Luca De Candia
Toward AI Security Framework for Enterprise Generative AI Systems.
Rel. Andrea Atzeni. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2025
| Abstract: |
This thesis develops a comprehensive security framework for enterprise generative AI (GenAI) systems, addressing the critical gap between rapid AI adoption and adequate security measures in organizational environments. Traditional cybersecurity approaches prove inadequate against AI-specific threats such as prompt injection, model extraction, and training data poisoning. This research establishes the unique security challenges posed by AI systems, which function simultaneously as offensive tools, defensive tools, and vulnerable targets requiring specialized protection approaches. The core contribution is a quantitative risk mitigation framework that provides a list of structured controls for GenAI security across 3 main dimensions (Lifecycle Stage, Control Scope and Deployment Model) introducing an innovative architectural filtering mechanism that ensures control applicability across diverse deployment scenarios, recognizing that security responsibilities vary significantly between different GenAI implementation approaches. This framework incorporates technical, procedural, and policy controls into a unified methodology, mapping security controls to OWASP Top 10 LLM vulnerabilities through a numerical scoring methodology that enables organizations to calculate risk mitigation percentages and optimize control selection based on their specific architectural contexts. The framework's design emphasizes evolutionary capability, with ongoing development of modules for emerging AI paradigms such as Agentic AI systems. This approach ensures continued relevance as AI technology advances beyond current large language model architectures, providing organizations with a sustainable foundation for managing GenAI security risks as the technology landscape evolves. |
|---|---|
| Relatori: | Andrea Atzeni |
| Anno accademico: | 2024/25 |
| Tipo di pubblicazione: | Elettronica |
| Numero di pagine: | 80 |
| Informazioni aggiuntive: | Tesi secretata. Fulltext non presente |
| Soggetti: | |
| Corso di laurea: | Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering) |
| Classe di laurea: | Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA |
| Aziende collaboratrici: | DELOITTE RISK ADVISORY S.R.L. S.B. |
| URI: | http://webthesis.biblio.polito.it/id/eprint/36371 |
 |
Modifica (riservato agli operatori) |
Licenza Creative Commons - Attribuzione 3.0 Italia