with monitoring and enforcement • ͜ͷੜ੒AI࢖ͬͯྑ͍Ͱ͔͢ʁʹରԠ͢Δͷ͕େม • ૊৫ͰೝՄͨ͠ੜ੒AI͔͠࢖Θͤͨ͘ͳ͍Ͱ͟͝Δ •

    ੜ੒AIʹ౤ߘͨ͠ݸਓ৘ใΛɺϚεΫ͔ͯ͠Βੜ੒AIʹ౉͍ͨ͠ • RAGͰར༻ऀ͝ͱʹΞΫηεݖΛ੍ޚ͍ͨ͠ • ੜ੒AIΛߏ੒͢ΔΠϯϑϥετϥΫνϟͰͲ͏๷ޚ͢Ε͹͍͍ʁ • ੜ੒AIʹର͢ΔఢରతߦಈʹͲ͏ରॲ͢Ε͹͍͍ʁ • ੜ੒AIͷग़ྗ͕େৎ෉ͳͷ͔ΛͲ͏νΣοΫ͢Δʁ

  138. Help with monitoring and enforcement • ͜ͷੜ੒AI࢖ͬͯྑ͍Ͱ͔͢ʁʹରԠ͢Δͷ͕େม • ૊৫ͰೝՄͨ͠ੜ੒AI͔͠࢖Θͤͨ͘ͳ͍Ͱ͟͝Δ •

    ੜ੒AIʹ౤ߘͨ͠ݸਓ৘ใΛɺϚεΫ͔ͯ͠Βੜ੒AIʹ౉͍ͨ͠

  139. Help with monitoring and enforcement • ࢖ͬͯྑ͍ੜ੒AIπʔϧҰཡ • ໺ྑੜ੒AIΛձࣾࢦఆͷ ੜ੒AIʹ༠ಋ

    • ར༻ΛೝՄ͞Εͨੜ੒AI΁ͷ ೖྗσʔλͷαχλΠζ

  140. Help with monitoring and enforcement • ͜Ε࢖͑͹͍ʔΜ͡Όͳ͍ʁ • ࢒೦ͳ͕Βɺݱঢ়Ͱ͸೔ຊޠ؀ڥͰ࢖͍෺ʹͳΒͳ͍ •

    ࢥ૝͸͍͍͕ɺଟஈCASBతͳ࣮૷ʹͳΔͷ͕ߏ଄తͳ՝୊ • ݱ࣌఺ͷΧόʔൣғ͸ɺςΩετੜ੒ʹݶఆ͍ͯ͠Δ • CASB੡඼ʹऔΓࠐ·ΕΔͷ͕ཧ૝ʁʹݟ͑Δ (ݸਓͷײ૝Ͱ͢)

  141. Help with monitoring and enforcement • RAGͰར༻ऀ͝ͱʹΞΫηεݖΛ੍ޚ͍ͨ͠ • ݱ࣌఺Ͱ͸ɺAmazon Kendra

    ʴ Amazon Bedrock ͕ݱ࣮ղʁ • KendraͷϕΫτϧετΞʹσʔλιʔεͷACLΛ࣋ͨͤɺ ݕࡧ࣌ʹར༻ऀ৘ใΛجʹࢀরՄ൱Λ൑அ͢Δ • ʲSorry !ʳखݩͰ͸ະݕূͳͷͰੋඇࢼͯ͠Έͯ΄͍͠Ͱ͢ (FOFSBUJWF"*6TF$BTFT+1 ུশ(FO6  IUUQTHJUIVCDPNBXTTBNQMFTHFOFSBUJWFBJVTFDBTFTKQ

  142. Help with monitoring and enforcement • RAGͰར༻ऀ͝ͱʹΞΫηεݖΛ੍ޚ͍ͨ͠

  143. Help with monitoring and enforcement • ੜ੒AIΛߏ੒͢ΔΠϯϑϥετϥΫνϟͰͲ͏๷ޚ͢Ε͹͍͍ʁ • API GatewayͷखલʹCloudFrontΛ഑ஔͯ͠ŊAWS

    WAFͰ๷ޚ • API Gateway͸CloudFrontΛόΠύεͰ͖ͳ͍Α͏ʹ੍ݶ • Lambda Functionͷϩʔϧʹ͸࠷খݖݶΛ෇༩ • Dynamo DB΍ΧελϜLLM Ϟσϧʹ͸ɺ࠷௿ݶͷΞΫηεݖ ੜ੒"*ͷͨΊͷωοτϫʔΫڥքͰͷηΩϡϦςΟอޢ IUUQTBXTBNB[PODPNKQCMPHTOFXTOFUXPSLQFSJNFUFSTFDVSJUZQSPUFDUJPOTGPSHFOFSBUJWFBJ

  144. Help with monitoring and enforcement • ੜ੒AIΛߏ੒͢ΔΠϯϑϥετϥΫνϟͰͲ͏๷ޚ͢Ε͹͍͍ʁ ੜ੒"*ͷͨΊͷωοτϫʔΫڥքͰͷηΩϡϦςΟอޢ IUUQTBXTBNB[PODPNKQCMPHTOFXTOFUXPSLQFSJNFUFSTFDVSJUZQSPUFDUJPOTGPSHFOFSBUJWFBJ

  145. Help with monitoring and enforcement • ੜ੒AIʹର͢ΔఢରతߦಈʹͲ͏ରॲ͢Ε͹͍͍ʁ • Amazon Bedrock

    GuardrailsͰೖग़ྗͷ҆શੑͱϓϥΠόγʔΛ੍ޚ • ίϯςϯπϑΟϧλʔ • τϐοΫͷڋ൱ • ίϯςϯπ άϥ΢ϯσΟϯά νΣοΫ "NB[PO#FESPDL(VBSESBJMTΛ࢖༻ͯ͠Ϟσϧ಺ͷ༗֐ίϯςϯπΛఀࢭ͢Δ IUUQTEPDTBXTBNB[PODPNCFESPDLMBUFTUVTFSHVJEFHVBSESBJMTIUNM • ػີ৘ใϑΟϧλʔ • ୯ޠϑΟϧλʔ

  146. Help with monitoring and enforcement • ੜ੒AIͷग़ྗΛͲ͏νΣοΫ͢Δʁ • ʲPreviewʳAmazon Bedrock

    Guardrails͕৽ͨʹAutomated Reasoning Check (ࣗಈਪ࿦ʹΑΔνΣοΫ) ʹରԠ • ૊৫ͷϧʔϧ΍ϓϩηεɺΨΠυϥΠϯΛදݱ͢Δࣗಈਪ࿦ϙϦ γʔΛ࡞੒ͯ͠ɺLLMͷग़ྗ͕ཁ݅ʹ߹க͍ͯ͠Δ͔Λݕূ 1SFWFOUGBDUVBMFSSPSTGSPN--.IBMMVDJOBUJPOTXJUINBUIFNBUJDBMMZTPVOE"VUPNBUFE3FBTPOJOHDIFDLT QSFWJFX  IUUQTBXTBNB[PODPNKQCMPHTBXTQSFWFOUGBDUVBMFSSPSTGSPNMMNIBMMVDJOBUJPOTXJUINBUIFNBUJDBMMZTPVOEBVUPNBUFE SFBTPOJOHDIFDLTQSFWJFX

  147. Help with monitoring and enforcement • ੜ੒AIͷग़ྗΛͲ͏νΣοΫ͢Δʁ • ʲPreviewʳAmazon Bedrock

    GuardrailsͷϚϧνϞʔμϧ༗֐ੑݕ ஌ػೳΛαϙʔτ • ༗֐ͳՄೳੑͷ͋Δը૾ίϯςϯπͷݕग़ͱϑΟϧλϦϯά • ҰͭͷΞϓϦέʔγϣϯͰςΩετͱը૾ʹಉ࣌ʹରԠ "NB[PO#FESPDL(VBSESBJMTTVQQPSUTNVMUJNPEBMUPYJDJUZEFUFDUJPOGPSJNBHFDPOUFOU 1SFWJFX  IUUQTBXTBNB[PODPNKQBCPVUBXTXIBUTOFXBNB[POCFESPDLHVBSESBJMTNVMUJNPEBMUPYJDJUZEFUFDUJPOJNBHF DPOUFOUQSFWJFX

  148. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  149. realistic solution • ੜ੒AIΛར༻͢Δཱ৔ͷ૊৫΍খن໛ͳ։ൃɾӡ༻ɾൢച͢Δ૊৫Ͱ ͋Ε͹ɺΨόφϯεΛ؆ૉԽͰ͖Δ༨஍͸͋Δ • ҰํͰɺେن໛ͳੜ੒AIΛ։ൃɾӡ༻ɾൢച͢Δཱ৔ͷ૊৫͸ɺ ϑϧαΠζʹ͍ۙରԠ͕ඞཁʹͳΓͦ͏ • ׆࿏͸ɺNIST

    Cyber Security Framework v2.0ʹ͋Γ

  150. What is governance? [rePrint] • NIST CSF 2.0ʹ͓͚ΔʮGovernʢ౷࣏ʣʯͷΧςΰϦ • ૊৫తจ຺

    • ϦεΫϚωδϝϯτઓུ • ໾ׂ / ੹೚ / ݖݶ • ϙϦγʔ • ؂ಜ • αΠόʔηΩϡϦςΟαϓϥΠνΣʔϯϦεΫϚωδϝϯτ

  151. ཁ͸ର৅ͷࣄฑʹରͯ͠ ઓུʹج͍ͮͨϙϦγʔΛ࡞Γ ϙϦγʔΛ਱ߦ͢ΔͨΊͷ૊৫ΛఆΊ ੹೚/໾ׂ/ݖݶΛׂΓৼΓ ؂ࢹ͢Δ͜ͱ

  152. One Realistic Solution • ؆қతͳϑϨʔϜʹϢʔεέʔεΛ౰ͯ͸ΊͯϦεΫͷϞσϧԽ͠ɺ AIγεςϜ͕΋ͨΒ͠ಘΔਖ਼ෛͷΠϯύΫτͱAIγεςϜͷ։ൃ΍ࣾ ձతड༰ɺࣗࣾͷࣄۀൣғʹরΒͯ͠ෛͷΠϯύΫτ͕ܰඍͰ͸ͳ͍ ͱ൑அͨ͠৔߹͸ɺରԠࡦΛߨ͡Δ • จॻԽͯ͠ɺܾఆͷܦҢΛه࿥͢Ε͹ཱ೿ͳΨόφϯε

    • CASB/SWGͳͲͰੜ੒AIͷར༻ঢ়گͷ؂ࢹͱ૊Έ߹Θͤͯɺ ࣮ޮྗΛ޲্Ͱ͖Δ

  153. ճͯ͠ΈΔͱ ҙ֎ͱΠέ·͢Α

  154. conclusion • طଘͷϓϥΠόγʔͱηΩϡϦςΟͷΨόφϯεͷ࿮૊Έʹɺੜ੒AI ͷ؍఺ͷϦεΫϚωδϝϯτΛೖΕΔࣄͰɺੜ੒AIͷΨόφϯεΛػ ೳͤ͞ΔԼ஍͸Ͱ͖ͦ͏ • ੜ੒AIͷΨόφϯεΛ࣮ࢪ͢Δ্Ͱ͸ɺϦεΫΞηεϝϯτ (ಛʹϦεΫͷϞσϧԽͷ෦෼) ͸ෆ଍͕ͪ͠ͳ෦෼ •

    ͜͜Λࢧԉ͢Δ΋ͷ͕ݱΕΔͱ͍Ζ͍ΖḿΓͦ͏

  155. conclusion • ੜ੒AIͷΨόφϯε͸ɺෳ਺ͷεςʔΫϗϧμʔ͕ࢀর͢Δ ༷ʑͳ৘ใΛ؅ཧ͢Δඞཁ͕͋ΔͷͰɺͦͷड͚ࡼͱͳΔ࢖͍қ͍ Ωϟϯόε͕͋ΔͱḿΓͦ͏ • Ψόφϯεʹ͸ϞχλϦϯά͕ෆՄܽͳͷͰɺϞχλϦϯάͷ࢓ํ΋ߟ ͑ͳ͕ΒɺϞσϧ΍ΞʔΩςΫνϟɺ࢖͍ํΛݕ౼͠·͠ΐ͏

  156. Thank you !

  157. Appendix • ਓؒத৺ͷ AI ࣾձݪଇɹฏ੒̏̍೥݄̏̎̕೔ ౷߹Πϊϕʔγϣϯઓུਪਐձܾٞఆ • https://www8.cao.go.jp/cstp/ai/aigensoku.pdf • զ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1 • https://www.meti.go.jp/shingikai/mono_info_service/ai_shakai_jisso/2021070901_report.html • AI ݪଇ࣮ફͷͨΊͷ ΨόφϯεɾΨΠυϥΠϯ Ver. 1.1 • https://www.meti.go.jp/shingikai/mono_info_service/ai_shakai_jisso/pdf/20220128_1.pdf • AIࣄۀऀΨΠυϥΠϯʢୈ1.0൛ʣ • https://www.meti.go.jp/press/2024/04/20240419004/20240419004.html

  158. Appendix • The NIST Cybersecurity Framework (CSF) 2.0 • https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

    • NIST Privacy Framework • https://www.manageengine.jp/solutions/nist_publications/nist_pf/lp/ • NIST AIϦεΫϚωδϝϯτϑϨʔϜϫʔΫ • https://aisi.go.jp/2024/07/04/ai_nist_rmf_ja_news/

  159. Appendix • AIެฏੑɾઆ໌ՄೳAIʢXAIʣͷ֓આͱಈ޲ - ೔ຊ૯ݚ • https://www.jri.co.jp/MediaLibrary/ fi le/column/opinion/pdf/13846.pdf •

    Interpretable Machine Learning • https://christophm.github.io/interpretable-ml-book/interpretability-importance.html • AIϚωδϝϯτγεςϜͷࠃࡍن֨ISO/IEC 42001ʹ͍ͭͯͷղઆ • https://kpmg.com/jp/ja/home/insights/2024/04/isoiec42001-explanation.html • LLM AI αΠόʔηΩϡϦςΟͱΨόφϯεͷνΣοΫϦετɹʙɹࣦഊ͠ͳ͍େن໛ݴޠϞσϧಋೖͷͨΊʹɹʙ • https://owasp.org/www-project-top-10-for-large-language-model-applications/llm-top-10-governance-doc/ LLM_AI_Security_and_Governance_Checklist-v1_1_JP.pdf

  160. Appendix • OWASP Top 10 େن໛ݴޠϞσϧΞϓϦέʔγϣϯ • https://github.com/coky-t/owasp-top-10-for-large-language-model-applications-ja • ϓϩϑΝΠϦϯάʹؔ͢Δ࠷ऴఏݴ

    - ࣗओతऔ૊Έʹؔ͢ΔνΣοΫϦετ - ύʔιφϧσʔλ+αݚڀձ • https://wp.shojihomu.co.jp/wp-content/uploads/2022/04/ef8280a7d908b3686f23842831dfa659.pdf • DX࣌୅ʹ͓͚ΔاۀͷϓϥΠόγʔΨόφϯεΨΠυϒοΫver1.1 • https://www.meti.go.jp/policy/it_policy/privacy/guidebook11.pdf • AWS ੜ੒ AI ϕετϓϥΫςΟεϑϨʔϜϫʔΫ v2 • https://docs.aws.amazon.com/ja_jp/audit-manager/latest/userguide/aws-generative-ai-best-practices.html

  161. Appendix • ੹೚͋Δ AI ͷϕετϓϥΫςΟε: ੹೚͋Δ৴པͰ͖Δ AI γεςϜͷଅਐ • https://aws.amazon.com/jp/blogs/news/responsible-ai-best-practices-promoting-responsible-and-trustworthy-ai-systems/

    • OWASP Top 10 for LLM Λ׆༻ͨ͠ੜ੒ AI ΞϓϦέʔγϣϯͷଟ૚๷ޚηΩϡϦςΟઃܭ • https://aws.amazon.com/jp/blogs/news/architect-defense-in-depth-security-for-generative-ai-applications-using-the- owasp-top-10-for-llms/ • ੜ੒ AI ͷͨΊͷωοτϫʔΫڥքͰͷηΩϡϦςΟอޢ • https://aws.amazon.com/jp/blogs/news/network-perimeter-security-protections-for-generative-ai/ • Amazon Bedrock Guardrails Λ࢖༻ͯ͠Ϟσϧ಺ͷ༗֐ίϯςϯπΛఀࢭ͢Δ • https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html