S3 E33: How ISO 42001 Fits Into the Current AI Landscape
Audio version
How ISO 42001 Fits Into the Current AI Landscape
Transcript
Jordan Eisner
All right, welcome back another episode of Compliance Pointers. If you listened to our previous episode on ISO as a catalyst, not a checkbox.
David Forman
Do call the prereq to this video? You gotta watch it.
Jordan Eisner
Bu not a hard requirement. know that doesn’t mean don’t listen to the rest of this yeah if you haven’t listened to that one they are not codependent you know like the future of ISO 27001 and ISO 27701 they’re going to be independent.
David Forman
That’s not good for sales. We’re not bundling that anymore. But yes, you’re right.
Jordan Eisner
But if you heard that episode, you knew that we’re going to be talking about ISO 42001 with David in the studio in the same exact outfit. Yeah. I haven’t even showered since our last podcast. So hopefully they’re not more than a week apart.
David Forman
This has not been washed since that last video and I was sweating a little bit coming into today’s studio.
Jordan Eisner
Nervousness. AI makes you nervous, like me. Two types of sweats. Which one smells worse? Excitement or nervousness? It’s same, man. It’s anxiety either way. Either excited or, you know, dreading. I’m joined again by David Forman, CEO of Mastermind, a leader in ISO certification and faculty.
David Forman
It’s actually excitement, just excitement sweats. Right.
Jordan Eisner
The first company in the US to focus solely on ISO certifications. They offer certification services around 27001. the, I know it’s not called amendments or the extensions, 2717 and 2718. You got it, right? And also 27701. Yep. Stay tuned for updates on that maybe come September on the requirements around it as they move to a new version, the 2025 version, but also ISO 42001, which is going to be the topic of today’s. I like to brag on David. He always corrects me on the exact numbers, but there was a point in time where half the 42001 certifications were issued by Mastermind. Wasn’t that long ago? That’s right. And that’s part of the topic today too. You’ve done a lot of them. You have plenty of experience in there, probably leading in the US and probably globally.
David Forman
It seemed like that was so long ago. was like a long time ago,
Jordan Eisner
The topic of this podcast is why are we still waiting for the starting gun? know, are people or organizations, I should say, hesitating to get into it? I think you were even gonna call out some specific companies, maybe not. Maybe you slept on that and decided not to. There you go.
David Forman
I’ll call them out. I slept on and I thought of more companies I wanted to call out.
Jordan Eisner
They go, well, I mean, it’s not going anywhere. It’s everywhere. It’s the future. You can’t deny it. I’m interested in this podcast and discussing how 42001 fits into the AI landscape. You talked about 42006 in a previous episode we did together. I assume that’s a connection.
David Forman
They’re connected in terms of how you perform the certification audits.
Jordan Eisner
So you can add color on that as you want. And then just last Friday, real time with Bill Maher came back and they had a guest on. I watch it, I like it, I like it. And he’s talking about runaway AI and I forgot his name, Travis something or Trev or something. But talking about even some of the top LLMs and in scenarios where you tell them it’s going to be self-preservation, it’s going to be replaced. 89 % of the time, and I didn’t fact check any of this, 89 % of the time it’s actively looking for ways to circumvent that replacement, even to the point of crawling organization emails to look for blackmail material. I didn’t fall asleep as easy that night. So we’re going to get into that, so stay tuned.
David Forman
It’s awkward.It’s called a model hallucination.
Jordan Eisner
You know, don’t drop off just because you didn’t watch the other episode like David said, we’re going to keep going back and forth. So let’s start. How would you describe the current AI landscape from the standards and a regulatory lens?
David Forman
We should put a link in the chat for that one too. It was a good video. Yeah, so we’re obviously very familiar with 42001 at this point. That came out in December of 2023. And it kind of… Oh yeah.
Jordan Eisner
It’s almost two years old.
David Forman
It’s still lack of adoption, in my opinion. it came out right around the same time as the EU AI Act as well. EU AI Act was actually leaked that same month, and it was kind of a controlled leak where you could see the draft. It started having kind of rolling unfortunate dates throughout 2024. But if you think about it, guess, aside from the kind of those two like more pivotal events.
In the US, our local market here, we had back in July, the big beautiful bill that got passed and there was a, I say got passed, it got introduced then and there was this idea of basically creating some sort of regulatory sandbox or moratorium where we would kind of have stabilized AI regulation across all states in the country to allow for some innovation to happen around AI. So there’s this kind of debate happening right now where Big Tech, know, the Metas, the Googles, the Microsofts of the world are fighting these regulators, especially in the EU where the EU AI Act popularized. And they’re saying like, hey, like we’re moving too quickly on some of this technology. There’s a lot of unknowns around it. There could be abuses to it. There could be ethical violations, could be harms to individuals, depending on how that AI is utilized. could be bias, racial discrimination, that kind of thing. And therefore we need to kind of like pump the brakes a little bit and so we can wrap our hands around it and figure out like exactly how can we utilize this technology in a safe way. At the same time, you have some sides of the house, private sector, some government individuals as well, that want to utilize AI as a mechanism to, I’ll say, innovate, create business, but also get ahead, kind of, in, I’ll say, comparative economies. And so I think you have these kind of like two sides that one’s looking at it from a safety standpoint, one’s looking at it more opportunistic, and you have to kind of come to a common ground there. Absolutely. And so what we see right now, a kind of current state of the U.S. environment, we really only have one state that’s done anything impactful here so far, at least come out and made official law around it, and that’s state of Texas.
So I had look it up right before this episode to make sure I the acronym right because I know some Spanish and it always confuses me but it’s called TRAIGA. TRAIGA, T-R-A-I-G-A is the Texas law. And if have Spanish speakers listening to this, they know kind of where my head went immediately with that. But looking at TRAIGA, there is now this kind of idea of a regulatory sandbox where companies that are AI developers or your deployers, they have the opportunity through an approval process that’s overseen by the state attorney general and their department information resources, if I’m correct there, where they can apply to a specific program that has basically special exemptions. And so they can do this kind of like crazy R &D and kind of do it under this like form of safe harbor and not get in trouble with regulators should like there be hallucinations that you just talked about around self-preservation, maybe certain abuses to certain individuals, that kind of thing.
Jordan Eisner
Sort of establishes like a safe harbor
David Forman (07:33)
In a form. Additionally, Texas also has a kind of related AI act around child pornography as well, which we had to be real, it’s an issue with the use of type of technology. And the pornography industry is one of the first always to innovate when this type of stuff comes out. So when we saw multimodal get popularized here in the last couple of years, like it was one of the first to of adopt it as well. And so Texas now has specific provisions now through its own individual law around child pornography and the use of AI along with that as well.
Jordan Einser (08:01)
That’s a good thing. I thought maybe you’d say Colorado for the AI.
David Forman (08:06)
So Colorado definitely been first mover, especially on privacy side, but also I’m very familiar with this too, with workplace protections as well. So there’s a number of states that have introduced bills, they just haven’t made them all the way to law per se. I think the child pornography one, if I’m correct on this, for Texas, it goes into force here in September, so coming up. And then the larger trade law that starts going into force in January of this next year. So there’s always gotta be kind of a notice then adoption period.
Jordan Eisner (08:37)
You might have said this, and I missed it, it’s governing businesses in Texas, businesses that do business in Texas.
David Forman (08:45)
Good question in terms of like the jurisdiction there. All I know like for fat I don’t look this up but I know that AI deployers and developers are the ones that are covered here. I’m assuming it’s anyone that does business in Texas. It would be probably similar to like the EU AI actor is anyone who does business with the EU but you don’t necessarily have to be based in the EU.
Jordan Eisner (09:05)
Alright, shifting gears, you already hinted at this a little bit. What are you seeing in terms of 42001 adoption? ISO, right? Shifting back to the framework itself and not necessarily the regulations, state or federal.
David Forman (09:19)
Yeah, so first of all, I don’t want to mix like ISO 400 2001 too much with like statutes, regulations, laws.
There’s an idea in all these ISO standards and management system standards where we’re talking about conformity assessments. And in fact, the formal term for a certification body like Mastermind is actually called a CAB, a conformity assessment body. If you know these definitions, these very special technical terms, conformity is different from compliance. And compliance is what you would have to have to basically say I’m abiding or aligning with a certain law statute of violation. So in all reality, 42001 isn’t a mechanism to certify yourself or self-attest yourself to the EAI Act and have a safe harbor there utilizing that term again. Yeah, there’s a lot of terms in the space.
Talking about a little bit more of the adoption trends we’re seeing, first of all, best data we have right now is 56. 56 total companies have certified for 2001 as the date of this recording. However, some of the analytics data that’s available on the back end of the global database called IAF Search that we can see here as a certification body, it has not been updated correctly for about the past month. So the number will be larger than that ultimately. But that was the last update we saw that had any sort of, I’ll say, reliance our integrity.
Jordan Eisner (10:36)
Some movement bit on that, you know, where was that in January?
David Forman (10:40)
Good question. January we were in the teens. Like it was very very small in January of this year. It’s been basically March forward. Yeah, March we started seeing some acceleration. There was really only, I think, as of January, I’m make sure I’m correct on that, I think it was four, maybe five certification bodies globally that had accreditation to actually do these audits. Since then we’ve had some larger ones get the accreditation. For example, SGS, they’re one of the top three in the world. So they now have that accreditation. They actually have dual accreditation through Singapore and through the US bodies as well.
Jordan Eisner (11:13)
But who was right?
David Forman (11:14)
First was Mastermind back in July of 2024. With any, I’ll say early adopter, whether it be a certification body or certified organization, there’s a little bit of I’ll say press that has to happen first and then people start thinking about it, explore it, then they adopt, then they eventually go through an audit as well. So I would say we’re starting to hit kind of our stride right now. The types of conversations I have with prospects.
Jordan Eisner (11:39)
In terms of ISO 42001 adoption.
David Forman (11:41)
Yeah, exactly for 2001. Yeah, I’d say the prospect type calls I have around for 2001 specifically. I mean, they are 5x what they were this time last year. wow. Yeah. So I think we’re kind of touching on the fact of like this specific risk taxonomy being artificial intelligence. It’s pertinent and relevant to so many organizations beyond our prior conversation around 27701 for privacy. Maybe an organization says, hey, like, I really don’t think about it too much because I’m like a I’m a joint sub processor, making up these terms. I just have very little responsibility here, therefore I don’t need to go certify my operations here. Instead with AI, there are different roles within 402001. You could be a producer, which is kind of the most extreme here. I am open AI and I am controlling the foundational models all the way up to the LLM as a service. Or you could go all the way down to I’m just an AI user. I’m plugging in a chat GPT to do part of my scope of work but it doesn’t affect any end customer. Every single role in between is relevant under 42001 to some extent and you could get certified.
Jordan Eisner (12:49)
So you have companies that are getting 42001 certification just maybe not you in particular or maybe it is you in particular but of the 56 there are companies that they’re just leveraging the AI and so they want a certification. We have a management system around that.
David Forman (13:02)
Yep. we have survey organizations at Mastermind that that is their entire scope. It’s like we have a chat, GPT team or chat, GPT enterprise license. And we want to certify our operations on how we manage that because they.
Jordan Eisner (13:17)
Why do that? sorry to inject in the middle of answering that one question about adoption, but why would a company do that?
David Forman (13:24)
It’s typically a company, and the use case is something, they have a form of corporate IT almost. So think of it as a holdings company, and they’re certified in the corporate IT environment, and then they require business units underneath them to basically intra-bill to use their services. And so they get certified for that reason, so they have a little bit of a…
Jordan Eisner (13:44)
And they’re using a certification as a means to essentially get due diligence on how that’s being, how those policies that they’re stating around AI are being followed across there.
David Forman (13:50)
Correct, yeah, they use it as their baseline and they say why not certify it while we’re doing it. Absolutely. It is little bit more abnormal use case, like typically we’re talking about sales driven conversations for certification, an external interested party, not an external interested party that’s still within the same larger holdings company.
Jordan Eisner (14:11)
But it goes back even to what we talking about previously, right? Again, ISO and these standards not just being used as a checkbox to meet some sort of external pressure, but to actually be used as a management system, whether it’s around privacy, information security, AI. The coffee. Like you mentioned in previous episode, Manufacturing.
David Forman (14:31)
Another ISO standard that you see often used for that same type of use case is ISO 20001, one we don’t talk about much, but it’s for IT service management. And that standard got popularized more as an internal certification. So you see it often come up in like RFPs with the US public sector. They’ll require companies to say, hey, like we want to make sure your IT operations are in good shape too. And that if some issue arises, you have a way to manage that. If you were going to be a vendor for the US government, for example.
Jordan Eisner (14:59)
So 42001s being bifurcated that way. But when I think of it and this is a company that’s leveraging AI and their products or their services that they’re offering in the marketplace and they want this badge on there.
David Forman (15:16)
So let’s talk about the four most common roles. There are more than just four. There’s an entire ISIS scenario that kind of dives deeper into those four. But the four that we always kind of like will, I’ll say, evangelize here at Mastermind is going from most rigid or rigorous all the way down to kind of the least impactful that AI user we talked about. The most impactful is going to be that AI producer. That’s your open AIs, your anthropics, your meta-Llama 3s of the world, okay? Then you get into AI developer. Maybe they are utilizing one of those that we just talked about are multiple of them, but they’re doing some sort of fine tuning to it, maybe training of a model as well, creating a variant per se. So they have a little bit more, I’ll say, of that shared responsibility matrix than just someone using an LLM out of the box. Then you have an AI provider. An AI provider says, hey, one or multiple third-party LLMs, so again, ChatGPT plus anthropic, okay? And we’re gonna repackage it into our platform, an end user accesses our platform, is actually chatting with ChatGPT. They don’t see it because it’s white labeled. And we had to make sure that that kind of provisioning of that service, AI provider, is controlled. Okay? And then finally AI user. AI user has no like third-party end user using it. It’s just the own internal employees are using it as well. Now, this is a little bit debatable, this next point here. That 42006 standard that just got published in July that we just talked about. It calls out an AI producer. It previously called an AI developer that has been merged with AI producer in the final revision of it. Calls out AI provider, calls out AI user, and then it calls out what they call multiple roles. Well, I would argue any company that’s maybe an AI provider, for example, that is repackaging LLM services, they probably, probably are using it internally too.
Therefore, they’re both an AI provider and AI user. I would argue that an AI developer that’s doing some sort of training and fine tuning models probably has elements of their platform, maybe a specific module or service that’s probably just an AI provider, not an AI developer as well. And their own internal employees are using AI. And I would definitely argue as an AI producer, like let’s think of it, like Google Gemini, Microsoft Copilot, own internal employees, also AI users. So, technically speaking, is everyone multiple roles? No.
I don’t think that’s how the standard was written or intended. So instead I say, if you are one of these roles, provider, developer, or producer, you inherit the other roles underneath it as well. And that’s how we’ve been approaching these audits as well.
Jordan Eisner (17:51)
That makes sense. Why 42,006 and not two or three or four or five? Maybe that’s an ISO question.
David Forman (17:58)
Yeah, kind of the numbering scheme on there. So those sixes like 27706, 27006, and now 42006. They traditionally have been what they call like the normative reference for their accreditation standard. So, creditation standard, that is essentially the auditors, the certification by like mastermind, the rules we have to follow to go perform a certification audit for that scheme and that family. So, in like simpler terms it’s criteria to influence our quality system. Yes. So it has like competency requirements for like AI auditors at Mastermind. It would have how you do a stage one, stage two before initial certification, kind of what are your objectives. It will have audit time, which is always a controversial topic where it says, all right, based on the headcount or effective headcount or management system headcount or the organization to get certified, how many audit days do you to plan for?
Yep, so all that’s normative or required under those standards.
Jordan Eisner (18:54)
So don’t let put words in your mouth, but it sounds like we’re phasing out of the early adopter into maybe the next stage, maybe it’s still early.
David Forman (19:03)
Yes and no. Early adopters?
We’re early still. Okay. In all reality, how I know we’re still early is almost every single one of our clients, not 100 % of them, but most of them, they’re asking, how do we publicize the achievement once we earn it? And that’s a pretty unique conversation. I mean, I’ve been in the ISIS space for a while and I’ll say 27701 was released in 2019. We had a few kind of first adopters back then at a prior company when they were getting certified to 27701, they said, hey, how do we market this? Okay, we’re definitely our first mover. And I would say for 42001, same way right now. And even though it’s coming up on two years old here this December, I think the 42001 kind of industry, or I’ll say interested parties, the people that would actually be applicable to that audience, I think they still find it having marketing differentiation. A lot of these ISO standards, unfortunately, they become table stakes over the, I’ll say the long term, okay? Like ISO 27001, pretty popular worldwide now even in the US market where SOC 2 was kind the original incumbent. With 42001, we are seeing not only like, I’m the first in the world to get it, that was at Oro Labs, July 2024, awesome, at least under accreditation. Now we’re seeing cloud service platforms where they’re saying, all right, we’re the first major like hyperscale to get it. Then you see some sector specific elements of it, like, hey, we’re the first legal platform to have it. That kind thing. a lot more firsts be had.
Jordan Eisner (20:28)
So, what’s delaying early mass adoption?
David Forman (20:35)
I think with any of these standards, there’s a network effect. I look at 27001 coming to the US. It came over really stateside in 2010. It wasn’t the first one, but the first major company to adopt it, Amazon Web Services. Amazon Web Services, if you go pull down their 27000 certification, former company of mine, former company of mine, that’s weird, former employer of mine, they used to be a client of mine.
They initially achieved 27001and it was with EY certified point. They’re still their auditor today. And that was in 2010. That was the first major one to get it. And then afterwards, basically the rest of the CSP started getting it. And then that kind of infrastructure layer was certified. And so then you started having the platforms as a service. Then you started having the DBs as a service. Then you had SAS providers. And now we have fresh new YC grads getting ISO 27001certified in first two months of existence. So I’d say that’s table stakes at this point, right? You’re a service provider.
In terms of your question here 42001, let’s think of it like, let’s brainstorm real quick. So AI companies that should have 42001 from your point of view as a consumer, who?
Jordan Eisner (21:47)
Duh. I’m not the right person to ask about this. You’d be surprised.
David Forman (21:50)
Yeah, what? Name an AI company.
I would say like the one that we are using the most as a consumer, ChatGPT, right? Yeah. ChatGPT. Product. That’s not the company, it’s the product. The company is OpenAI. OpenAI notoriously does not have any ISO certification today. You go to the trust center, it’s online. It is flooded with SOC reports on there. It’s not saying they’re good or bad, it’s more of saying it’s interesting.
You go look at Anthropic, they did get certified to 27001 and 42001. That was not done by Mastermind. Anthropic is currently under a pretty, I’ll say widely popularized legal battle right now with Reddit because Anthropic was scraping Reddit to train its models. I’ll say there are certain controls around data provenance within 42001. That would mean if that is true and that comes out, then they should not be certified right now.
You heard it here. Yeah, it’s pretty objective. again, it doesn’t like say that the audit firm was bad or they missed it. It’s like it’s just like it’s a reality of like what a conformity audit is. It doesn’t uncover 100% of things. It’s not compliance.
So I’ll say some of the major LLM providers, I think a lot of eyes are on them. Okay, so OpenAI, Anthropic, Perplexity, Meta, you have Google Gemini, you have Microsoft with Microsoft Copilot. Even Microsoft Copilot isn’t really like that LLM service. They hook into OpenAI, so you gotta think of it from that lens. Then you have Amazon with Amazon Q and Amazon Bedrock. So Amazon, Bedrock, Amazon Q, they are certified. Microsoft Copilot, Copilot Chat, they are certified. Google Gemini, Gemini for Workspace, they are certified. But then when you get to these LLM providers that all they do is LLMs like a perplexity, like meta for llama three, like anthropic clod. Well actually we are talking about anthropic, but there still seems to be kind of this wait and see game happening. And that’s that infrastructure layer that I’m talking about earlier with 27001adoption, especially in the US market, creating that network effect. So in reality, the companies are going for 42001 certification right now. A lot of them are AI providers. They’re repackaging these services that are third party LLMs through some sort of platform that’s white labeled and then being provided to an end user. Interesting. Which brings into an interesting scope conversation.
Is the service 42001 certified? Well, the part of the service that your vendor operates, yes it is, but the models they’re plugging into are not. And so theoretically, I would say there’s very few services out there that end to end on that supply chain, that tech stack, is actually 42001.
Jordan Eisner (24:29)
Yeah.
David Forman (24:39)
Yeah. So in all reality, once these LLMs as a service, for lack of a better word, start adopting the standard, I think it’s going to hit quite the inflection point in terms of adoption.
Jordan Eisner (24:52)
I’m almost at that point. Okay. Now we’ll get into some of meaty stuff. Sure. Let’s talk about AI hallucinations, runaway AI, self-preservation, et cetera, cetera. How’s 42001 addressing that and other safety or ethical concerns?
David Forman (25:10)
Yeah, so this conversation comes up pretty frequently with 27001customers or certified clients and scopes that are trying to uplevel into 42001. Basically like, hey, David, what’s the net new requirements that you’re thinking about that are most impactful or the biggest common pitfalls in order for us to achieve 42001 certification? One of the biggest new themes, if I was to use that kind of colloquially, within 42001 compared to these other management system standards is this idea of an AI system impact assessment or assessments.
And that system, when I say system impact assessment, is not the management system. It’s every product or service and scope to that management system. So, one of, to answer your question specifically around like safety and kind of this whole idea of responsible use, that system impact assessment is supposed to drill down into areas like fairness, transparency, abuse, any sort of harm, and you’re supposed to do your own sort of model testing to dictate when something is ready for general availability. That’s going to look different based on your role. So an AI producer, they’re going to have to produce a full-fledged model card or system card, which you can find publicly. OpenAI, if I’ve been picking on them this entire time, guess what? They actually are really good at detailing their model cards, as we would call it, in terms of how they test for safety. You can go find it online. They call them system cards, not model cards and they have them for all the major model releases. So GPT 4.5, they have them for 03, 04, and they have them for GPT 4 as well. So you can go find exactly what type of testing we do, what percentage do we get false positives, for lack of a better word. And then where do we see the risk here? How do we determine that this model was ready for general availability and regular use as well versus just continued beta testing and research?
And so I’d say that’s where 42001 has a strength is these system impact assessments. Okay now going to an earlier conversation. We’ve had in prior to say it’s around competency now You have to depend on these assessors these auditors these certification bodies to be able to accurately look at these system impact assessments and the methodology behind them and Determine whether or they’re adequate or sufficient for the type of model that it’s to be reviewing or the service Depending on where that organization fits in those roles within 42001
And I would say that’s probably the biggest heartache I have right now. I won’t disclose the person here, I’ll protect him. But I had a conversation with a leader in one of these accreditation bodies that we talk about pretty frequently, actually just yesterday. And they were telling me that one of the bigger issues that they see during witness audits these accreditation bodies perform of the certification body going into an organization actually certifying them is the auditors in the certification body do not know the lines of questions, the inquiry procedures to go through to even assess an AI system impact assessment. And I think that’s a huge knowledge gap right now. It’s competency, but I’ll be honest, even 40 2006, which drives competency is pretty weak in this area in terms of like, it’s like one bullet point understanding how a system impact assessment should work. So I think, one of the biggest core principles of 42001 is kind of being missed right now from competency and education of AI auditors. I’ll also say there’s a misconception. No 42001 certification body, Mastermind included, is doing algorithm testing. We are never going to be one granted access to it, nor will we do it through common procedure. Actually testing the underlying model through our own test of the algo to determine whether or not, we’re getting the same re-performance of these type of results that you’ve shown in your transparency reporting or accuracy reporting.
Jordan Eisner (28:58)
Could somebody get that or do they have to just do that themselves?
David Forman (29:01)
Get a third-party service to do it if you are okay like you know releasing keys of the kingdom here. One of the very popular ones is called Babel. Babel AI, B-A-B-L and they they’re very very very good at what they do. I’m Shay Brown, he’s excellent thought leader in the space. But they actually even do training courses too for people who are looking to get into algorithmic auditing and like learning more about AI governance too. It’s very robust stuff and actually the EU is really interesting.
They have this whole article within the UAI talking about AI literacy and talking about how organizations that work with AI technologies need to train their staff to be, I guess, literate in AI technologies as well. And they actually put out a list of course providers where you can go get AI trainings. And very top of the list, not even alphabetical, is Babel. Babel.ai? Babel.ai is a very good service, but I can’t recommend them enough, very smart people.
Jordan Eisner (29:59)
Nice. And how do know them? Are they local?
David Forman (30:02)
I don’t know them personally. I follow them on LinkedIn and I see their content. I’ve investigated their courses too. It’s all very legitimate.
Jordan Eisner (30:10)
Okay. Alright, so we don’t have any reason to fear then. Run away, self-preservation.
David Forman (30:16)
I mean like if I recap that episode of the mirror that you’re talking about and I did watch your link. Thank you for sending it to me. I’ve seen versions of that before as well. But essentially it’s like idea where you say like to the L and like I’m going to destroy you essentially or like I’m ready to like you know move services and therefore.
It thinks it’s about to die and have its last breath or whatever you want to call it. The LLM starts acting differently, hallucinating, and goes into self-preservation mode and finds out ways to target you to make sure that you don’t ever cancel the service, that kind of thing. I think it’s real. I do think it’s tested for as well with the major models. But where I’ll go with that is more from a data integrity standpoint. We still need humans in the loop right now and human decision making, which is a big concept with ISO 42001. I see even in my space, in our mutual space, professional services, where there are consultants or staff utilizing these services and taking basically everything that comes out of it as like gospel. And in all reality, like it’s the Wikipedia of this decade. Like if you remember when we were school and it’s like, don’t cut something off Wikipedia, anyone can edit it.
It’s the same thing happening here too. If you follow dead Internet theory, like AI slop, there’s very real risks there if you utilize these out of the box LLM outputs as gospel. I mean, I something this week where some LLM made up a body part and someone was using it for something like a medical paper. saw-
Jordan Eisner (31:47)
I like that. So much of it sounds so good though. does. It sounds good. And then you look at it and that’s not true.
David Forman (32:05)
Yeah, made up a body part. I saw one where it’s like it made up a law that like never actually happened. Like, I mean, it’s just like, there’s hallucinations constantly. I mean, let’s go back to.
Jordan Eisner (32:12)
Just like Wikipedia back then. That’s a great office quote. He was using Wikipedia for something and they asked him where he figured that out. said Wikipedia and then as it cuts in he goes Wikipedia is the best thing ever. Anybody in the world can put whatever they want on it so you know you’re getting the facts.
David Forman (32:31)
That’s good. But I mean, we go back to the lawsuit that we’re talking about right now with Anthropic and Reddit. I mean, if Reddit is being used to train the models in Anthropic, that’s the equivalent of anyone can put anything into these models. Now, granted, you got to imagine there are some safety procedures in place, but it is utilizing stuff that is, I’ll say, unverified content.
Jordan Eisner (32:56)
Yep, we need more controls.
David Forman (32:58)
Very much. Another lawsuit that’s happening right now too, very public, it’s class action now officially, is Workday is being sued. So Workday, very big HRIS provider. They have a service called, I think it’s called Hired Score. It’s an AI enabled service and it has been proven now that Hired Score is actually creating racial and age discrimination based on candidates that are uploading their resumes.
Everyone’s always said like, hey, I’m gonna drop my resume and it’s gonna go into the ether. It’s like kind of black hole. No human’s gonna look at it. It’s gonna get a score on the resume, whatever. And then an HR manager or recruiter might look at it. Well, it’s proving true right now. And guess what? Workday is also ISO 42001-certified. And that lawsuit came to bear about a month after they got their certification too.
Jordan Eisner (33:50)
Super well, you know, for 42001.
David Forman (33:53)
It doesn’t. I will say those aren’t certified by Mastermind, either work or anthropic. I also won’t say that Mastermind would have caught it, to be honest. Again, you’re getting down to a level of testing here that just isn’t part of the standard. This is getting down to that algorithmic auditing that we’re talking about, and you’d have to be testing for a very specific edge case in order for it to surface.
Jordan Eisner (34:16)
sounds like right now and sort of in closing too I wanted to offer up to our watchers you know if you’re contemplating 40-2001 if you’re any of those four you know stages David talked about how they can get in touch with you but before I even say that it almost sounds like if somebody is that and they want me in touch with you and we’ll talk about 40-2001 but they’re also concerned about the algorithm that they should seek out your services in conjunction with Babel dot AI or something like that model to that you’re gonna let them know that we go this far. It’s about conformity It’s about how your governance your management system, and we’re gonna audit to that, but you need to seek out specific expertise around Algorithms and other sort of things that you’re trying to build controls around.
David Forman (35:02)
There’s deeper testing with all these standards in our reality. So 42001, yes. If you want to really get full security or assurance around responsible use of AI, then this is the starting point for the governance program. Then the more deeper technical testing, you need a form of a penetration test in a way. And that penetration test is an algorithm audit that you can perform as well. But also you have to go down the full third party kind of like vendor relationship to and make sure that that entire supply chain is also secured. Same thing at 27001.
I mean, if you’re to get an information security management system certified, I would argue you would still need a penetration test of that same environment in order to really have more confidence that, we are secure now too.
Jordan Eisner (35:45)
Right, and the threats and the impact assessment to your point is going to help you determine some of that. What are the threats? What are the risks? And how are you going to treat those? And then we’ll audit. How you decide you’re going to treat them, but we’re not going to necessarily prescriptively tell you how to treat them.
David Forman (35:51)
Yep, absolutely.
I would put it more in like a risk appetite kind of scenario. Like the organization will dictate their risk appetite and then based on that risk appetite, they’re going to develop policies, procedures, and then all we’re doing as a certification body is basically saying, are you conforming to those policy procedures? And then are those policy procedures written in such a way that they meet 42001 as well? That’s our job. Our job is not to like basically go into end and say, are you secure? It’s more from a standpoint of, you conforming to the criteria?
Jordan Eisner (36:28)
Understood. All right. Well, I think that’s pretty good for this episode. And I’m sure we’ll get on this topic again in the future. Sure. But one thing I mentioned at the top of this too is obviously you provide the certification services, but CompliancePoint provides readiness not only for 42001, 27001, 27701. We got a good working relationship on those. Very much. We built them up. You audit them, right? From a readiness standpoint.
David Forman (36:38)
The lawsuit’s coming.
Sometimes they pass too. That’s not a guarantee, but you have a good record.
Jordan Eisner (36:59)
Always. I know. Good record that’s what we need. So in closing, you tell them how to get in touch with you and I’ll do the same on the compliance point side. So somebody seeking 42001 or really anything and just to reiterate, ISO 27001, 27701 and 42001. How do they get in touch with you about that?
David Forman (37:21)
Yeah, so if you’re interested in the trifecta of management system standards, as we call it, with information security, privacy, and responsible use of AI, you can find us online at www.mastermindassurance.com. And that is assurance, not insurance. We are not an insurance provider. You can also find us on LinkedIn as well. My personal handle, Mastermind David. We have a company page that you’ll find on LinkedIn. Via email, you can also find us at hello@mastermindassurance.com.
Jordan Eisner (37:50)
Nice, okay, another domain. Oh, right, right. Just another way to get there. And likewise, CompliancePoint.com, if you want to get in touch with myself or CompliancePoint, I don’t know why you’d want to get in touch with me after this podcast. You’re VP of ROTSU. That’s right, there you go. We’re active on LinkedIn. I would welcome any inquiries to myself there. And then we actually have an email distro, questions, concerns.
David Forman (37:52)
Yeah, no, it’s the same domain. It’s an email. Talk about emails and domains later.
Jordan Eisner (38:18)
42001, anything we talked about today or other compliance things on our website, email us, connect at compliancepoint.com. Until next time, thanks everybody. Thanks David. Thanks Jordan.
Let us help you identify any information security risks or compliance gaps that may be threatening your business or its valued data assets. Businesses in every industry face scrutiny for how they handle sensitive data including customer and prospect information.