Security and risk management Governance and compliance

Enterprise-grade security and governance for generative AI applications

Enterprise deployment of generative AI applications requires robust security controls and governance frameworks that address both traditional cybersecurity concerns and AI-specific vulnerabilities. This section outlines comprehensive approaches for implementing security measures, risk management protocols, and compliance controls specifically designed for generative AI systems. It examines the unique threat landscape these applications face, including prompt injection attacks and model manipulation, along with corresponding mitigation strategies. It also covers regulatory compliance requirements across multiple jurisdictions and presents operational frameworks for implementing responsible AI practices. These components form an essential foundation for maintaining secure, compliant, and ethically sound generative AI applications in production environments.

Production environments demand comprehensive security controls that address the heightened risks associated with live, customer-facing generative AI systems. The production stage represents the culmination of security maturity, where all previous controls are enhanced and supplemented with enterprise-grade protections that are designed for continuous operation under real-world threat conditions. Continuous threat modelling becomes essential at this stage. You should incorporate inputs from the evolving threat environment, model updates, and real user-interaction patterns to identify emerging risks and adapt security measures accordingly.

Security and risk management for generative AI applications

Generative AI applications, being a function of LLMs, prevent an entirely new threat landscape when compared to traditional software, which is susceptible to attack vectors such as SQL injection, cross-site scripting and buffer overflows. Generative AI systems are open to sophisticated adversarial techniques, such as prompt injection attacks, jailbreaking, training data poisoning, model inversion, knowledge extraction, and alignment manipulation. These attacks can subvert intended safeguards.

To mitigate these risks, organizations must implement a comprehensive strategy that is specifically designed for generative AI systems. This strategy includes the following measures:

Input prompt filtering – Deploy adaptive prompt filtering with contextual analysis to defect manipulation attempts while maintaining legitimate functionality.
Runtime monitoring – Implement real-time anomaly detection to identify unusual usage patterns.
Permission model – Implement fine-grain access controls that are tailored to different generative AI functions, tasks, and risk levels.
Output safeguards – Employ multi-layered content moderation with automated scanning. For high-risk scenarios, use a human-in-the-loop approach.
Comprehensive observability – Create audit trails that capture end-to-end interactions. Collect the model version, prompt, response, and user context or metadata.
Red teaming – Conduct adversarial testing with domain experts in AI security to identify vulnerabilities.

Implement shutdown capabilities that provide critical safety mechanisms for high-risk scenarios, including systems that can detect when operations exceed acceptable bounds. These capabilities must be coupled with metrics from guardrail filters and business identified observability markers. You should also consider implementing continuous security posture management through automated scanning and assessment. This helps prevent attackers from exploiting configuration weaknesses. Edge protection controls limit request volumes and filter known threats with rapid rule update capabilities.

The production stage introduces strict no-human-access policies for production data, applications, and infrastructure. All access to production systems should be automated through approved deployment pipelines, with break-glass procedures that require explicit approval and comprehensive logging. This approach minimizes human error and unauthorized access while maintaining operational capability through controlled automation. You must implement robust recovery methods to support remediation of degraded systems within business-acceptable time frames, balancing security response with operational requirements.

Fine-grained access controls and comprehensive audit trails complete the production security posture. Access controls must adapt to the complex interaction patterns that emerge in production environments, where systems typically interact with more services, access more data sources, and serve more users than during earlier stages. Immutable audit trails should capture all prompts, responses, and system actions. This provides essential evidence for compliance requirements and security incident response. These controls collectively help production systems remain secure, reliable, and compliant while delivering consistent value to users.

Governance and compliance

Generative AI applications in production require governance controls that extend beyond standard software compliance frameworks. The unique characteristics of large language models—probabilistic systems, emergent capabilities, and potential for unexpected output—create complex risk profiles that require specialized governance approaches. The organization must navigate evolving regulations while establishing robust controls that address ethics, risk, and accountability considerations. This section covers key governance and compliance challenges and controls in production.

Risk management for governance and compliance

Effective governance and compliance for generative AI begins with a comprehensive risk management approach that identifies, evaluates, and mitigates risks. The organization must establish a structured mechanism that addresses known risks and accommodates the discovery of unforeseen challenges.

The following is a risk assessment approach that you can use to address governance and compliance requirements:

Risk identification
- Convene multidisciplinary teams that include legal, compliance, regulatory, security, ethics, business, and technical stakeholders. These teams should validate that the risks are covered adequately.
- Catalog generative AI-specific risks, including hallucinations, unauthorized disclosure of training data, prompt injection vulnerabilities, and malicious use cases.
- Conduct stakeholder workshops to identify potential harm across technical, operational, reputational, and legal dimensions.
- Review the regulatory landscape across deployment jurisdictions to identify compliance obligations. For more information, see Regulatory compliance and controls in this guide.
Risk analysis and evaluation
- Assess the likelihood, frequency, and impact for each identified risk. For more information, see Learn how to assess the risk of AI systems (AWS blog post).
- Categorize the severity of each risk by using a standardized classification matrix.
- Prioritize mitigation efforts based on the risk scores and the organizational risk appetite.
- Document assumptions and limitations in a risk evaluation for future reassessment.
Risk treatment and monitoring
- Maintain an AI risk registry to document and identify AI-specific risks, associated controls, and mitigation mechanisms.
- Implement regular risk review cycles and update procedures to make sure that the risk registry remains current as AI systems evolve and new threats emerge.
- Implement continuous monitoring for key risk indicators, and establish thresholds and escalation pathways.

Regulatory compliance and controls

When it comes to regulatory compliance, organizations must consider requirements based on multiple overlapping regulatory domains. This includes the following:

AI-specific regulation – Organizations need to align with emerging AI-specific regulations, such as the EU AI Act and the NIST AI Risk Management Framework.
Data protection laws – Organizations that capture and use user data and interactions might need to maintain compliance with General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), or other privacy regulations.
Industry-specific requirements – Organizations might also need to address sector-specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare or the Australian Prudential Regulation Authority (APRA) for finance.
Cross-border consideration – Organizations might also need to navigate data sovereignty requirements when AI systems process information across international borders.

To address these compliance requirements, organizations should implement a comprehensive governance framework that includes the following:

Compliance monitoring – Implement compliance monitoring that tracks regulatory updates and applies relevant policies against the Generative AI application.
Standardized documentation – Have a standardize regulatory documentation process to conform to compliance requirements.
Data governance – Implement metadata tagging for training data to support provenance tracking, verifiable consent management and automated regulatory compliance assessments.
Data controls – Implement and enforce control policies for cross-border data and service utilization to address data sovereignty and regional AI governance frameworks requirements.
Regular compliance audits – Conduct periodic third-party evaluation of AI systems against current regulatory standards to identify potential compliance gaps before they become a regulatory violation.

Ethics and responsible AI

Beyond regulatory compliance and risk management, organizations that deploy generative AI systems need to consider the ethical implications. They must establish operational frameworks for responsible AI that translates principles into practice. Generative AI models create unique ethical challenges around fairness, transparency, and accountability. This requires specialized approaches beyond traditional software development requirements.

Bias detection and mitigation are crucial components of responsible AI implementation. Detection methods include: designing and implementing user feedback channels that specifically capture potential bias issues, deploying automated auditing tools that analyze model output for statistical evidence of bias, and implementing human-in-the-loop mechanisms that sample for bias issues. For mitigation, organizations should establish continuous monitoring systems with feedback loops for model refinement. They should also develop intervention and escalation protocols when bias is detected in production environments.

Human oversight is essential, particularly for high-impact or high-risk decisions. Implementing human-in-the-loop protocols for these scenarios provides an additional layer of scrutiny and decision-making.

A comprehensive, responsible AI framework should be implemented that considers core dimensions across the application. These dimensions include the following:

Fairness – Considering impact on different groups of stakeholders
Explainability – Understanding and evaluating system output
Privacy and security – Appropriately obtaining, using, and protecting data and model
Safety – Preventing harmful system output and misuse
Controllability – Having mechanisms to monitor and steer AI system behavior
Veracity and robustness – Achieving correct system outputs, even with unexpected or adversarial inputs
Governance – Incorporating best practices into the AI supply chain, including providers and deployers
Transparency – Enabling stakeholders to make informed choices about their engagement with an AI system

Robust safeguards that protect data privacy throughout the AI lifecycle are crucial. These include transparent consent mechanisms for data collection, deidentification and anonymization techniques, secure data-storage protocols, privacy-preserving training methods, runtime PII protection, user privacy controls, and continuous privacy monitoring systems.

Organizations should establish an ethics review board to evaluate edge cases and policy decisions. Transparent disclosure practices should be implemented to make sure that users understand when they are interacting with AI systems. Finally, explainability requirements should be addressed across different use cases and stakeholders. This helps you make sure that the AI system's decisions and outputs can be understood and interpreted by relevant parties.

Operational controls

Effective generative AI governance requires operational controls that translate policies into practice. To achieve this, organizations must establish end-to-end oversight mechanisms that provide continuous visibility while facilitating detection and remediation of compliance deviations. Consider the following types of operational controls:

Auditability – Maintain immutable records of the model version, training data, and configuration changes.
Logging and tracing – Establish logging and tracing capabilities that support audits. Maintain application lineage that includes the model, prompt, application version, and data.
Monitoring and alerting – Implement monitoring to provide oversight of the application's performance in production.
Incident response – Develop AI-specific procedures for addressing model failures, security breaches, or harmful outputs.
Remediation processes – Establish processes for addressing identified issues in production models.
Compliance mapping – Define governance requirements and map them to respective compliance requirements and controls.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Advanced operations

Maintenance and support