AI Governance Archives - Krishna Gupta

LLM06:2025 Excessive Agency — A Critical Vulnerability in the Age of LLM Autonomy

18 June 2025 by Krishna

The surge of Large Language Model (LLM)-driven applications has revolutionised how businesses interact with data, automate processes, and deliver enhanced user experiences. From autonomous customer service bots to intelligent data summarisation tools and generative co-pilots, LLMs are transforming enterprise workflows at an astonishing pace.
However, this rise has not come without significant risk. Among the top concerns identified in the OWASP Top 10 for LLM Applications v2.0, LLM06:2025 – Excessive Agency stands out as a particularly insidious and business-critical vulnerability. It affects systems where LLMs are entrusted not only with information retrieval or generation but with the ability to act on behalf of users — often through invoking external tools, plugins, or APIs.

LLM04: Data and Model Poisoning – A C-Suite Imperative for AI Risk Mitigation

16 June 2025 by Krishna

At its core, data poisoning involves the deliberate manipulation of datasets used during the pre-training, fine-tuning, or embedding stages of an LLM’s lifecycle. The objective is often to introduce backdoors, degrade model performance, or inject bias—toxic, unethical, or otherwise damaging behaviour—into outputs.

Weak Model Provenance: Trust Without Proof

12 June 2025 by Krishna

Weak Model Provenance: Trust Without Proof A critical weakness in today’s AI model landscape is the lack of strong provenance mechanisms. While tools like Model Cards and accompanying documentation attempt to offer insight into a model’s architecture, training data, and intended use cases, they fall short of providing cryptographic or verifiable proof of the model’s …

Continue

LLM03:2025 — Navigating Supply Chain Vulnerabilities in Large Language Model (LLM) Applications

10 June 2025 by Krishna

As the adoption of Large Language Models (LLMs) accelerates across industries—from customer service to legal advisory, healthcare, and finance—supply chain integrity has emerged as a cornerstone for trustworthy, secure, and scalable AI deployment. Unlike traditional software development, the LLM supply chain encompasses training datasets, pre-trained models, fine-tuning techniques, and deployment infrastructures—all of which are susceptible to unique attack vectors.

Agentic AI and Infrastructure as Code (IaC): Pioneering the Future of Autonomous Enterprise Technology

29 May 2025 by Krishna

Infrastructure as Code is a modern DevOps practice that codifies and manages IT infrastructure through version-controlled files. It enables consistent, repeatable, and scalable deployment of infrastructure resources.