Upgrade to Pro — share decks privately, control downloads, hide ads and more …

生成AIのガバナンスの全体像と現実解

Avatar for fnifni fnifni
December 17, 2024
Technology
2
350

 生成AIのガバナンスの全体像と現実解

本スライドは、2024/12/18に開催された第111回日本クラウドセキュリティアライアンス勉強回にて登壇した際の投影資料です。
This slide presentation was made at the 111th Japan Cloud Security Alliance Study Session held on 12/18/2024.
https://www.cloudsecurityalliance.jp/site/?page_id=35676

#genai #governance #csa
Avatar for fnifni

fnifni

December 17, 2024
Tweet

More Decks by fnifni

See All by fnifni
生成AIのガバナンスとこれから
Avatar for fnifni fnifni
0
150
AWS re:Inforce 2024 に コミュニティから登壇してきた話
Avatar for fnifni fnifni
0
44
COM224: How organizations are actually applying AWS security best practices
Avatar for fnifni fnifni
0
60
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
Avatar for fnifni fnifni
0
52
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
Avatar for fnifni fnifni
0
120
信頼ルールはGoogle Drive共有の孫の手になるか?
Avatar for fnifni fnifni
0
290
ゼロトラスト導入支援ってどんなことやってるの?
Avatar for fnifni fnifni
0
61
ログの話
Avatar for fnifni fnifni
0
60
re:Inforce 2021 ReCap
Avatar for fnifni fnifni
0
190

Other Decks in Technology

See All in Technology
PHPでWebブラウザのレンダリングエンジンを実装する
Avatar for ディップ株式会社 dip_tech
PRO
0
200
Definition of Done
Avatar for Yasunobu Kawaguchi kawaguti
PRO
6
480
AIエージェント最前線! Amazon Bedrock、Amazon Q、そしてMCPを使いこなそう
Avatar for みのるん minorun365
PRO
13
4.8k
CI/CD/IaC 久々に0から環境を作ったらこうなりました
Avatar for Kaz Watanabe kaz29
1
160
Observability infrastructure behind the trillion-messages scale Kafka platform
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
140
[TechNight #90-1] 本当に使える? ZDMの 新機能を実践検証してみた
Avatar for oracle4engineer oracle4engineer
PRO
3
170
プロダクトエンジニアリング組織への歩み、その現在地 / Our journey to becoming a product engineering organization
Avatar for hiro-torii hiro_torii
0
120
A2Aのクライアントを自作する
Avatar for Ryunosuke Iwai rynsuke
1
170
mrubyと micro-ROSが繋ぐロボットの世界
Avatar for Katsuhiko Kageyama kishima
2
150
VCpp Link and Library - C++ breaktime 2025 Summer
Avatar for Akiko Kawai harukasao
0
240
Liquid Glass革新とSwiftUI/UIKit進化
Avatar for Fumiya Sakai fumiyasac0921
0
180
Agentic Workflowという選択肢を考える
Avatar for takuya kikuchi tkikuchi1002
1
480

Featured

See All Featured
Done Done
Avatar for chrislema chrislema
184
16k
Fireside Chat
Avatar for paigeccino paigeccino
37
3.5k
Imperfection Machines: The Place of Print at Facebook
Avatar for Scott Boms scottboms
267
13k
Raft: Consensus for Rubyists
Avatar for Patrick Van Stee vanstee
140
7k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
231
18k
Put a Button on it: Removing Barriers to Going Fast.
Avatar for kastner kastner
60
3.9k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
54
6.4k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
130
19k
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
23
3.5k
StorybookのUI Testing Handbookを読んだ
Avatar for Shingo Yamazaki zakiyama
30
5.8k

Transcript

  1. Governance of Generative AI The overall picture and real-world solutions

    for the governance of generative AI. Hirokazu Yoshida / 2024.12.18 / At the Cloud Security Alliance Study Session #111

  2. ੜ੒AIͷΨόφϯε ੜ੒AIͷΨόφϯεͷશମ૾ͱݱ࣮ղ ٢ాͻΖ͔ͣ / 2024.12.18 / ୈ111ճ Cloud Security Allianceษڧձʹͯ

  3. Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job

    : Security Engineer & Director Community : Security-JAWS Founder Certi fi cation : ɹɹɹPIIP / PIPM Recent work : General Security ɹData Governance / Zero Trust ɹSIEM / EDR / SASE, DLP…etc CySec : 2nd Graduates
  4. None

  5. Attention ! • ຊηογϣϯͷ಺༰͸ɺݸਓͷݟղͰ͋Γɺಛఆͷஂମͷओு΍ҙݟ Λࣔ͢΋ͷͰ͸͋Γ·ͤΜ

  6. ಥવͰ͕͢

  7. ੜ੒AIͷ੎͍͸Ϡό͍Ͱ͢Ͷ(ޠኮྗ)

  8. Trend Trends in Generated AI (subjective) • ~2022/11: ChatGPTҎલ͸ઐ༻AI͕ओྲྀ (

    ғޟ, ҩྍ, ੡඼඼࣭etc…) • 2023/1~6: ڪΖ͘͠൚༻తͰݡ͍gpt-3.5Λ࢖ͬͨاۀઐ༻ChatGPTߏஙϒʔϜ • 2023/7-12: اۀઐ༻ChatGPTݬ໓͔ΒͷRAGϒʔϜ ( OpenAIத৺ ) • 2024/1-6: ੜ੒AIઓࠃ࣌୅ ( SaaS౥ࡌAI, ೖྗtokenര૿, Anthropic/Googleͷ୆಄, Claud-3͕ IQ100௒͑) • 2024/7-10: ௚ۙͷτϨϯυ ( ࠷ڧAI͕2िସΘΓ,௿ίετԽͱੑೳڧԽ, ग़ྗtokenര૿, GPT-4o ϚϧνϞʔμϧ/ϘΠεϞʔυ, ChatGPTߴ౓ͳԻ੠Ϟʔυ, ChatGPT-o1ෳࡶͳਪ࿦ܭࢉʹಛԽ, GitHub SparkͰର࿩͠ͳ͕ΒΞϓϦ։ൃ, ClaudeͰPC্ͷλεΫΛ୅ཧ࣮ߦ)

  9. ΋ͷ͍͢͝଎౓ͷਐԽ/ൃల/ల։ ҰํͰ໌Β͔ʹͳΔϦεΫ

  10. Risks posed by AI • όΠΞεͷ͋Δ݁Ռ΍ࠩผతͳ݁Ռͷग़ྗ • ϑΟϧλʔόϒϧɺΤίʔνΣϯόʔݱ৅ • ଟ༷ੑͷ૕ࣦ

    • ෆద੾ͳݸਓ৘ใͷऔѻ͍ • ੜ໋ɾ਎ମɾࡒ࢈ͷ৵֐ • ϒϥοΫϘοΫεԽɺ൑அʹؔ͢Δઆ໌ཁٻ • ΤωϧΪʔ࢖༻ྔٴͼ؀ڥͷෛՙ • ػີ৘ใͷྲྀग़ • ѱ༻ • ϋϧγωʔγϣϯ • ِ৘ใɺޡ৘ใΛӏವΈʹ͢Δ͜ͱ • ஶ࡞ݖͱͷؔ܎ • ࢿ֨౳ͱͷؔ܎ • όΠΞεͷ࠶ੜ੒ "*ࣄۀऀΨΠυϥΠϯʢୈ൛ʣ IUUQTXXXNFUJHPKQQSFTTIUNM

  11. ͦΜͳத AIʹର͢Δࣾձతͳૌٻ͕׆ൃʹ

  12. Social appeal for AI governance • EU AI Act •

    AIγεςϜͷ։ൃ΍ར༻ʹؔ͢Δن੍๏Ͱ͋Γɺੈքॳͷแׅత ͳAIن੍ ( 2024/5 EUධٞձʹͯ࠷ऴঝೝ ) • 2022೥11݄Ҏ߱ͷChat GPT౳ͷੜ੒AIͷ୆಄Λड͚ͯɺ౰ॳҊ Ͱ͸໌֬ʹ͸ن੍ର৅ͱͳ͍ͬͯͳ͔ͬͨʮ൚༻໨తܕAIϞσ ϧʯʹ͍ͭͯ΋ɺಠࣗͷن੍͕ઃ͚ΒΕΔํ਑ͱͳͬͨ ਓ޻஌ೳʢ"*ʣ๏ɿධٞձ͕"*ʹؔ͢Δੈքॳͷنଇʹ࠷ऴঝೝ IUUQTXXXDPOTJMJVNFVSPQBFVFOQSFTTQSFTTSFMFBTFTBSUJ fi DJBMJOUFMMJHFODFBJBDUDPVODJMHJWFT fi OBMHSFFOMJHIUUPUIF fi STUXPSMEXJEFSVMFTPOBJ

  13. Social appeal for AI governance • EU AI Act (

    ͬ͘͟Γղઆ ) • ʮAIγεςϜʯͱʮ൚༻ੜ੒AIγεςϜϞσϧʯΛఆٛ • ʮఏڙऀ (։ൃऀ, ্ࢢऀ, ӡ༻ऀ)ʯͱʮར༻ऀʯʹରͯ͠ • ݸਓతͰඇ৬ۀతͳར༻ʹ͍ͭͯ͸ର৅֎ • 4ஈ֊ͷϦεΫͷఔ౓ʹԠͨ͡ن੍ΛఆΊͨ ( ੍ࡋنఆ͋Γ )

  14. Social appeal for AI governance • EU AI Act ͷ4ஈ֊ͷϦεΫͷఔ౓ʹԠͨ͡ن੍

    ( ͬ͘͟Γղઆ )

  15. Social appeal for AI governance • ਓؒத৺ͷ AI ࣾձݪଇ •

    2019 ೥ 5݄ʹ࠾୒͞ΕͨOECD ͷ AI קࠂҊʹج͍ͮͯɺ౷߹Πϊϕʔγϣϯઓ ུਪਐձٞ ( ಺ֳ෎ ) ͕ܾఆͨ͠ • ࣾձશମ͕ओମͱͳΓ࣮ݱ͢΂͖ AI ࣾձݪଇ͕ఆΊΒΕΔͱͱ΋ʹɺ͜ͷݪଇ Λ౿·͑ͯɺAI ͷ։ൃɾӡ༻౳ͷ౰ࣄऀͱͳΔࣄۀऀ͕ɺ֤ࣗͷ AI ͷ։ൃɾӡ ༻౳ͷ໨త΍ํ๏౳ʹԠ͡ɺ࣮ࢪ͢΂͖໨ඪʢAI ։ൃར༻ݪଇʣΛࣗΒఆΊɺ९ क͢΂͖Ͱ͋Δ 0&$%೔ຊ੓෎୅ද෦ʮ"*ʢਓ޻஌ೳʣʹؔ͢Δཧࣄձקࠂ͕࠾୒͞Ε·ͨ͠ ೥݄೔ ʯ IUUQTXXXPFDEFNCKBQBOHPKQJUQS@KB@IUNM

  16. Social appeal for AI governance • ਓؒத৺ͷ AI ࣾձݪଇ •

    ᶃਓؒத৺ͷݪଇ • ᶄڭҭɾϦςϥγʔͷݪଇ • ᶅϓϥΠόγʔ֬อͷݪଇ • ᶆηΩϡϦςΟ֬อͷݪଇ "*ݪଇ࣮ફͷͨΊͷΨόφϯεɾΨΠυϥΠϯ7FS IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFBJ@TIBLBJ@KJTTPQEG@QEG • ᶇެਖ਼ڝ૪֬อͷݪଇ • ᶈެฏੑɺઆ໌੹೚ٴͼಁ໌ ੑͷݪଇ • ᶉΠϊϕʔγϣϯͷݪଇ

  17. Algorithmic Accountability Act of 2022 • ΞϧΰϦζϜઆ໌੹೚๏ ( 2022೥ถࠃٞձԼӃఏग़ )

    • اۀ͕࢖༻ɾൢച͢ΔࣗಈԽγεςϜͷӨڹΛධՁ͢Δ͜ͱΛٻ ΊɺࣗಈԽγεςϜ͕͍ͭɺͲͷΑ͏ʹ࢖༻͞Ε͍ͯΔ͔ʹ͍ͭ ͯ৽ͨͳಁ໌ੑΛ૑ग़͠ɺফඅऀ͕ॏཁͳҙࢥܾఆͷࣗಈԽʹͭ ͍ͯे෼ͳ৘ใΛಘ্ͨͰબ୒Ͱ͖ΔΑ͏ʹ͢Δ΋ͷͰ͋Δɻ "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFS IUUQTXXXXZEFOTFOBUFHPWJNPNFEJBEPD "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFSQEG

  18. Algorithmic Accountability Act of 2022 (Excerpts) • ͢ͰʹࣗಈԽ͞Ε͍ͯΔҙࢥܾఆϓϩηεΛؚΊɺاۀ͕ॏཁͳҙࢥܾఆΛ ࣗಈԽ͢Δ͜ͱʹΑΔӨڹΛධՁ͢ΔͨΊͷجຊతͳཁ݅Λఏڙ͢Δɻ •

    ถ࿈๜औҾҕһձ ( FTC ) ʹର͠ɺධՁͱใࠂͷͨΊͷߏ଄Խ͞ΕͨΨΠυ ϥΠϯΛఏڙ͢Δن੍Λઃ͚Δɻ • ॏཁͳҙࢥܾఆΛߦ͏اۀͱɺͦͷϓϩηεΛՄೳʹ͢Δٕज़Λߏங͢Δا ۀͷ૒ํ͕ɺӨڹΛධՁ͢Δ੹೚Λෛ͏Α͏ʹ͢Δɻ • બ୒ͨ͠ӨڹධՁจॻͷFTC΁ͷใࠂΛٛ຿෇͚Δɻ

  19. ཁ͸AIͷ։ൃ΍ར׆༻ʹ͍ͭͯ ૊৫ͱͯ͠ΨόφϯεΛޮ͔ͤΖ ͱ͍͏͜ͱ

  20. ͦ΋ͦ΋ΨόφϯεͬͯԿʁ

  21. What is governance? • ޠҙͱͯ͠͸ʮ౷࣏ɺࢧ഑ɺ؅ཧʯ • ◦◦◦ΨόφϯεͳͲɺ઀ଓ͢Δݴ༿ʹΑͬͯҙຯ߹͍͕มΘΔ • จ຺ʹΑͬͯඍົʹҙຯ͕มΘΔͷͰɺఆٛ͸ཁ֬ೝ •

    ͜͜Ͱ͸ɺňੜ੒AIͷ։ൃɾఏڙɾར׆༻Λ૊৫͕ఆΊͨͱ͓Γʹ ίϯτϩʔϧ͢Δ͜ͱʼnͱఆٛ͠·͢ • NIST CSF 2.0ͰʮGovernʢ౷࣏ʣʯ͕௥Ճ͞Εͨ

  22. What is governance? • NIST CSF 2.0ʹ͓͚ΔʮGovernʢ౷࣏ʣʯ • ૊৫ͷഎܠͷཧղɺαΠόʔηΩϡϦςΟઓུ ͱαΠόʔηΩϡϦςΟɾαϓϥΠνΣʔϯɾϦ

    εΫͷཱ֬ɺ໾ׂɺ੹೚ɺݖݶɺํ਑ɺαΠόʔ ηΩϡϦςΟઓུͷ؂ࢹʹऔΓ૊Ή΋ͷ • ૊৫ͷϛογϣϯͱར֐ؔ܎ऀͷظ଴ʹরΒ͠ ͯɺଞͷ5ͭͷػೳͷ੒ՌΛୡ੒͠ɺ༏ઌॱҐΛ ͚ͭΔͨΊʹ૊৫͕ԿΛ͢΂͖͔ࣔͨ͢Ίͷ੒ ՌΛఏڙ͢Δ

  23. What is governance? • NIST CSF 2.0ʹ͓͚ΔʮGovernʢ౷࣏ʣʯͷΧςΰϦ • ૊৫తจ຺ •

    ϦεΫϚωδϝϯτઓུ • ໾ׂ / ੹೚ / ݖݶ • ϙϦγʔ • ؂ಜ • αΠόʔηΩϡϦςΟαϓϥΠνΣʔϯϦεΫϚωδϝϯτ

  24. ཁ͸ର৅ͷࣄฑʹରͯ͠ ઓུʹج͍ͮͨϙϦγʔΛ࡞Γ ϙϦγʔΛ਱ߦ͢ΔͨΊͷ૊৫ΛఆΊ ੹೚/໾ׂ/ݖݶΛׂΓৼΓ ؂ࢹ͢Δ͜ͱ

  25. ͦΜͳ͜ͱ஌ͬͯΒ͊ʂ

  26. Ͱ͸ʮੜ੒AIͷʯΨόφϯεͱͳΔͱ ్୺ʹख͕ࢭ·Δͷ͸ͳͥʁ

  27. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  28. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  29. ࢀߟυΩϡϝϯτ͋Δ΍Ζʁ

  30. Excerpts of documentation on governance of generative AI • LLM

    AI αΠόʔηΩϡϦςΟͱΨόφϯεͷνΣοΫϦετ • զ͕ࠃͷAIΨόφϯεͷࡏΓํ ver. 1.1 • AI ݪଇ࣮ફͷͨΊͷ ΨόφϯεɾΨΠυϥΠϯ Ver. 1.1 • AIࣄۀऀΨΠυϥΠϯʢୈ1.0൛ʣ • AWS ੜ੒ AI ϕετϓϥΫςΟεϑϨʔϜϫʔΫ v2 • NIST AIϦεΫϚωδϝϯτϑϨʔϜϫʔΫ • ISO/IEC 42001 ( AI ϚωδϝϯτγεςϜ)

  31. ࢥͬͨΑΓͨ͘͞Μग़ͯͯ;͊ʔ

  32. ಡΜͰΈΔͱཻ౓όϥόϥͩ͠ ͲΕࢀߟʹ͢Ε͹͍͍ͷʁʼʻ

  33. ॻ͍ͯ͋Δ͜ͱ΋ଟذʹΘͨΔ શ͘৽͍͠࿮૊Έ΍औΓ૊ΈΛ ͠ͳ͍ͱ͍͚ͳ͍ʁ

  34. ͦΜͳΘ͚Ͱ ੔ཧͯ͠Έ·ͨ͠

  35. • ಠஅͱภݟͰ੔ཧ͠·ͨ͠ • ҟ࿦͸ೝΊ·͢ • ͜ͷେ࿮ͷϕʔε͸ɺ ʮզ͕ࠃͷAIΨόφϯεͷ ࡏΓํ ver. 1.1ʯΛࢀߟ

    • ͜ΕΛݟͳ͕Β࿩͠·͢ big picture

  36. • ಠஅͱภݟͰ੔ཧ͠·ͨ͠ • ҟ࿦͸ೝΊ·͢ • ͜ͷେ࿮ͷϕʔε͸ɺ ʮզ͕ࠃͷAIΨόφϯεͷ ࡏΓํ ver. 1.1ʯΛࢀߟ

    • ͜ΕΛݟͳ͕Β࿩͠·͢ big picture https://bit.ly/genai-gov-structure

  37. ͱɺͦΕͧΕͷղઆͱ֤࿦ʹೖΔલʹ

  38. ࣮͸མͱ͠Ͳ͜Ζ͕༻ҙ͞Ε͍ͯ·͢

  39. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • ๏త߆ଋྗͷͳ͍اۀΨόφϯεΨΠυϥΠϯ͕๬·͍͕͠ɺ ݪଇ͔ΒاۀΨόφϯε΁ͷม׵͕༰қͰ͸ͳ͍ • νΣοΫϦετ͸ɺ൒͹ٛ຿ͷΑ͏ʹܗࣜతͳෛ୲૿ʹͳΔݒ೦ ͕͋ΔͷͰ޷·͘͠ͳ͍͕ɺܦݧ͕ෆ଍͍ͯ͠Δ૊৫޲͚ʹ༻ҙ ͤ͟ΔΛಘͳ͍

  40. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • ϦεΫϕʔεͷϚωδϝϯτ • ඞཁҎ্ʹજࡏతͳϦεΫ΁ͷݒ೦ͰAIͷར׆༻્͕֐͞ΕΔ Մೳੑ͕͋Δ • খن໛ͳར׆༻ͱେن໛ͳར׆༻ͰҟͳΔͷͰɺϦεΫධՁ΍ ϚωδϝϯτͷࡏΓํΛఏڙ͢Δ͜ͱͰɺAIͷࣾձ࣮૷Λଅਐ Ͱ͖Δ

  41. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • தؒతͳΨΠυϥΠϯͷΞ΢τϥΠϯ • AI ར׆༻ͷج൫࡞Γɿऔ૊ΈͷશࣾԽɺAI Ψόφϯε΁ͷҙࣝ޲্ɺAI Ϧ ςϥγʔͷ޲্ • AI γεςϜͷ։ൃɾಋೖɿϓϦϯγϓϧͷ࡞੒ɺϚωδϝϯτମ੍ͷ੔උɺ ΤεΧϨʔγϣϯϓϩηεͷཱ֬ɺϦεΫϚωδϝϯτϓϩηεͷࡦఆ • AI γεςϜͷӡ༻ɿϞχλϦϯάɺ಺෦؂ࠪɺ֎෦ධՁͷ׆༻ɺεςʔΫϗ ϧμʔͱͷؔ܎ߏஙɺվળͱਐḿ؅ཧ

  42. Landing Points on the Governance of Generative AI • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1ʯΑΓ • ݱ࣌఺Ͱ͸ɺ๏త߆ଋྗͷ͋Δن੍ʹ͍ͭͯ͸ෆཁ • ैۀһͱͷԣͷͭͳ͕Γ͕伴ʂͱ͍ͯ͠Δ

  43. Ͱ͸ɺ֤࿦

  44. ҰମԿΛͨͯ͘͠ ੜ੒AIͷΨόφϯεʹऔΓ૊Ήͷ͔

  45. ҰମԿΛͨͯ͘͠ ੜ੒AIͷΨόφϯεʹऔΓ૊Ήͷ͔

  46. ਓؒத৺ͷAIࣾձݪଇΛ࣮ݱ͍ͨ͠

  47. We want to realize human-centered AI social principles. • ฏ੒̏̍೥݄̏̎̕೔

    ౷߹Πϊϕʔγϣϯઓུਪਐձܾٞఆ • ਓؒத৺ͷAIࣾձݪଇͱ͸ɺجຊཧ೦ͱϏδϣϯΛࢧ͑Δ΋ͷ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  48. We want to realize human-centered AI social principles. • جຊཧ೦

    • ਓؒͷଚݫ͕ଚॏ͞ΕΔࣾձ(Dignity) • ଟ༷ͳഎܠΛ࣋ͭਓʑ͕ଟ༷ͳ޾ͤΛ௥ٻͰ͖Δࣾձ (Diversity & Inclusion) • ࣋ଓੑ͋Δࣾձ(Sustainability) ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  49. We want to realize human-centered AI social principles. • ϏδϣϯɿSociety

    5.0 ࣮ݱʹඞཁͳࣾձมֵʮAI-Ready ͳࣾձʯ • ࣾձશମ͕ AI ʹΑΔศӹΛ࠷େݶʹڗड͢ΔͨΊʹඞཁͳมֵ͕ߦ ΘΕɺAI ͷԸܙΛڗड͍ͯ͠Δɺ·ͨ͸ɺඞཁͳ࣌ʹ௚ͪʹ AI Λ ಋೖͦ͠ͷԸܙΛಘΒΕΔঢ়ଶʹ͋ΔɺʮAI ׆༻ʹରԠͨࣾ͠ձʯ • ߏ੒ཁૉ͸ʮਓʯ,ʮࣾձγεςϜʯ,ʮ࢈ۀߏ଄ʯ,ʮΠϊϕʔγϣϯ γεςϜ(ΠϊϕʔγϣϯΛࢧԉ͢Δ؀ڥ)ʯ,ʮΨόφϯεʯ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  50. We want to realize human-centered AI social principles. • Ϗδϣϯͷߏ੒ཁૉɿʮAI-Ready

    ͳࣾձʯͷΨόφϯε • ͦͷଞͷϏδϣϯͷߏ੒ཁૉʹ͍ͭͯٞ࿦͞ΕΔ಺༰΍໨తઃఆ Λߋ৽͢Δඞཁ͕͋Γɺ༷ʑͳεςʔΫϗϧμʔ͕ڠಇͯ͠ɺ ϧʔϧɺ੍౓ɺඪ४Խɺߦಈنൣ౳ͷΨόφϯεʹ͍ͭͯ໰୊Λ ઃఆɾධՁɾҙࢥܾఆΛߦ͏͜ͱɻ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  51. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    • ਓؒத৺ͷݪଇ • ڭҭϦςϥγʔͷݪଇ • ϓϥΠόγʔͷݪଇ • ηΩϡϦςΟͷݪଇ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG • ެฏੑɺઆ໌੹೚͓Αͼ ಁ໌ੑͷݪଇ • ެฏڝ૪֬อͷݪଇ • Πϊϕʔγϣϯͷݪଇ

  52. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    • ਓؒத৺ͷݪଇ • ڭҭϦςϥγʔͷݪଇ • ϓϥΠόγʔͷݪଇ • ηΩϡϦςΟͷݪଇ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG • ެฏੑɺઆ໌੹೚͓Αͼ ಁ໌ੑͷݪଇ • ެฏڝ૪֬อͷݪଇ • Πϊϕʔγϣϯͷݪଇ

  53. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    : ਓؒத৺ͷݪଇ • AI͸ಓ۩Ͱ͋ΓɺਓؒͷೳྗΛ֦ு͢Δ΋ͷͰ͋ΔɻͦͷͨΊɺ AI͕΋ͨΒ݁͢Ռͷ੹೚͸ਓؒͰ͋ΔͨΊɺڭҭ΍దਖ਼ʹར༻Ͱ ͖ΔΑ͏ͷ࢓૊ΈΛಋೖ͢Δ͜ͱɻ͢΂ͯͷਓ͕AIͷԸܙΛڗड Ͱ͖ΔΑ͏࢖͍қ͍γεςϜͷ࣮ݱʹ഑ྀ͢Δ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  54. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    : ϓϥΠόγʔอޢͷݪଇ • େݪଇͱͯ͠ɺݸਓͷࣗ༝ɺଚݫɺฏ౳͕৵֐͞Εͳ͍Α͏ʹ ͠ɺਖ਼֬ੑɾਖ਼౰ੑͷ֬อͱຊਓͷ࣮࣭తͳؔ༩͕Ͱ͖ΔΑ͏ʹ ͠ͳ͚Ε͹ͳΒͳ͍ • ύʔιφϧσʔλͷॏཁੑɾཁ഑ྀੑͷอޢͷҝʹจԽతഎܠ΍ ࣾձͷڞ௨ཧղͷ΋ͱʹ͖Ίࡉ΍͔ʹݕ౼͢Δඞཁ͕͋Δ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  55. We want to realize human-centered AI social principles. • AIࣾձݪଇ

    : ηΩϡϦςΟ֬อͷݪଇ • ηΩϡϦςΟ͸ϦεΫϕʔεͰ͋ΓɺಘΒΕΔརӹͱόϥϯεΛ औΓͳ͕Βࣾձͷ҆શੑͱͱ΋ʹ࣋ଓՄೳੑΛ޲্͢Δ • ࣋ଓՄೳੑͷͨΊʹɺ୯Ұ͋Δ͍͸গ਺ͷಛఆ AI ʹҰٛతʹ ґଘͯ͠͸ͳΒͳ͍ ਓؒத৺ͷ"*ࣾձݪଇIUUQTXXXDBPHPKQDTUQBJBJHFOTPLVQEG

  56. ͜͜·ͰͰ Ͳ͏Ͱ͠ΐ͏ʁ

  57. ʮੜ੒AIͷΨόφϯεʯ ํ๏࿦ʹ໨͕ߦ͖͕ͪͩͱࢥ͍·͢

  58. ԿΛͨͯ͘͠ ੜ੒AIͷΨόφϯεʹऔΓ૊Ήͷ͔

  59. ͜͜Λ౿·্͑ͨͰ ૊৫ʹམͱ͠ࠐΉͨΊʹ ஈ֊Λ౿Έ·͢

  60. AIݪଇ࣮ݱͷͨΊͷΨόφϯε ΨΠυϥΠϯVer1.1

  61. Relatively abstract guidelines • ؀ڥɾϦεΫ෼ੳ • AIΨόφϯεΰʔϧઃܭ • γεςϜσβΠϯʢAIϚωδϝϯτγεςϜઃܭʣ •

    ӡ༻ • ܧଓతͳධՁ • ΞδϟΠϧΨόφϯεͷ࣮ફ

  62. Governance Guidelines for AI Principles of Practice. • ؀ڥɾϦεΫ෼ੳ •

    اۀ΍ࣄۀ෦୯Ґͷํ਑ΛܾΊΔʹ͋ͨͬͯ͸ɺAI γεςϜ͕΋ ͨΒ͠͏Δਖ਼ෛͷΠϯύΫτɺAI γεςϜͷ։ൃ΍ӡ༻ʹؔ͢Δ ࣾձతड༰ɺͦͯࣗࣾ͠ͷࣄۀൣғ౳ʹরΒͯ͠ෛͷΠϯύΫτ ͕ܰඍͰ͸ͳ͍ͱ൑அͨ͠৔߹ʹ͸ɺࣗࣾͷ AI शख़౓ʢAI γε ςϜͷ։ൃɾӡ༻࣌ʹٻΊΒΕΔ४උ͕ͲΕ͚ͩͰ͖͍ͯΔͷ ͔ʣΛߟྀ͢΂͖Ͱ͋Δɻ

  63. Governance Guidelines for AI Principles of Practice. • AIΨόφϯεΰʔϧઃఆ •

    ϚνϡχςΟϞσϧͷΑ͏ͳ΋ͷͰ͋Γɺݱঢ়ͱඞཁͳਫ४ͱͷ ဃ཭Λ໌Β͔ʹ͢Δ΋ͷ • ಛఆͨܰ͠ඍͰ͸ͳ͍ϦεΫʹରͯ͠ɺΰʔϧΛઃఆ͠ɺݱࡏʹ ͓͍ͯͲͷΑ͏ͳࢪࡦ͕ෆ଍͍ͯ͠Δͷ͔ΛՄࢹԽ͢Δɻ • ֤޻ఔʹ͓͚Δ࣮ફྫ͕ଟ͘ܝࡌ͞Ε͍ͯΔͷͰɺͦΕΛࢀ ߟʹΰʔϧઃఆΛ͍ͯ͘͠ɻ

  64. Governance Guidelines for AI Principles of Practice. • γεςϜσβΠϯʢAIϚωδϝϯτγεςϜઃܭʣ •

    ઃఆͨ͠AIΨόφϯεΰʔϧʹ޲͔ͬͯɺဃ཭Λղফ͍ͯ͘͠ମ੍΍࿮૊ΈΛ࡞ Δ޻ఔ • εςʔΫϗϧμʔʹରͯ͠ɺဃ཭ΛධՁ͢ΔͨΊͷσʔληοτΛఏڙ͢Δ • AIϚωδϝϯτγεςϜʹܞΘΔਓࡐʹAIྙཧʹؔ͢ΔϦςϥγʔڭҭ΍ ݚमΛఏڙ͢Δ • ࣄۀऀؒɾ෦໳ؒͰ৘ใڞ༗͠ɺڠྗͯ͠AIϚωδϝϯτΛڧԽ͢Δ

  65. Governance Guidelines for AI Principles of Practice. • ӡ༻ •

    AIϚωδϝϯτγεςϜͷӡ༻ঢ়گʹ͍ͭͯઆ໌Մೳͳঢ়ଶͷ֬ อ • ݸʑͷAIγεςϜͷӡ༻ঢ়گʹ͍ͭͯઆ໌Մೳͳঢ়ଶΛ֬อ͢Δ • ίʔϙϨʔτΨόφϯεɾίʔυͷඇࡒ຿৘ใͱͯ͠Ґஔ͚ͮͯ ੵۃతͳ৘ใͷ։ࣔ

  66. Governance Guidelines for AI Principles of Practice. • ܧଓతͳධՁ •

    AI ϚωδϝϯτγεςϜٴͼݸʑͷ AI γεςϜͷӡ༻ঢ়گʹͭ ͍ͯઆ໌Մೳͳঢ়ଶΛ֬อ͢Δ (಺෦؂ࠪ, ࣗݾධՁ, ֎෦؂ࠪ) • ࣾ֎εςʔΫϗϧμʔ͔ΒͷϑΟʔυόοΫΛड͚Δ

  67. Governance Guidelines for AI Principles of Practice. • ΞδϟΠϧΨόφϯεͷ࣮ફ •

    εςʔΫϗϧμʔͷؔ༩ͷ ԼͰAIΨόφϯεͷࡏΓํ Λݕ౼͠ɺϚνϡχςΟϞ σϧΛؚΊɺඞཁʹԠͯ͡ վగΛߦ͏͜ͱɻ "*ݪଇ࣮ફͷͨΊͷΨόφϯεɾΨΠυϥΠϯ7FS IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFBJ@TIBLBJ@KJTTPQEG@QEG

  68. ΍͍ͬͯ͘͜ͱͷ֎࿮͸෼͔͚ͬͨͲ த਎͕ந৅తͰͰ͖Δؾ͕͠ͳ͍

  69. ϚνϡχςΟϞσϧ͸ྲྀߦ͍ͬͯΔ͕ ૊৫ʹ߹Θͤͯ࡞ΔͷͰେม

  70. ૊৫׆ಈͷதͰ ੜ੒AIͷͨΊʹ ৽͍͠औΓ૊Έ͕ඞཁͳͷʁ

  71. ૊৫ʹ͸ ϓϥΠόγʔͱηΩϡϦςΟʹ औΓ૊Ή࢓૊Έ͕طʹ͋Δ

  72. NIST Cyber Security Framework v2.0 NIST Privacy Framework

  73. Incorporation into the organization's existing activities • NIST Privacy FrameworkͰ͸ɺαΠόʔηΩϡϦςΟʹؔ࿈͢Δϓϥ

    ΠόγʔΠϕϯτʹ͍ͭͯɺ๷ޚͷ෦෼͚ͩϓϥΠόγʔʹಛԽͨ͠ ܗʹͰ͖Ε͹ݕ஌ɾରԠɾ෮چͷ෦෼͸NIST CSFͱಉ͡࿮૊ΈͰର ԠͰ͖Δͱ͍ͯ͠Δ • ϙΠϯτ͸ɺ૒ํʹGovernͱϦεΫϚωδϝϯτઓུ͕͋Δͱ͜Ζ

  74. ͜͜ʹੜ੒AIͷจ຺Λ ৫ΓࠐΜͰ֦ு͍ͯ͘͠

  75. NIST AI Risk Management Framework

  76. Structure of NIST AI Risk Management Framework • લ൒͸ɺAIʹؔ࿈͢ΔϦεΫΛͲͷΑ͏ʹϑϨʔϜϫʔΫԽͰ͖Δ͔ ͱ͍͏ٞ࿦ͱτϥετϫʔδͳੜ੒AIγεςϜͷಛ௃ʹ͍ͭͯ֓આ

    • ޙ൒͸ɺCoreͰ͋ΔGovernͱMapɺMeasureɺManageʹ͍ͭͯղ આ͍ͯ͠Δ "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  77. ·ͣɺલ൒෦෼

  78. • Elements for framing risks associated with AI Overview of

    AI actors and TEVV tasks at each stage of the generative AI life cycle

  79. • Elements for framing risks associated with AI Trustworthy Generative

    AI Features "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  80. ͜ΕΒ͸ ϦεΫΞηεϝϯτͷࡐྉͱ ΨόφϯεͷΞ΢τϓοτཁૉ ͱ΋ݴ͑Δ

  81. ࣍ʹɺޙ൒෦෼

  82. Check your current location

  83. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ϦεΫΛ༧ଌɺಛఆɺϚωδϝϯτ͢ΔͨΊͷϓϩ ηεͱจॻ΍εςʔΫϗϧμʔશମΛؚΉ૊৫ͷ࿮ ૊ΈɺͦΕΒͷ੒ՌΛୡ੒͢ΔͨΊͷखॱͷ֓આ • AI ͷϦεΫϚωδϝϯτػೳΛ૊৫ͷݪଇɺํ਑ɺ ઓུత༏ઌࣄ߲ͱ੔߹ͤ͞ΔͨΊͷ࢓૊Έ

  84. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ੜ੒AIͷϥΠϑαΠΫϧͷ֤ஈ֊ͰߦΘΕΔ׆ಈͷ தͰͲͷΑ͏ͳϦεΫ͕͋Γͦ͏͔ͷίϯςΩετ Λચ͍ग़͢ػೳ • ΍ͬͯΔࣄ͸ϦεΫΞηεϝϯτʹࣅͯ·͕͢ɺ ϦεΫͷϞσϧԽʹ͸৮ΕΒΕ͍ͯͳ͍ • Mapͷ݁Ռ͸ɺMeasureͱManageʹఏڙ͞ΕΔ

  85. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • Map͞ΕͨAIϦεΫͱؔ࿈͢ΔΠϯύΫτΛ෼ੳɺධ ՁɺϕϯνϚʔΫɺϞχλʔ͢ΔͨΊͷఆྔతɾ ఆੑతɺ·ͨ͸ࠞ߹๏ͷπʔϧ΍ٕ๏΍ํ๏࿦ • AIγεςϜ͸σϓϩΠલʹςετ͞Ε·͕͢ɺӡ༻த ʹ΋ఆظతʹςετ͞ΕΔ΂͖ • ͦͷͨΊɺMapͰಛఆ͞ΕͨAIϦεΫΛܭଌ͢ΔͨΊ ͷϝτϦΫε΍ํ๏࿦ΛจॻԽ͢Δ͜ͱ͕ॏཁ

  86. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • MAP͞ΕͯɺMeasure͞ΕͨϦεΫʹϦιʔεΛׂΓ ౰ͯͯňॲஔʼn͢Δ͜ͱ • ॲஔ͸ɺΠϯγσϯτ΍ࣄ৅΁ͷରԠɺճ෮ɺί ϛϡχέʔγϣϯʹؔ͢ΔܭըͰߏ੒͞Ε͍ͯΔ

  87. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ͦΕͧΕΛͲ͏࣮ફ͢Δ͔ͷৄࡉ͕هࡌ͞Ε͍ͯΔ • શ෦΍Δ΋ͷͰ͸ͳ͘ɺࣗ෼ͨͪͷ૊৫ΛऔΓר͘ ؀ڥ΍AIϥΠϑαΠΫϧʹ͓͍ͯɺऔࣺબ୒΍ඞཁͳ ڧ౓Λબ୒͢Δ΋ͷ • ͦͷͨΊɺݱࡏ஍ͱཧ૝ܥͷ2ύλʔϯ͕Ͱ͖Δ͸ͣ

  88. Elements of AI risk management to be incorporated into the

    organization's risk management strategy • ͜ΕΒΛ࠷ऴతʹAI RMF ϓϩϑΝΠϧʹམͱ͠ࠐΉ • ϢʔεέʔεʹԠͨ͡ϓϩϑΝΠϧͷ·ͱ·ΓͰɺ ϑϨʔϜϫʔΫར༻ऀͷཁ݅΍ϦεΫڐ༰౓ɺ Ϧιʔεʹجͮ͘ಛఆͷઃఆɺAI RMFͷ֤ΧςΰϦɾ αϒΧςΰϦΛͲ͏࣮૷͍͔͕ͯ͘͠هࡌ͞ΕΔ

  89. ͱݴ͏Θ͚Ͱ Playbookʹඈͼ͍ͭͯͨਓ͸ ·͋ɺམͪண͚ͱ͍͏͜ͱ

  90. One factor that could lead you astray • ňϦεΫϚωδϝϯτϑϨʔϜϫʔΫʼnͱ͍͏໊લͷͱ͓Γɺ Ψόφϯεͱ͸είʔϓ͕ҟͳΔ

    ( ΨόφϯεʼϦεΫϚωδϝϯτ ) • ੜ੒AIͷΨόφϯεΛ΍Γ͍͖ͨͯ͘ͳΓ͜ͷจॻʹඈͼͭ͘ͱɺ ࠞཚͨ͠Γɺ࢖͍ํΛؒҧ͑ͯ΍ͨΒࡉ͔͘ͳͬͨΓɺ ݪཧओٛతʹͳͬͨΓͱͪΐͬͱ͓͔͍͜͠ͱʹͳΔ͔΋͠Εͳ͍

  91. ͜͜·ͰͷυΩϡϝϯτΛ၆ᛌͯ͠ ੜ੒AIͷΨόφϯεͷશମ૾͕ ݟ͖͑ͯͨͱࢥ͍·͢

  92. Ͱ͕͢ɺͳ͔ͥͩ Ͱ͖Δؾ͕͠·ͤΜΑͶʁ

  93. ౷੍ͷ࿮૊Έ͕෼͔ͬͯ΋ ੜ੒AIͦͷ΋ͷɾ։ൃϓϩηε͕ ӢΛ௫ΉΑ͏ͳ΋ͷ͔ͩΒ

  94. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  95. νΣοΫϦετ͕ग़͍ͯΔ͔Β ͦΕΛ΍Ε͹͍ʔΜ͡Όͳ͍ʁ

  96. The nail is in the co ff i n fi

    rst. • ňAIݪଇ࣮ફͷͨΊͷΨόφϯεΨΠυϥΠϯ Ver.1.1ʼnͰड़΂ΒΕ͍ͯ Δͱ͓ΓɺνΣοΫϦετ͸൒͹ٛ຿ͳ΋ͷʹͳΓ͕ͪͰɺ ϦεΫϕʔεͷରԠΛ્֐͢Δ໘͕͋Δ • NIST CSFͷGovernͰ΋ňϦεΫϕʔεʼnͰରԠ͢ΔΑ͏ʹͱड़΂͍ͯΔ • νΣοΫγʔτ͸ɺख͕͔͔ؒΔׂʹɺͲ͜·Ͱ͍ͬͯ΋νΣοΫ γʔτͳͷͰϢʔεέʔε΍ݱ৔ʹϑΟοτ͠ͳ͍

  97. ͭ·Γ ňԿΛ͢Ε͹͍͍͔ʼn͸෼͔ͬͯ΋ ň۩ମతʹͲ͏͢Ε͹͍͍͔ʼn·Ͱ 1ϚΠϧҎ্ͷဃ཭͕͋Δ

  98. ͜ͷဃ཭͸ ňੜ੒AIͷΨόφϯεͷ࣮ߦΛ ೉͍ͯ͘͠͠Δཁૉʼn ͱݴ͍׵͑ͯ΋͍͍

  99. ෼ղͯ͠Έ·͠ΐ͏

  100. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  101. ཁ͢Δʹ ϦεΫΛϞσϧԽΛ͢Δཁૉͱ ੔ཧ͢΂͖಺༰ͷཧղ͕ ଍Γͯͳ͍

  102. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  103. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • NIST AI RMFͷਤ͕ࢀߟʹͳΓ·͢ͷͰɺ͜ΕΛϕʔεʹࣗ෼ͨͪ ͷϢʔεέʔεʹ౰ͯ͸Ί͍ͯ͘͜ͱͰɺ໌Β͔ʹ͢Δ

  104. • Elements for framing risks associated with AI Overview of

    AI actors and TEVV tasks at each stage of the generative AI life cycle [reprint]

  105. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  106. Elements that make it di ff i cult to implement

    the governance of generative AI • ର৅ͱ͢Δੜ੒AIͱؔ࿈͢Δ৘ใΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓ ѻ͓͏ͱ͍ͯ͠Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ؆୯ͳϞσϧʹϢʔεέʔεΛ౰ͯ͸ΊͯɺΠϝʔδ͠қ͘͢Δ

  107. Elements that make it di ff i cult to implement

    the governance of generative AI • ؆୯ͳϞσϧʹϢʔεέʔεΛ౰ͯ͸ΊͯɺΠϝʔδ͠қ͘͢Δ ੜ੒"*αʔϏεར༻ʹؔ͢Δ஫ҙϙΠϯτݕग़ϑϨʔϜϫʔΫΛ ߟ͑ͯΈͨ IUUQTXXXGOJGOJOFUBJGSBNFXPSL "*ݪଇ࣮ફͷͨΊͷΨόφϯεɾΨΠυϥΠϯ7FS IUUQTXXXNFUJHPKQTIJOHJLBJNPOP@JOGP@TFSWJDFBJ@TIBLBJ@KJTTPQEG @QEG

  108. Elements that make it di ff i cult to implement

    the governance of generative AI • ؆୯ͳϞσϧʹϢʔεέʔεΛ౰ͯ͸ΊͯɺΠϝʔδ͠қ͘͢Δ • ͜ͷΠϝʔδͷ͠΍͢͞͸݁ߏେࣄ • ಛʹϓϥΠόγʔͷ෦෼͸ɺײ͡Δͱ͜Ζ͕ਓͦΕͧΕͳͷͰɺ ༷ʑͳਓ͕ؔΘ͍ͬͯ͘ඞཁ͕͋Δ • ઐ໳஌͕ࣝͳͯ͘΋Πϝʔδ͠қ͍Α͏ʹɺಉ͡ֆΛΈͳ͕Βߟ͑ ΒΕΔΑ͏ʹ͢Δͷ͸ɺεςʔΫϗϧμʔΛר͖ࠐΉ্Ͱ΋େࣄ

  109. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  110. Elements that make it di ff i cult to implement

    the governance of generative AI • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • OWASPňLLM AI αΠόʔηΩϡϦςΟͱΨόφϯεͷνΣοΫϦετ ʙ ࣦഊ͠ͳ͍େن໛ݴޠϞσϧಋೖͷͨΊʹʙʼnͷϞσϧԽ͞ΕͨڴҖͷྫ • OWASPňOWASP Top 10 for LLM Applicationʼn • re:Invent 2023 SEC214ňThreat modeling your generative AI workload to evaluate security riskʼn

  111. Elements that make it di ff i cult to implement

    the governance of generative AI • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • IriusRiskࣾͷJeff͸ɺೖྗͨ͠γεςϜͷ֓ཁ΍ߏ੒ਤʹج͍ͮ ͯɺڴҖϞσϧΛੜ੒ͯ͘͠ΕΔੜ੒AI • ༗ঈ൛ͱίϛϡχςΟ൛ (ແঈ) ͕͋Δ͕ɺγεςϜߏ੒ΛͲ͜·Ͱ ೖྗ͢Δ͔೰·͍͠ͱ͜Ζ

  112. ࢒೦ͳ͕Β ੜ੒AIͷ։ൃϓϩηεʹ͓͚Δ ڴҖϞσϧ͸੔ཧ͞Ε͍ͯͳͦ͞͏

  113. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦ΋ͦ΋ੜ੒AIͷϥΠϑαΠΫϧ͕Θ͔͍ͬͯͳ͍ • ର৅ͱ͢Δੜ੒AIΛɺ୭͕Կͷ໨తͰͲͷΑ͏ʹऔΓѻ͓͏ͱͯ͠ ͍Δͷ͔ͷશମ૾͕෼͔͍ͬͯͳ͍ • ੜ੒AIʹର͢ΔڴҖͱͯ͠ɺͲΜͳ΋ͷ͕͋Δͷ͔૝૾Ͱ͖ͳ͍ • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍

  114. Elements that make it di ff i cult to implement

    the governance of generative AI • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍ "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  115. Elements that make it di ff i cult to implement

    the governance of generative AI • ର৅ͷੜ੒AIͷτϥετϫʔδωε͕ͲΜͳ΋ͷ͔ΠϝʔδͰ͖ͳ͍ "*3JTL.BOBHFNFOU'SBNFXPSL IUUQTBJTJHPKQBJ@OJTU@SNG@KB@OFXT

  116. Elements that make it di ff i cult to implement

    the governance of generative AI • ΞΧ΢ϯλϏϦςΟͱಁ໌ੑ͸τϥετϫʔδͷલఏ • ಁ໌ੑ • ઃܭ্ͷҙࢥܾఆ΍τϨʔχϯάσʔλ͔ΒɺϞσϧͷτϨʔχϯάɺ Ϟσϧͷߏ଄ɺҙਤ͞ΕͨϢʔεέʔεɺσϓϩΠɺσϓϩΠޙɺ·ͨ ͸ΤϯυϢʔβͷҙࢥܾఆ͕ɺ͍ͭɺͲͷΑ͏ʹɺ୭ʹΑͬͯߦΘΕͨ ͔ʹ·ͰٴͿ • ΑΓߴ͍ϨϕϧͷཧղΛଅ͢͜ͱͰɺ AI γεςϜʹର͢Δ৴པΛߴΊΔ

  117. Elements that make it di ff i cult to implement

    the governance of generative AI • ΞΧ΢ϯλϏϦςΟ • ϦεΫͱΞΧ΢ϯλϏϦςΟͷؔ܎͸ɺจԽతɺ๏తɺ෼໺తɺ ࣾձతίϯςΫετʹΑͬͯҟͳΔ • ݁Ռ͕ਂࠁͰ͋Δ৔߹ɺAI ͷ։ൃऀ΍σϓϩΠϠ͸ɺͦͷಁ໌ੑ ͱΞΧ΢ϯλϏϦςΟͷ׳ߦΛൺྫత͔ͭੵۃతʹௐ੔͢Δ͜ͱΛ ݕ౼͢Δඞཁ͕͋Δ

  118. Elements that make it di ff i cult to implement

    the governance of generative AI • આ໌Մೳੑ • Ϟσϧ͕ਪ࿦ʹͲͷΑ͏ʹ౸ୡ͔ͨ͠Λઆ໌Ͱ͖Δඞཁ͕͋Δ৔߹ • AI γεςϜ͕ͲͷΑ͏ʹग़ྗʹ౸ୡ͔ͨ͠Λཧղ͢Δ͜ͱ • Ξϓϩʔνͷͻͱͭͱͯ͠ɺग़ྗͱೖྗʹؔ͢ΔϞσϧͷಈ࡞Λ؍ ࡯͢ΔɺϞσϧʹґଘ͠ͳ͍ϒϥοΫϘοΫεΞϓϩʔν͕͋Δ • ϞσϧΛ໰Θͳ͍ͷͰɺͲΜͳϞσϧͰ΋࢖͑ΔΞϓϩʔν

  119. Elements that make it di ff i cult to implement

    the governance of generative AI • આ໌Մೳੑ (ϒϥοΫϘοΫεͷ಺༁) • ಛ௃ྔͱ༧ଌ஋ͷؔ܎ͷՄࢹԽ (ICE, PDP) • ۙࣅϞσϧʹΑΔઆ໌Մೳੑ ( Surrogate Model, LIME, SHAP) • Ծ૝αϯϓϧʹΑΔઆ໌Մೳੑ ( Counterfactual Explanations ) • ը૾σʔλʹ͓͚Δઆ໌Մೳੑ ( Saliency Map ) ࢀߟ"*ެฏੑɾઆ໌Մೳ"*ʢ9"*ʣͷ֓આͱಈ޲೔ຊ૯ݚ IUUQTXXXKSJDPKQ.FEJB-JCSBSZ fi MFDPMVNOPQJOJPOQEGQEG

  120. Elements that make it di ff i cult to implement

    the governance of generative AI • ղऍՄೳੑ • ܾఆ໦΍ϧʔϧϕʔεͷγεςϜͳͲɺΑΓղऍՄೳͳΞϧΰϦζ Ϝ΍ख๏Λ࢖༻͢Δ͜ͱͰɺϞσϧͷॏΈΛ؍࡯͠ɺ಺෦ͷ࢓૊Έ Λཧղ͢Δ͜ͱ • ઢ্ճؼ ʻ σγδϣϯπϦʔ ʻ χϡʔϥϧωοτϫʔΫͷॱʹ ෳࡶʹͳ͍ͬͯ͘ • Ϟσϧͷ಺෦ϝΧχζϜ͕ग़ྗʹͲͷΑ͏ʹӨڹ͢Δ͔ΛจॻԽ

  121. Elements that make it di ff i cult to implement

    the governance of generative AI • ղऍՄೳੑ • ҙࢥܾఆΛઆ໌Ͱ͖Ε͹ɺҎԼͷΑ͏ͳಛੑ΋આ໌Ͱ͖Δ • ެฏੑ • ϓϥΠόγʔ • ৴པੑ·ͨ͸ݎ࿚ੑ • ҼՌؔ܎ ࢀߟ*OUFSQSFUBCMF.BDIJOF-FBSOJOH IUUQTDISJTUPQINHJUIVCJPJOUFSQSFUBCMFNMCPPLJOUFSQSFUBCJMJUZJNQPSUBODFIUNM

  122. Elements that make it di ff i cult to implement

    the governance of generative AI • ղऍՄೳੑ (ෆཁͳέʔε) • େ͖ͳӨڹΛٴ΅͞ͳ͍৔߹ • े෼ʹݚڀ͞Ε͍ͯΔ৔߹ • ղऍՄೳੑ͕޷·͘͠ͳ͍݁ՌΛٴ΅͢৔߹ • Ϣʔεέʔε্ɺൈ͚݀୳͠ͷϦεΫ͕ߴ͍৔߹ ࢀߟ*OUFSQSFUBCMF.BDIJOF-FBSOJOH IUUQTDISJTUPQINHJUIVCJPJOUFSQSFUBCMFNMCPPLJOUFSQSFUBCJMJUZJNQPSUBODFIUNM

  123. Elements that make it di ff i cult to implement

    the governance of generative AI • ͦΕͧΕ͸૬ޓʹࢧ͑߹͏ಛੑ • ಁ໌ੑ͸ɺγεςϜͰňԿ͕ى͔ͬͨ͜ʼnʹճ౴Ͱ͖Δ • આ໌Մೳੑ͸ɺγεςϜͰňͲͷΑ͏ʹʼnܾఆ͞Ε͔ͨʹճ౴Ͱ͖Δ • ղऍՄೳੑ͸ɺγεςϜͰňͳͥʼnܾఆ͞Ε͔ͨʹճ౴Ͱ͖Δ

  124. ͦΕͧΕ͸ݫີͳ΋ͷͰ͸ͳ͘ ͳ͍΋ͷΑΓ͋Δํ͕৴པͰ͖ΔΑͶ ͱ͍͏χϡΞϯε

  125. ͳΜͰ ಁ໌ੑ, આ໌Մೳੑ, ղऍՄೳੑ͕ ඞཁͩͬͨΜ͚ͩͬʁ

  126. Algorithmic Accountability Act of 2022 [reprint] • ΞϧΰϦζϜઆ໌੹೚๏ ( 2022೥ถࠃٞձԼӃఏग़

    ) • اۀ͕࢖༻ɾൢച͢ΔࣗಈԽγεςϜͷӨڹΛධՁ͢Δ͜ͱΛٻ ΊɺࣗಈԽγεςϜ͕͍ͭɺͲͷΑ͏ʹ࢖༻͞Ε͍ͯΔ͔ʹ͍ͭ ͯ৽ͨͳಁ໌ੑΛ૑ग़͠ɺফඅऀ͕ॏཁͳҙࢥܾఆͷࣗಈԽʹͭ ͍ͯे෼ͳ৘ใΛಘ্ͨͰબ୒Ͱ͖ΔΑ͏ʹ͢Δ΋ͷͰ͋Δɻ "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFS IUUQTXXXXZEFOTFOBUFHPWJNPNFEJBEPD "MHPSJUINJD"DDPVOUBCJMJUZ"DUPG0OFQBHFSQEG

  127. ňੜ੒AIͷΨόφϯεͷ࣮ߦΛ ೉͍ͯ͘͠͠Δཁૉʼn͸ ϦεΫΛϞσϧԽΛ͢Δཁૉͱ ੔ཧ͢΂͖಺༰͕ཧղͰ͖Ε͹ ղܾ͢Δʁ

  128. ·ͩ଍Γͳ͍ ·ͩͰ͖Δؾ͕͠ͳ͍

  129. ͦΕ͸ Ωϟϯόε

  130. It means that everyone involved in generative AI sees the

    same picture. • ଟ͘ͷਓ͕ͨͪؔΘ্͍ͬͯ͘Ͱɺಉ͡΋ͷΛݟͨ΄͏͕ޮ཰͕͍͍ • ஌ࣝΪϟοϓɾೝࣝΪϟοϓ͸࢓ํͳ͍͕ɺଟ͘ͷεςʔΫϗϧ μʔ͕ؔ༩͢Δ্Ͱ஫ҙ͢΂͖ͱ͜Ζ͸ň৘ใΪϟοϓʼn • ஌ࣝΪϟοϓɾೝࣝΪϟοϓ͸ɺଟ༷ͳεςʔΫϗϧμʔ͕ؔ༩͢ ΔதͰղܾ͢Δཁૉ • ʮզ͕ࠃͷAIΨόφϯεͷࡏΓํ ver. 1.1ʯͰड़΂͍ͯΔɺ ैۀһͷԣͷͭͳ͕Γͷྗͷൃش͠Ͳ͜Ζʂ

  131. ͜ΕΒΛ ੜ੒AIͷϢʔεέʔεϓϩϑΝΠϧ ͱͯ͠ɺ·ͱΊɾӡ༻͢Δ͜ͱΛ ఏҊ͠·͢

  132. What is a Generative AI Use Case Pro fi le?

    • Ϣʔεέʔεͷ֓ཁͱ࢖༻͍ͯ͠ΔϞσϧɺઆ໌ՄೳੑͱղऍՄೳੑͷ ఆྔతͳධՁํ๏ɺσʔλͷऔѻ͍ϙϦγʔɺϓϥΠόγʔ΁ͷӨ ڹɺؔ࿈͢Δ๏ن੍ɺϦεΫΞηεϝϯτͷΠϯϓοτͱ݁ՌͳͲ͕ ू໿͞Ε͍ͯΔ΋ͷ • AICoEͷΑ͏ͳɺϚϧνεςʔΫϗϧμʔ͕ؔ༩͢Δ૊৫͕ɺ ੜ੒AIͷϢʔεέʔεϓϩϑΝΠϧͷΑ͏ͳҰͭͷΩϟϯόεΛғΜͰ ٞ࿦͢ΔΑ͏ͳ࢖ΘΕํΛΠϝʔδ͍ͯ͠·͢

  133. What is a Generative AI Use Case Pro fi le?

    • ࣅͨΑ͏ͳࢥ૝ͷ΋ͷ͸ɺAmazon SageMaker ϞσϧΧʔυ͕͋Δ • Ϟσϧͷ࢖༻໨త΍ϦεΫධՁɺτϨʔχϯάͷৄࡉͱϝτϦΫεɺ ධՁ݁Ռͱॴݟɺߟྀࣄ߲ɺਪ঑ࣄ߲ɺΧελϜ৘ใͱ͍ͬͨͦͷଞ ͷ஫ҙࣄ߲ͳͲͷৄࡉ৘ใΛΧλϩάԽͨ͠΋ͷ • JSONεΩʔϚͰ·ͱΊΒΕ͍ͯΔ • ී௨ʹ΍ΔͳΒNotionʹ·ͱΊΔ͕ɺDX؍఺Ͱ͸γεςϜͰॲཧͰ͖Δ σʔλΧλϩάʹ͢Δͷ͕ཧ૝

  134. What is a Generative AI Use Case Pro fi le?

    • ʲNew!ʳAmazon AI αʔϏεΧʔυ͕ൃද (2024/11/30) • ૝ఆϢʔεέʔεɺ੍ݶࣄ߲ɺ੹೚͋ΔAIʹؔ͢ΔઃܭɺύϑΥʔ Ϛϯε࠷దԽͷϕετϓϥΫςΟεͳͲΛఏڙ • Amazon Rekognition Face Matching • Amazon Textract AnalyzeID • Amazon Transcribe – Batch (ӳޠ-ถࠃ) • Amazon Nova Reel / Canvas • Amazon Titan Image Generator • Amazon Titan Text Emveddings

  135. ݁ہɺϧʔϧΛ࡞ͬͯ ਓྗͰӡ༻͢Δͬͯ͜ͱʁ

  136. ϞχλϦϯάŋΤϯϑΥʔεϝϯτ෼໺ Ͱ෦෼తʹӡ༻Λॿ͚Δ΋ͷ͕ ग़࢝Ί͍ͯΔ

  137. Help with monitoring and enforcement • ͜ͷੜ੒AI࢖ͬͯྑ͍Ͱ͔͢ʁʹରԠ͢Δͷ͕େม • ૊৫ͰೝՄͨ͠ੜ੒AI͔͠࢖Θͤͨ͘ͳ͍Ͱ͟͝Δ •

    ੜ੒AIʹ౤ߘͨ͠ݸਓ৘ใΛɺϚεΫ͔ͯ͠Βੜ੒AIʹ౉͍ͨ͠ • RAGͰར༻ऀ͝ͱʹΞΫηεݖΛ੍ޚ͍ͨ͠ • ੜ੒AIΛߏ੒͢ΔΠϯϑϥετϥΫνϟͰͲ͏๷ޚ͢Ε͹͍͍ʁ • ੜ੒AIʹର͢ΔఢରతߦಈʹͲ͏ରॲ͢Ε͹͍͍ʁ • ੜ੒AIͷग़ྗ͕େৎ෉ͳͷ͔ΛͲ͏νΣοΫ͢Δʁ

  138. Help with monitoring and enforcement • ͜ͷੜ੒AI࢖ͬͯྑ͍Ͱ͔͢ʁʹରԠ͢Δͷ͕େม • ૊৫ͰೝՄͨ͠ੜ੒AI͔͠࢖Θͤͨ͘ͳ͍Ͱ͟͝Δ •

    ੜ੒AIʹ౤ߘͨ͠ݸਓ৘ใΛɺϚεΫ͔ͯ͠Βੜ੒AIʹ౉͍ͨ͠

  139. Help with monitoring and enforcement • ࢖ͬͯྑ͍ੜ੒AIπʔϧҰཡ • ໺ྑੜ੒AIΛձࣾࢦఆͷ ੜ੒AIʹ༠ಋ

    • ར༻ΛೝՄ͞Εͨੜ੒AI΁ͷ ೖྗσʔλͷαχλΠζ

  140. Help with monitoring and enforcement • ͜Ε࢖͑͹͍ʔΜ͡Όͳ͍ʁ • ࢒೦ͳ͕Βɺݱঢ়Ͱ͸೔ຊޠ؀ڥͰ࢖͍෺ʹͳΒͳ͍ •

    ࢥ૝͸͍͍͕ɺଟஈCASBతͳ࣮૷ʹͳΔͷ͕ߏ଄తͳ՝୊ • ݱ࣌఺ͷΧόʔൣғ͸ɺςΩετੜ੒ʹݶఆ͍ͯ͠Δ • CASB੡඼ʹऔΓࠐ·ΕΔͷ͕ཧ૝ʁʹݟ͑Δ (ݸਓͷײ૝Ͱ͢)

  141. Help with monitoring and enforcement • RAGͰར༻ऀ͝ͱʹΞΫηεݖΛ੍ޚ͍ͨ͠ • ݱ࣌఺Ͱ͸ɺAmazon Kendra

    ʴ Amazon Bedrock ͕ݱ࣮ղʁ • KendraͷϕΫτϧετΞʹσʔλιʔεͷACLΛ࣋ͨͤɺ ݕࡧ࣌ʹར༻ऀ৘ใΛجʹࢀরՄ൱Λ൑அ͢Δ • ʲSorry !ʳखݩͰ͸ະݕূͳͷͰੋඇࢼͯ͠Έͯ΄͍͠Ͱ͢ (FOFSBUJWF"*6TF$BTFT+1 ུশ(FO6  IUUQTHJUIVCDPNBXTTBNQMFTHFOFSBUJWFBJVTFDBTFTKQ

  142. Help with monitoring and enforcement • RAGͰར༻ऀ͝ͱʹΞΫηεݖΛ੍ޚ͍ͨ͠

  143. Help with monitoring and enforcement • ੜ੒AIΛߏ੒͢ΔΠϯϑϥετϥΫνϟͰͲ͏๷ޚ͢Ε͹͍͍ʁ • API GatewayͷखલʹCloudFrontΛ഑ஔͯ͠ŊAWS

    WAFͰ๷ޚ • API Gateway͸CloudFrontΛόΠύεͰ͖ͳ͍Α͏ʹ੍ݶ • Lambda Functionͷϩʔϧʹ͸࠷খݖݶΛ෇༩ • Dynamo DB΍ΧελϜLLM Ϟσϧʹ͸ɺ࠷௿ݶͷΞΫηεݖ ੜ੒"*ͷͨΊͷωοτϫʔΫڥքͰͷηΩϡϦςΟอޢ IUUQTBXTBNB[PODPNKQCMPHTOFXTOFUXPSLQFSJNFUFSTFDVSJUZQSPUFDUJPOTGPSHFOFSBUJWFBJ

  144. Help with monitoring and enforcement • ੜ੒AIΛߏ੒͢ΔΠϯϑϥετϥΫνϟͰͲ͏๷ޚ͢Ε͹͍͍ʁ ੜ੒"*ͷͨΊͷωοτϫʔΫڥքͰͷηΩϡϦςΟอޢ IUUQTBXTBNB[PODPNKQCMPHTOFXTOFUXPSLQFSJNFUFSTFDVSJUZQSPUFDUJPOTGPSHFOFSBUJWFBJ

  145. Help with monitoring and enforcement • ੜ੒AIʹର͢ΔఢରతߦಈʹͲ͏ରॲ͢Ε͹͍͍ʁ • Amazon Bedrock

    GuardrailsͰೖग़ྗͷ҆શੑͱϓϥΠόγʔΛ੍ޚ • ίϯςϯπϑΟϧλʔ • τϐοΫͷڋ൱ • ίϯςϯπ άϥ΢ϯσΟϯά νΣοΫ "NB[PO#FESPDL(VBSESBJMTΛ࢖༻ͯ͠Ϟσϧ಺ͷ༗֐ίϯςϯπΛఀࢭ͢Δ IUUQTEPDTBXTBNB[PODPNCFESPDLMBUFTUVTFSHVJEFHVBSESBJMTIUNM • ػີ৘ใϑΟϧλʔ • ୯ޠϑΟϧλʔ

  146. Help with monitoring and enforcement • ੜ੒AIͷग़ྗΛͲ͏νΣοΫ͢Δʁ • ʲPreviewʳAmazon Bedrock

    Guardrails͕৽ͨʹAutomated Reasoning Check (ࣗಈਪ࿦ʹΑΔνΣοΫ) ʹରԠ • ૊৫ͷϧʔϧ΍ϓϩηεɺΨΠυϥΠϯΛදݱ͢Δࣗಈਪ࿦ϙϦ γʔΛ࡞੒ͯ͠ɺLLMͷग़ྗ͕ཁ݅ʹ߹க͍ͯ͠Δ͔Λݕূ 1SFWFOUGBDUVBMFSSPSTGSPN--.IBMMVDJOBUJPOTXJUINBUIFNBUJDBMMZTPVOE"VUPNBUFE3FBTPOJOHDIFDLT QSFWJFX  IUUQTBXTBNB[PODPNKQCMPHTBXTQSFWFOUGBDUVBMFSSPSTGSPNMMNIBMMVDJOBUJPOTXJUINBUIFNBUJDBMMZTPVOEBVUPNBUFE SFBTPOJOHDIFDLTQSFWJFX

  147. Help with monitoring and enforcement • ੜ੒AIͷग़ྗΛͲ͏νΣοΫ͢Δʁ • ʲPreviewʳAmazon Bedrock

    GuardrailsͷϚϧνϞʔμϧ༗֐ੑݕ ஌ػೳΛαϙʔτ • ༗֐ͳՄೳੑͷ͋Δը૾ίϯςϯπͷݕग़ͱϑΟϧλϦϯά • ҰͭͷΞϓϦέʔγϣϯͰςΩετͱը૾ʹಉ࣌ʹରԠ "NB[PO#FESPDL(VBSESBJMTTVQQPSUTNVMUJNPEBMUPYJDJUZEFUFDUJPOGPSJNBHFDPOUFOU 1SFWJFX  IUUQTBXTBNB[PODPNKQBCPVUBXTXIBUTOFXBNB[POCFESPDLHVBSESBJMTNVMUJNPEBMUPYJDJUZEFUFDUJPOJNBHF DPOUFOUQSFWJFX

  148. De fi nition of Issue • ੜ੒AIͷΨόφϯεͷશମ૾͕Θ͔Βͳ͍ • Կ͔ಛผͳ͜ͱΛ΍Βͳ͍ͱ͍͚ͳ͍ؾ͕͢Δʂʁ •

    શମ૾͕෼͔ͬͨͱ͜ΖͰɺͲ͏͢Ε͹͍͍͔෼͔Βͳ͍ • ۩ମతͳํ๏࿦͸Αʂ • ͦΜͳϦιʔεͳ͍Αʂʼʻ • ·͊ɺΘ͔Δ

  149. realistic solution • ੜ੒AIΛར༻͢Δཱ৔ͷ૊৫΍খن໛ͳ։ൃɾӡ༻ɾൢച͢Δ૊৫Ͱ ͋Ε͹ɺΨόφϯεΛ؆ૉԽͰ͖Δ༨஍͸͋Δ • ҰํͰɺେن໛ͳੜ੒AIΛ։ൃɾӡ༻ɾൢച͢Δཱ৔ͷ૊৫͸ɺ ϑϧαΠζʹ͍ۙରԠ͕ඞཁʹͳΓͦ͏ • ׆࿏͸ɺNIST

    Cyber Security Framework v2.0ʹ͋Γ

  150. What is governance? [rePrint] • NIST CSF 2.0ʹ͓͚ΔʮGovernʢ౷࣏ʣʯͷΧςΰϦ • ૊৫తจ຺

    • ϦεΫϚωδϝϯτઓུ • ໾ׂ / ੹೚ / ݖݶ • ϙϦγʔ • ؂ಜ • αΠόʔηΩϡϦςΟαϓϥΠνΣʔϯϦεΫϚωδϝϯτ

  151. ཁ͸ର৅ͷࣄฑʹରͯ͠ ઓུʹج͍ͮͨϙϦγʔΛ࡞Γ ϙϦγʔΛ਱ߦ͢ΔͨΊͷ૊৫ΛఆΊ ੹೚/໾ׂ/ݖݶΛׂΓৼΓ ؂ࢹ͢Δ͜ͱ

  152. One Realistic Solution • ؆қతͳϑϨʔϜʹϢʔεέʔεΛ౰ͯ͸ΊͯϦεΫͷϞσϧԽ͠ɺ AIγεςϜ͕΋ͨΒ͠ಘΔਖ਼ෛͷΠϯύΫτͱAIγεςϜͷ։ൃ΍ࣾ ձతड༰ɺࣗࣾͷࣄۀൣғʹরΒͯ͠ෛͷΠϯύΫτ͕ܰඍͰ͸ͳ͍ ͱ൑அͨ͠৔߹͸ɺରԠࡦΛߨ͡Δ • จॻԽͯ͠ɺܾఆͷܦҢΛه࿥͢Ε͹ཱ೿ͳΨόφϯε

    • CASB/SWGͳͲͰੜ੒AIͷར༻ঢ়گͷ؂ࢹͱ૊Έ߹Θͤͯɺ ࣮ޮྗΛ޲্Ͱ͖Δ

  153. ճͯ͠ΈΔͱ ҙ֎ͱΠέ·͢Α

  154. conclusion • طଘͷϓϥΠόγʔͱηΩϡϦςΟͷΨόφϯεͷ࿮૊Έʹɺੜ੒AI ͷ؍఺ͷϦεΫϚωδϝϯτΛೖΕΔࣄͰɺੜ੒AIͷΨόφϯεΛػ ೳͤ͞ΔԼ஍͸Ͱ͖ͦ͏ • ੜ੒AIͷΨόφϯεΛ࣮ࢪ͢Δ্Ͱ͸ɺϦεΫΞηεϝϯτ (ಛʹϦεΫͷϞσϧԽͷ෦෼) ͸ෆ଍͕ͪ͠ͳ෦෼ •

    ͜͜Λࢧԉ͢Δ΋ͷ͕ݱΕΔͱ͍Ζ͍ΖḿΓͦ͏

  155. conclusion • ੜ੒AIͷΨόφϯε͸ɺෳ਺ͷεςʔΫϗϧμʔ͕ࢀর͢Δ ༷ʑͳ৘ใΛ؅ཧ͢Δඞཁ͕͋ΔͷͰɺͦͷड͚ࡼͱͳΔ࢖͍қ͍ Ωϟϯόε͕͋ΔͱḿΓͦ͏ • Ψόφϯεʹ͸ϞχλϦϯά͕ෆՄܽͳͷͰɺϞχλϦϯάͷ࢓ํ΋ߟ ͑ͳ͕ΒɺϞσϧ΍ΞʔΩςΫνϟɺ࢖͍ํΛݕ౼͠·͠ΐ͏

  156. Thank you !

  157. Appendix • ਓؒத৺ͷ AI ࣾձݪଇɹฏ੒̏̍೥݄̏̎̕೔ ౷߹Πϊϕʔγϣϯઓུਪਐձܾٞఆ • https://www8.cao.go.jp/cstp/ai/aigensoku.pdf • զ͕ࠃͷAIΨόφϯεͷࡏΓํ

    ver. 1.1 • https://www.meti.go.jp/shingikai/mono_info_service/ai_shakai_jisso/2021070901_report.html • AI ݪଇ࣮ફͷͨΊͷ ΨόφϯεɾΨΠυϥΠϯ Ver. 1.1 • https://www.meti.go.jp/shingikai/mono_info_service/ai_shakai_jisso/pdf/20220128_1.pdf • AIࣄۀऀΨΠυϥΠϯʢୈ1.0൛ʣ • https://www.meti.go.jp/press/2024/04/20240419004/20240419004.html

  158. Appendix • The NIST Cybersecurity Framework (CSF) 2.0 • https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

    • NIST Privacy Framework • https://www.manageengine.jp/solutions/nist_publications/nist_pf/lp/ • NIST AIϦεΫϚωδϝϯτϑϨʔϜϫʔΫ • https://aisi.go.jp/2024/07/04/ai_nist_rmf_ja_news/

  159. Appendix • AIެฏੑɾઆ໌ՄೳAIʢXAIʣͷ֓આͱಈ޲ - ೔ຊ૯ݚ • https://www.jri.co.jp/MediaLibrary/ fi le/column/opinion/pdf/13846.pdf •

    Interpretable Machine Learning • https://christophm.github.io/interpretable-ml-book/interpretability-importance.html • AIϚωδϝϯτγεςϜͷࠃࡍن֨ISO/IEC 42001ʹ͍ͭͯͷղઆ • https://kpmg.com/jp/ja/home/insights/2024/04/isoiec42001-explanation.html • LLM AI αΠόʔηΩϡϦςΟͱΨόφϯεͷνΣοΫϦετɹʙɹࣦഊ͠ͳ͍େن໛ݴޠϞσϧಋೖͷͨΊʹɹʙ • https://owasp.org/www-project-top-10-for-large-language-model-applications/llm-top-10-governance-doc/ LLM_AI_Security_and_Governance_Checklist-v1_1_JP.pdf

  160. Appendix • OWASP Top 10 େن໛ݴޠϞσϧΞϓϦέʔγϣϯ • https://github.com/coky-t/owasp-top-10-for-large-language-model-applications-ja • ϓϩϑΝΠϦϯάʹؔ͢Δ࠷ऴఏݴ

    - ࣗओతऔ૊Έʹؔ͢ΔνΣοΫϦετ - ύʔιφϧσʔλ+αݚڀձ • https://wp.shojihomu.co.jp/wp-content/uploads/2022/04/ef8280a7d908b3686f23842831dfa659.pdf • DX࣌୅ʹ͓͚ΔاۀͷϓϥΠόγʔΨόφϯεΨΠυϒοΫver1.1 • https://www.meti.go.jp/policy/it_policy/privacy/guidebook11.pdf • AWS ੜ੒ AI ϕετϓϥΫςΟεϑϨʔϜϫʔΫ v2 • https://docs.aws.amazon.com/ja_jp/audit-manager/latest/userguide/aws-generative-ai-best-practices.html

  161. Appendix • ੹೚͋Δ AI ͷϕετϓϥΫςΟε: ੹೚͋Δ৴པͰ͖Δ AI γεςϜͷଅਐ • https://aws.amazon.com/jp/blogs/news/responsible-ai-best-practices-promoting-responsible-and-trustworthy-ai-systems/

    • OWASP Top 10 for LLM Λ׆༻ͨ͠ੜ੒ AI ΞϓϦέʔγϣϯͷଟ૚๷ޚηΩϡϦςΟઃܭ • https://aws.amazon.com/jp/blogs/news/architect-defense-in-depth-security-for-generative-ai-applications-using-the- owasp-top-10-for-llms/ • ੜ੒ AI ͷͨΊͷωοτϫʔΫڥքͰͷηΩϡϦςΟอޢ • https://aws.amazon.com/jp/blogs/news/network-perimeter-security-protections-for-generative-ai/ • Amazon Bedrock Guardrails Λ࢖༻ͯ͠Ϟσϧ಺ͷ༗֐ίϯςϯπΛఀࢭ͢Δ • https://docs.aws.amazon.com/bedrock/latest/userguide/guardrails.html