Balancing innovation and data security is vital for enterprises

Balakrishnan Kavikkal, CEO and co-founder of Autonom8 illuminates the integration of GenAI into the LCNC domain, setting new benchmarks for innovation, security, and efficiency in enterprise automation.

Integrating Generative Artificial Intelligence (GenAI) with Low-Code/No-Code (LCNC) platforms heralds a new era in software development, promising to minimize coding complexity and enhance business operational agility. This fusion aims to streamline enterprise automation, allowing for rapid deployment of customized processes and enhancing conversational interfaces. Amidst the benefits, it also raises crucial data privacy and security considerations, particularly in sensitive sectors.

Ensuring the safety of user data and maintaining compliance with regulatory standards is paramount, with strategies like data redaction, encryption, and rigorous API security measures in place. Understanding the balance between technological advancements and security implications becomes crucial as organizations navigate this innovative landscape.

In an insightful Q&A with Nisha Sharma, Principal Correspondent at CIO&Leader, Balakrishnan Kavikkal, CEO and co-founder of Autonom8, shares his perspectives on the challenges and opportunities presented by GenAI integration in LCNC platforms.

Balakrishnan Kavikkal

CEO and Co-Founder


CIO&Leader: Autonom8 is recognized as the world’s first GenAI-integrated LCNC platform. Can you share the journey and inspiration behind incorporating Generative AI into your platform?

Balakrishnan Kavikkal: We had two objectives when we started working with LLM models over two years ago. One was to reduce the amount of code needed to write (basically, to move further from Low-Code to No-Code), and the second was to augment our Conversational channels with GenAI integration.

Our target customers are mid-to-large enterprises. These enterprises have unique processes and several internal systems (CRM, ERP, Core). For any automation solution to work impactfully, it needs to be integrated with these systems and should be able to roll out its bespoke processes. With GenAI integration, these customizations can be done easily—with the co-pilot capability.

CIO&Leader: Speed and flexibility are highlighted as crucial USPs of Autonom8, along with the cost-effective utilization of Generative AI. How do these elements translate into tangible benefits for your clients?

Balakrishnan Kavikkal: Software projects/implementations are notorious for two things.  The time it takes for an application to go live and the flexibility to easily make changes as your business requirements change.  This is true even in Product implementations, as the process takes months and years.  In our current times, we believe that customers need speed (the ability to go live quickly) and the flexibility to make changes as the business demands change.  This is the Autonom8 value proposition.  IT teams can respond to business needs faster, and customers can get significantly better ROI.

CIO&Leader: With the increasing focus on data privacy and security, how do you ensure the security and compliance of its platform, especially when handling sensitive information in the BFSI sector? 

Balakrishnan Kavikkal: You are right.  This is a critical issue.  To protect user PII, we use various techniques such as redaction, encryption, and substitution (details below). 

From a compliance perspective, our SaaS platform offers many data sovereignty, encryption, and protection choices. The low-code platform enables rapid response to regulatory changes.

Additionally, for LLMs, we configure the platform to limit scope, creativity, and grounding (via dynamic prompts) to minimize misinformation.

CIO&Leader: Generative AI introduces new security risks, including data poisoning and adversarial attacks. What best practices should organizations follow to protect their AI models and sensitive data?

Balakrishnan Kavikkal: Model integrity can be protected with many of the same approaches as other IPs, such as code is protected. These include reviews, testing with different data types, data validation (e.g., not training on data with unknown provenance), etc. For training or fine-tuning, approaches such as regularization, MoE, over/under-sampling, etc., produce more resilient models. Finally, when deployed, models should be continuously monitored with reliable versioning & rollback strategies in place.

CIO&Leader: What advanced security measures and technologies are essential for industries handling sensitive information, such as BFSI, to protect customer data from breaches and unauthorized access?

Balakrishnan Kavikkal: We use three broad approaches to protect sensitive user information:

  1. Redaction: Sensitive information (alphanumeric or image) is masked or redacted. This can also be supplemented with anonymization and differential privacy techniques.
  2. Encryption: If the data needs to be communicated to the model and cannot be redacted, we can use encryption to transmit the data without in-flight risk
  3. Substitution: In some instances, e.g., for proper nouns, names can be substituted so that the connection between PII and other data, e.g., bank balance, is not divulged

CIO&Leader: As companies increasingly rely on third-party services and APIs, what practices should be in place to assess and mitigate the security risks posed by these external entities?

Balakrishnan Kavikkal: The critical risks from third-party services include misinformation, response flooding, and misuse. In addition to vetting and auditing vendors, contractual provisions, and proper authentication and encryption, the following techniques will help mitigate security risks.

  • Input Validation and Sanitization: Prevents common vulnerabilities like SQL injection, cross-site scripting (XSS), and command injection attacks.
  • Rate Limiting and Throttling: Control the volume of requests to prevent abuse DoS attacks and maintain performance.
  • Monitor API Usage and Performance: Detect anomalies in request volume, payload size, request sources, response time, error rate, etc., and trigger remedial action.
  • Patch Management: Deploy security patches and updates released by the API providers. Review their documentation regularly and subscribe to security advisories or notifications to promptly address any security vulnerabilities.
  • Data Minimization: Keep payloads lean to improve performance and reduce data exposure
  • Failover: Implement fallback mechanisms or alternative solutions if the third-party API becomes unavailable.
Share on

Leave a Reply

Your email address will not be published. Required fields are marked *