Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays New York 2025 - Fast, Repeatable, Secur...

apidays New York 2025 - Fast, Repeatable, Secure: Pick 3 with FINOS CCC by Leigh Capili (Control Plane)

Fast, Repeatable, Secure: Pick 3 with FINOS CCC
Leigh Capili, Kubernetes Contributor at Control Plane

apidays New York 2025
API Management for Surfing the Next Innovation Waves: GenAI and Open Banking
May 14 & 15, 2025

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

Avatar for apidays

apidays

May 23, 2025
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. Fast, Repeatable, Secure: Pick 3 with FINOS CCC Leigh Capili

    @stealthybox Flux Maintainer, Principal Consultant
  2. @controlplaneio Model Selection Data Integration Data Privacy Fine-Tuning RLHF Enterprise

    Operations Model Monitoring Model Governance Model Security End User Management Prompt Engineering Context Management Input Filtering Content Guardrails Model / Compute Optimization Model Event Caching Model Compression Prompt Routing Flows Runtime Optimization GPU Optimization What is AI Security? Plus…
  3. @controlplaneio • Low-level controls and mappings • Consideration of safety:

    Responsible AI • Discussion of accountability • In-practice, real-world use cases https://github.com/finos/ai-governance-framework FINOS: AI Governance Framework
  4. OpenSSF Logical Compliance Model Layer Name Description 1 Guidance High-level

    guidance on cybersecurity measures (i.e. NIST, OWASP, FINOS AI Gov Framework etc) 2 Controls Technology-specific, threat-informed security controls (i.e. CIS Benchmarks, FINOS Common Cloud Controls, and the Open Source Project Security (OSPS) Baseline) 3 Policy Risk-informed guidance tailored to an organization 4 Evaluation Inspection of code, configurations, and deployments 5 Enforcement Prevention or remediation based on assessment findings 6 Audit Review of organizational policy and conformance https://github.com/revanite-io/sci
  5. In summary 🍿🍿🍿 • Compliance is hard ◦ Common Cloud

    Controls (CCC) can give us a shared base across clouds ◦ Come Participate! • AI is Risky ◦ AI Readiness Framework helps us understand and label it • The state-of-the-art in Continuous Delivery is exciting ◦ We’re working to ensure Assured Flux is CCC compliant ◦ We’re replatforming our AI Security Architecture on Flux D2