Mastodon Feed
Reblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
kurtseifried@infosec.exchange ("kurtseifried (he/him)") wrote:
@jsonstein So a concrete example: take the new AICM (AI Controls Matrix, based on the CCM Cloud Controls Matrix) which has 229 controls (32 new AI ones, 197 existing CCM ones) and compare them to the EU AI Act (which has 113 articles, which has about 96 articles with content and then 17 of administravia.
So to compare these two sets is 21,984 comparisons.
Now you can reduce that by summarizing and grouping content, like a human would, but that runs the risk of a false negative, missing a match.
If you really want to avoid false negatives, you need to do every comparisons, and write up why it does or does not match.
Oh and then you want something to validate all the matches and not matches, so you effectively have to do all that work at least twice.
This is a tedious task at best, just reading and understanding the EU AI Act alone (at around 40,000 words) would take a fast reader about 3-4 hours. To say nothing of the time spent understanding it (it's legal text).
But doing it via claude/chatgpt/gemini? Doable., Designing the queries and validation? That's the work. But that work can largely be re-used (e.g. to map other things, a common task for us).
https://github.com/CloudSecurityAlliance-DataSets/dataset-public-laws-regulations-standards