2025
Leave a comment
Innovation, Leadership, Technology

What I Learned Spending Weeks Researching Innovation Frameworks

I went down a rabbit hole trying to find the “right” innovation framework. Turns out most of what I believed about innovation was completely wrong.

I spent weeks studying MIT iTeams (for breakthrough tech exploration), Cascading Tree (for strategic alignment), GInI (for systematic enterprise innovation), and Scott Berkun’s The Myths of Innovation. Each framework works in different situations, but none is a silver bullet. And Bell Labs’ history taught me something crucial: pursuing an idea takes fourteen times as much effort as having it.

The biggest lesson? I was waiting for the perfect framework before starting, doing exactly what Berkun warns against. Looking for some system that would remove all uncertainty before I began.

Turns out innovation frameworks are useful tools when matched to the right situation and cultural context. But they can’t replace the courage to start imperfectly, the persistence to keep going, and the genuine curiosity to explore problems worth solving.

[Read the full post on Substack โ†’]

Includes a free info-graph with practical scenarios for each framework, diagnostic questions to assess organizational readiness, warning signs of when frameworks fail, and actionable first steps you can try this week.

Tagged , , , , , , , , , ,
2025
Leave a comment
Artificial Intelligence, Info Security

Navigating AI Governance: Essential Frameworks & Principles (Part 2)

Following up on my previous post about foundational AI concepts, I’m back with Part 2 of my AI learning journey!

While Part 1 covered how AI works, this post tackles how we can use AI responsibly. A crucial side of AI goes beyond the technical aspects into: governance, ethics, risk management, and ensuring AI benefits everyone.

AI Generated

My AI Governance Notes

I’m sharing my notes below to help others navigate AI governance. These break down complex frameworks into digestible insights.

Note: These are personal notes, not comprehensive guides. Use them as a starting point for understanding responsible AI practices.

Key takeaway: AI governance isn’t about slowing innovation. It’s about ensuring innovation benefits everyone.

Frameworks, Standards, & More

  1. EU AI ACT (risk-based approach)
    • Risk Categories
      • Prohibited: Social scoring, subliminal manipulation, real-time biometric ID
      • High-Risk: Biometric systems, employment, education, law enforcement, healthcare
        • Requirements:
          • Risk management systems
          • Data governance & quality
          • Technical documentation
          • Human oversight
          • Accuracy & robustness
          • Conformity assessment & CE marking
      • Limited Risk: Chatbots, deepfakes (transparency required)
      • Minimal Risk: Everything else
  2. NIST AI RMF
    • Govern: Policies, roles, accountability
    • Identify: Context, risks, impacts
    • Measure: Testing, evaluation, benchmarks
    • Manage: Controls, monitoring, improvements
  3. GDPR + AI (focus on individual rights)
    • Article 22 – Automated Decisions:
      • Right NOT to be subject to solely automated decisions
      • Right to human intervention
      • Right to explanation
      • Right to contest
    • Article 35 – DPIA Required for:
      • High-risk AI processing
      • Systematic evaluation
      • Large-scale sensitive data processing
    • Article 6 – Legal Basis
      • Must have valid reason to process
        • Consent, Contract, Legal obligation, Vital interests, Public task, Legitimate interests
    • Article 25 – Privacy by Design
      • Build privacy into AI

AI Lifecycle Phases

  1. Planning: Define goals, assumptions, stakeholders, governance, context
  2. Design & Development: Choose architecture, feature selection, bias testing
  3. Testing: Validate fairness, robustness, simulate deployment
  4. Deployment: Monitor initial performance, HITL (Human-in-the-Loop) review
  5. Monitoring: Drift detection, incident response, retraining

Governance Principles

  1. Transparency – Openness on system operation
  2. Accountability – Clear responsibility chains
  3. Privacy & Security – Data protection built-in
  4. Fairness – Non-discrimination and bias management
  5. Human Oversight – Human control and intervention
  6. Reliability – Consistent and robust performance

AI Explainability

  1. Explainability: Reasons for specific outputs
  2. Transparency: Openness on system operation
  3. Interpretability: Human-understandable decision logic

Bias Types & Detection

5 Key Bias Types:

  1. Data Bias: Biased training datasets
  2. Label Bias: Incorrect or biased labeling
  3. Automation Bias: Over-reliance on AI decisions
  4. Outcome Bias: Discriminatory results
  5. Confirmation Bias: Seeking confirming evidence

Detection Methods:

  1. Statistical parity testing
  2. Equalized odds evaluation
  3. Demographic parity analysis
  4. Individual fairness measures

Common AI Governance Roles

  1. Governance Team: Oversight and policy
  2. Developer: Design, build, train models
  3. Validator: Independent testing and validation
  4. Compliance Officer: Regulatory adherence
  5. Data Scientist: Data analysis and modeling
  6. Human Reviewer: Final decision authority

Audit vs Test vs Monitor

  1. Audit: Post-deployment review (comprehensive assessment)
  2. Testing: Pre-deployment validation (before going live)
  3. Monitoring: Continuous ops review (ongoing surveillance)

When Problems Arise

  1. Bias Detected: Audit first
  2. Model Performance Declines: Audit first
  3. Discrimination Complaints: Audit first

Model Documentation Requirements

  1. Purpose: Why the model was built
  2. Data Used: Training data sources and characteristics
  3. Metrics: Performance and fairness measures
  4. Ethical Concerns: Identified risks and mitigations
  5. Deployment Context: Where and how it’s used

Risk Management Key Components

  1. Model Inventory: Catalog of all AI systems
  2. Tiering: Risk-based classification system
  3. Controls: Safeguards and mitigations
  4. Incident Response Plan: Procedures for problems

Human Oversight Levels

Human-in-the-loop: Human makes final decisions. High-stakes decisions.
Human-on-the-loop: Human monitors, can intervene. Medium-risk applications.
Human-out-of-loop: Automated with oversight. Low-risk, high-volume.

Trustworthy AI Characteristics

  1. Valid & reliable
  2. Safe, secure & resilient
  3. Accountable & transparent
  4. Explainable & interpretable
  5. Privacy-enhanced
  6. Fair with managed bias

Disclaimer: AI tools were used to assist with research and drafting portions of this content and study guide.

Tagged , , ,
2025
Artificial Intelligence, Info Security, Technology

Making GARAK’s LLM Security Reports Actually Useful

Lately, Iโ€™ve been running security assessments on various LLM applications using NVIDIAโ€™s GARAK tool. If you havenโ€™t come across it yet, GARAK is a powerful open-source scanner that checks LLMs for all kinds of vulnerabilities, everything from prompt injection to jailbreaks and data leakage.

The tool itself is fantastic, but there was one thing driving me crazy: the reports.

The Problem with JSONL Reports

GARAK outputs all its test results as JSONL files (JSON Lines), which are basically long text files with one JSON object per line. Great for machines, terrible for humans trying to make sense of test results.

I’d end up with these massive files full of valuable security data, but:

  • Couldn’t easily filter by vulnerability type
  • Had no way to sort or prioritize issues
  • Couldn’t quickly see patterns or success rates
  • Struggled to share the results with non-technical team members

Anyone who’s tried opening a raw JSONL file and making sense of it knows the pain I’m talking about.

The Solution: JSONL to Excel Converter

After wrestling with this problem, I finally decided to build a solution. I created a simple Python script that takes GARAK’s JSONL reports and transforms them into nicely organized Excel workbooks.

The tool

  1. Takes any JSONL file (not just GARAK reports) and converts it to Excel
  2. Creates multiple sheets for different views of the data
  3. Adds proper formatting, column sizing, and filters
  4. Generates summary sheets showing test distributions and success rates
  5. Makes it easy to identify and prioritize security issues

Here’s what the output looks like for a typical GARAK report:

  • Summary sheet: Shows key fields like vulnerability type, status, and probe class
  • All Data sheet: Contains every single field from the original report
  • Status Analysis: Breaks down success/failure rates across all tests
  • Probe Success Rates: Shows which vulnerability types were most successful

Why This Matters

If you’re doing any kind of LLM security testing, quickly making sense of your test results is key. This simple conversion tool has saved me hours and helped me focus on real vulnerabilities instead of wrangling with report formatting.

The best part is, the code is super simple; just a few lines of Python using pandas and xlsxwriter. I’ve put it up on GitHub for anyone to use.

Wrapping Up

Sometimes the simplest tools make the biggest difference. I built this converter to scratch my own itch, and it’s been surprisingly effective at saving time and effort.

If you’re doing LLM security testing with GARAK, I hope it helps make your workflow smoother too.

GARAK – JSONL to Excel Converter

Also, check out my second tool: GARAK Live Log Monitor with Highlights. It’s a bash script that lets you watch GARAK logs in real-time, automatically highlights key events, and saves a colorized log for later review or sharing.

Would love to hear your feedback!

Tagged , , , , , , , , , , , ,
2025
Leave a comment
Artificial Intelligence, Info Security, Security Blogs, Technology, Threat Hunt

Introducing SchemaWiseAI: The AI-Powered Solution for Seamless Database Query Mapping

Introducing SchemaWiseAI: The AI-Powered Solution for Seamless Database Query Mapping
AI-Generated Image

In today’s data-driven world, businesses and organizations generate vast amounts of data every day. Cybersecurity analysts, data engineers, and database administrators are increasingly turning to Large Language Models (LLMs) to help generate complex database queries. However, these LLM-generated queries often don’t align with an organizationโ€™s specific database schema, creating a major headache for data professionals.

This is where SchemaWiseAI comes in โ€” a middleware tool designed to bridge the gap between generic AI outputs and the specific needs of your data infrastructure; currently in proof-of-concept stage. With SchemaWiseAI, you no longer need to manually adjust LLM-generated queries. The tool automatically transforms queries to match your exact data schema, saving time, reducing errors, and making data management easier.

What is SchemaWiseAI?

SchemaWiseAI is a middleware solution that adapts LLM-generated queries to match the unique database schemas of your organization. By ingesting your custom data structures, SchemaWiseAI ensures that every query is perfectly formatted and tailored to your needs, removing the need for manual adjustments. This powerful tool makes your data queries accurate, efficient, and easy to use, so you can focus on what matters mostโ€”getting insights from your data.

Why SchemaWiseAI?

LLMs can produce useful queries, but they often come with generic field names and structures that donโ€™t fit your system. This mismatch requires tedious manual work to adapt each query to your specific data schema, causing unnecessary delays and increasing the chances of errors.

SchemaWiseAI solves this problem by automatically mapping field names and data structures to your custom schema. It makes sure that the queries generated by LLMs are accurate, efficient, and ready for execution in your environment, without the need for manual intervention.

Key Features of SchemaWise AI

  1. Field Name Mapping: Automatically converts generic field names from LLM-generated queries into your custom names.
  2. Query Transformation: Transforms AI-generated queries to fit your exact data schema.
  3. Template-Based Query Generation: Quickly generates queries using predefined templates that match your system.

Example

The current proof-of-concept (POC) version of SchemaWiseAI includes a network proxy mapping feature. Below is a snippet of this mapping, which shows how internal field names used within the organization (on the left) are automatically mapped to new field names. For example, proxy log data with specific field names like “srcip“, “dstip“, “status“, etc., is automatically transformed and mapped to standardized names such as “src“, “dst“, “http_status“, and so on.

"proxy_logs": {
            "fields": {
                "srcip": {"map_to": "src", "type": "string"},
                "dstip": {"map_to": "dst", "type": "string"},
                "bytes": {"map_to": "bytes_total", "type": "string"},
                "status": {"map_to": "http_status", "type": "string"},
                "dhost": {"map_to": "dest_host", "type": "string"},
                "proto": {"map_to": "protocol", "type": "string"},
                "mtd": {"map_to": "method", "type": "string"},
                "url": {"map_to": "uri", "type": "string"}
            }

Output

The final outcome of this schema transformation appears as follows:

User Prompt Request: List all HTTP GET requests with status 404 from the last hour

Using template query: sourcetype=”proxy” | where mtd=”GET” AND status=404 | stats count as request_count by url, srcip | sort -request_count

Final Query: sourcetype=”proxy” | where method=”GET” AND http_status=404 | stats count as request_count by uri, src | sort -request_count

For more transformation examples, check out Github.

Why Choose Ollama for SchemaWiseAI?

At the core of the current SchemaWiseAI is Ollama (https://ollama.com/), a powerful, local AI platform that runs models directly on your machine, ensuring security, privacy, and speed. Hereโ€™s why Ollama is the ideal platform for SchemaWiseAI:

  1. Privacy and Security: Run AI models locally, ensuring that your sensitive data remains secure.
  2. Customizable AI: Tailor the LLM to your specific database needs with ease.
  3. Real-Time Performance: No cloud latency, providing fast, on-demand query generation.
  4. Cost-Effective: Avoid high cloud processing costs by running everything on your own infrastructure.

To get started with Ollama, review my last post where I shared steps on how to install and configure Ollama on Kali.

Who Can Benefit from SchemaWiseAI?

SchemaWiseAI is designed for professionals who work with data and rely on accurate, fast, and customized queries. Key users include:

  1. Cybersecurity Analysts: Quickly generate and refine queries for security logs and threat detection.
  2. Data Engineers: Automate the process of adapting AI queries to fit specific database structures.
  3. Database Administrators: Ensure that all queries are properly aligned with custom schemas, reducing errors and failures.
  4. Business Intelligence Analysts: Easily generate optimized queries for reporting, dashboards, and insights.

Current Limitations

  1. Support for More LLMs: Expanding beyond Ollama to include platforms like OpenAI and other popular models.
  2. Integration with More Data Schemas: Supporting a wider range of schemas, such as Palo Alto logs, DNS logs, and Windows logs.
  3. Improved UX/UI: Enhancements to the user interface for a more intuitive experience.
  4. Expanded Query Optimization: More features to optimize queries for different platforms and use cases.
  5. To manage scalability limitations: take machine learning, pattern-based learning approach, or a hybrid approach.

Getting Started with SchemaWiseAI

Ready to give SchemaWiseAI a try? Follow these easy steps to get started listed on Github: https://github.com/azeemnow/Artificial-intelligence/tree/main/SchemaWiseAI

Conclusion: Transform Your Data Queries with SchemaWiseAI

SchemaWiseAI is the perfect solution for organizations looking to streamline their query generation process, improve query accuracy, and save time. Whether you’re a cybersecurity analyst, data engineer, or business intelligence analyst, SchemaWiseAI is designed to make working with data more efficient.

By automating the transformation of LLM-generated queries into organization-specific formats, SchemaWiseAI saves you the time and effort needed for manual adjustments. And with future features like broader LLM support, expanded schema integration, and improved user experience, SchemaWiseAI is positioned to become a game-changer in the world of data querying.

Disclosure:

Please note that some of the SchemaWiseAI code and content in this post were generated with the help of AI/Large Language Models (LLMs). The generated code and content has been carefully reviewed and adapted to ensure accuracy and relevance.

 

Tagged , , , , , ,
Older posts
Advertisements