Good morning and good afternoon to those joining from around the world. I'm Kian Kumar, a senior cloud architect, architecture leader, focused on enterprise scale digital transformation. My work centers on building resilient, scalable, and secure cloud infrastructure, and increasingly, that includes enabling safe and responsible adoption of machine learning and ative ai. I'm thrilled to be here at Conference 42, machine Learning 2025 to share some of those learnings with you today. Generative AI is accelerating innovation at incredible pace. The market is projected to grow from 13.8 billion in 2023 to over 118 billion by 2032. But risk growth comes with new and complex challenges. Security threats, privacy concerns, and ethical risks that existing cloud frameworks don't fully address. In this session, I'll introduce a five pillar framework designed specifically for secur and generative AI workloads, a model that balances innovation with security and agility with accountability. My goal is to help you scale gen AI confidently and securely. Especially enterprise environments where risk and regulation can be an afterthought. Let's jump in. Our framework is structured around file code domains, infrastructure, security, data protection, application security, responsible AI and regulatory compliance. These are not just checklists. They are interdependent layers of a security posture designed to protect gene systems from external threats, internal misuse, and reputational harm. Each pillar corresponds to real world challenges we have encountered in field deployments from access control breaches to unmonitored AI outputs. Let's look at it one step at a time. Infrastructure security. Let's begin with identity and access management as this is the number one attack vector. 67% of organizations report unauthorized AI access attempt, so least privilege and multifactor authentication are foundational. During data transmission, all model endpoints and inter component APIs must be encrypted end to end using TLS 1.3 or higher. You can also use additionally, HSM based key storage, which could help further protection, use infrastructure as a code commonly called as IAC in the industry with embedded guardrails to prevent drift. Automate security poster assessments quarterly gene. A infrastructure must be designed with defense in depth and not just security perimeter. Next, let's talk about data protection strategies. As data is a fuel and the vulnerability of gene ai. Poor data governance can leak intellectual property. Ate privacy, or introduce bias. Enterprises should classify training and inference data by sensitivity. Use data minimization to limit what the model can access to protect intellectual property, implement watermarking, provenance tracking, and legal frameworks for AI generated outputs for personal data. Lean into synthetic data and federated learning and differential privacy. Let's move on to application security. Gene systems aren't traditional apps. Input and output security is an entirely new surface. We are seeing prompt injection tanks where users manipulate model behavior via cleverly crafted inputs. These require input, sanitization, and context of validation. Equally important is out output scanning, real-time toxicity detection, context filtering, and safety classifiers are essential. A study conducted by MIT technology reveal 72% of gene a adopters have already experienced at least one unsafe output incident. Let's move on to responsible AI. Security is not just technical. You all are aware it's ethical too. Enterprise needs clear AI usage policies and risk categorization for use cases. Red teaming should become a routine practice simulate adversary use cases to expose weakness, combine automated bias detection with human review. Also critical prompt engineering. Sorry, prompt security. Threat modeling. Understand attack vectors like instructional leakage and defend with boundary enforcement, prompt chaining, control and input context filtering. Let's move on to regulatory compliance. Regulatory. As regulation is moving fast. The EU AI Act creates gene AI in critical sectors as high risk requiring explainability, risk control, and human oversight. In the US agencies like the F-D-A-F-T-C and NIST offer segment or sector specific guidance. This makes multi jurisdiction com compliance. Complex. Enterprise must develop adaptable governance models. Maintain audit trails for every generative AI interaction, input output. User identities and system responses ensure they are stored in a tamper evidence storage system. So let's look at some practical implementation strategies. This framework is not just theoretical. Here is how you can make it real. Step one, like I mentioned before, conduct a generative, a specific security assessment. The things that you need to be aware in this assessment are map your models, APIs, data sets and endpoints. So these all should be part of the assessment so that you'll understand where the loopholes are. Then develop policies with cross-functional ownership. As you are aware, business legal and technical teams must collaborate. Like I mentioned before, secure your APIs with auth 2.0 and PKC, which protects against token interception, especially in the client side and mobile app scenarios or 2.0 with PKC adds an extra layer by requiring a dynamic verification, which cannot be reused by the attackers. Finally deploy rate limiting and usage monitoring to identify suspicious patterns and prevent abuse. Now let's look at some future considerations. Looking ahead, the JI threat landscape will evolve, expect adversary prompts, data poisoning and modeling evasion attacks. Resilience depends on governance, integration linking human oversight policy, and automation into one unique posture. Enterprises that succeed here won't just secure models. They will build customer trust and regulatory readiness as strategic differentiators. As generative AI matures, security strategies must evolve to address emerging threats and governance demands. We are beginning to see sophisticated risks like data poisoning, prompt injection chaining, and model inversion attacks that target the behavior of the model themself. So this requires moving beyond static controls to adapt security approaches such as real time prompt inspection. Output monitoring and retraining aware threat modeling. At the same time, innovation in areas like explainable gene ai privacy, preserving machine learning, and secure synthetic data generation will become essential. Equally importance is the integration of governance, aligning security with legal, ethical and policy frameworks. The enterprises that invest early in both technical defenses and responsible governance will be best positioned to lead securely and sustainably in the gene AI era. Finally, thank you for your attention. This framework is designed to help enterprises embrace gen AI securely and responsibly. Thanks again for the opportunity to speak for speaking here.