Generative AI red teaming: Tips and techniques for putting LLMs to the test

Replace transitory project teams with permanent, multidisciplinary product teams. Deeply connected teams with diverse skill sets brought together from all different parts of the organization. Teams that understand the value they’re trying to create, collaborate effectively, and challenge each other to create better solutions. For CIOs, this shift means rapidly rethinking how products, services, and systems meet these heightened expectations — for consumers inside their companies and in the market. Those who fail to adapt will fall behind in a marketplace where AI is resetting the rules of engagement and efficiency.

Evaluating the risks of AI coding assistance

• Among the essential KPIs for gen AI are productivity gains, cost savings and time reductions—metrics that provide tangible evidence to satisfy boardrooms.
• The CIO is now a culture catalyst, architecting a digital infrastructure and building a learning organization that fuels continuous growth.
• In this evolving landscape, those who succeed will be the ones who reimagine ROI, balancing measurable financial outcomes with strategic, long-term contributions.
• To provide more detail, OWASP recently produced its “Agentic AI—Threats and Mitigations” publication, including a multi-agent system threat model summary.
• Sitting on the sidelines and waiting for everything to get figured out is tempting, but it’s also risky.
• This metric reflects both increased throughput and improved customer satisfaction.

In driving digital transformation, CIOs can provide a seamless experience for customers, partners and employees. Paul Hlivko is EVP, Chief Information and Digital Officer at Wellmark Blue Cross and Blue Shield, responsible for the strategic direction of technology transformation, digital technology and innovation. Several technology teams report to Paul, including enterprise architecture, application delivery, application operations, software product management, enterprise data management and user experience design. Before Wellmark, Paul served in technology and program management leadership roles with PNC Financial Services and First Niagara Bank. Many first-generation mobile applications were direct adaptations of their web equivalents. Poor user experiences, slow performance, and low adoption forced organizations to rethink their business objectives and implementation strategies.

Premier Health reports data breach

• Organizations need qualitative assessments to capture these impacts effectively.
• While CIOs are optimistic about AI’s potential, they are also realistic about the risks — from hallucinated content to patient safety concerns.
• • Use AI-driven document processing to automate form submissions, approvals and regulatory compliance.
• These strategies serve as a bridge from planning to sustained value creation, laying the groundwork for effective implementation and continuous ROI growth.

Many of gen AI’s most valuable contributions—such as improved customer experience or enhanced innovation—resist traditional quantification. Organizations need qualitative assessments to capture these impacts effectively. Forecasting potential benefits provides a roadmap for expected outcomes. In addition to financial returns, organizations should project intangible benefits like improved employee satisfaction, decision-making, or customer engagement. Establishing a clear performance baseline is essential to measure progress accurately.

One promising use case is helping developers review code they didn’t create to fix issues, modernize, or migrate to other platforms. Chris holds various industry certifications such as the CISSP/CCSP from ISC2 as holding both the AWS and Azure security certifications. While there are many possible techniques for generative AI Red Teaming, it can feel overwhelming to determine what to include or where to begin. OWASP does, however provide what they deem to be “essential” techniques.

Below are a few practical takeaways from these expert discussions, designed to help organizations move from gen AI exploration to execution and ROI measurement. These strategies serve as a bridge from planning to sustained value creation, laying the groundwork for effective implementation and continuous ROI growth. Regular evaluation and iteration allow organizations to identify opportunities for improvement and adapt to changing needs. They also track the number of accurately flagged high-risk accounts as a key measure of gen AI’s predictive power. They also monitor operational capacity increases, ensuring no additional staffing is required to handle larger volumes.

This blueprint provides a structured approach and the exercise’s specific steps, techniques, and objectives. To provide more detail, OWASP recently produced its “Agentic AI—Threats and Mitigations” publication, including a multi-agent system threat model summary. “Generative AI has, or will, significantly shift the landscape for all healthcare CIOs, expanding their scope beyond traditional IT oversight to include strategic innovation, AI governance and cross-disciplinary collaboration. It won’t impact everyone the same or on the same timeline, but it will happen,” James Wellman, CIO of Gloversville, N.Y.-based Nathan Littauer Hospital, told Becker’s.

He also participates in industry working groups such as the Cloud Security Alliance’s Incident Response Working Group and serves as the membership chair for Cloud Security Alliance D.C. Chris also co-hosts the Resilient Cyber podcast. OWASP recommends threat modeling as a key activity for generative AI Red Teaming and cites MITRE ATLAS as a great resource to reference. Threat modeling is done to systematically analyze the system’s attack surface and identify potential risks and attack vectors.

Kicking dependency: Why cybersecurity needs a better model for handling OSS vulnerabilities

At the same time, low-code/no-code platforms, citizen developers, and ubiquitous AI tools are decentralizing engineering and tech expertise. While embracing emerging technologies, it is also critical to double down on cybersecurity and compliance to maintain the trust of stakeholders. In addition to using emerging technologies to benefit customers, CIOs should ensure their employees have the opportunity to understand and benefit from innovations as well.