IBM Verify

Artificial intelligence (AI) has a tremendous opportunity to differentiate and augment the way we work. AI allows organizations to harness large amounts of data, deliver insights that would require a lot of manual processing, continuously learn, and now, allow for generative interactions that were previously not possible, using large language models.

Specific to identity and access management (IAM), Gartner suggests by 2025, 35% of organizations will utilize generative AI as part of their identity fabric functions ^[1]. The use of generative AI significantly improves user experience and efficiencies of IAM controls. This means redefining and augmenting human IAM interactions with greater intelligence to assist technical and business users leveraging IAM tools. Additionally, explainability and summarization allow for correlating and generatively delivering actionable insights relevant to the task at hand – this will ensure technical and business users can quickly get the information within IAM tools to deliver outcomes. 

IBM Verify has supported AI in the product for years. Leveraging AI, IBM Verify can detect the risk score of a user authentication based on a variety of context evaluations that gets evaluated every time a user authenticates – this is powered by adaptive access capabilities.

Additionally, IBM Verify can harness the events emitted by authentication, multi factor authentication, account management, and more to detect anomalous behaviors for detecting and mitigating large scale identity attacks – this is augmentative to adaptive access and will evaluate threat prior to user authentication. The native threat detection and remediation capabilities leverage AI to correlate and identify suspicious IP addresses with unusual and anomalous behavior to mitigate against credential stuffing, brute force, and additional attack vector types.

Native threat detection and remediation within IBM Verify is now generally available. More details on how IBM Verify mitigates threat and fraud with AI can be found under threat detection and response.

Introducing Gen AI Assistant within IBM Verify 

IBM Verify now supports Gen AI Assistant, powered by watsonx, to augment how IAM admins and business users can interact with Verify. With this new capability, Verify admins and business users will be able to start using natural language to summarize details within Verify and generate configuration and policy. 

Using the Gen AI Assistant within Verify, we see three use cases in how generative AI can help augment IAM admin productivity: 

• Summarization/explainability: this allows admins to using natural language to get details on events happening in Verify with explainability and correlation. The value here is to provide contextual, relevant, and real time summary for IAM admins to understand what is happening or happened within the IAM platform. Example use cases consist of summarizing user details, group/entitlement information, threat and risk summarization, explaining CEL (common expression language) statements, determine if an application is ready for passkey adoption, and more.
• Generation: this allows admins to use natural language to generate configuration and policy. The value here is saving time in understanding what drop downs to select, what attributes or other artifacts are represented in the platform, and knowing Verify specific terminology – natural language can be used to define the outcome, in which the Gen AI Assistant within Verify can interpret the inputs and produce a configuration output. Additionally, the value delivers reduced security exposure and misconfiguration that could occur due to mistakes or general lack of understanding. Example use cases consist of access policy generation, orchestrated workflow generation, CEL generation, application onboarding generation for SSO connectors and Lifecycle adaptors, and more.
• Compliance: although similar to generation, this allows admins to use natural language to configure an IAM tool to align to a specific set of compliance requirements. The value here is being able to streamline the interpretation of the compliance requirements with how Verify, as an IAM tool, can be configured to meet compliance needs. Example use cases consist of using natural language to configure applications to be NIST 800-63 AAL2, OpenBanking/FAPI 1.0 compliant, and more – the output of this would render a configuration in Verify to meet these standards.

In the initial rollout of Gen AI Assistant within Verify, two use cases will be supported, threat summarization and access policy generation.

Threat summarization will allow admins to use natural language to summarize large-scale identity attacks detected by IBM Verify.  Admins have a list of prompts that will allow them to get real time, contextual, and relevant information related to the threats while also explaining the various threat vector types. What could take up to 6 hours to diagnose and summarize threats can now take minutes.

Access policy generation will allow admins to use natural language to configure access policies that then can be applied to applications. Admins will have a list of prompts that will allow them to generate multi rule access policies while being able to enforce FIDO2 passkeys and more. This can ensure the right policy level during authentication by requiring multi-factor authentication or phishing resistant authentication methods. What could take up to hours to create and understand how to create access policies can now take minutes.

The initial release of access policy generation will not support adaptive access or external risk configuration. Federated and custom native application policies will also be the only supported policy types.

Key tenets of using generative AI within IBM Verify

The Gen AI Assistant with Verify is powered by watsonx and uses IBM Granite models. IBM Verify also provides explainability and will continue to ensure explainability is top of mind as the Gen AI Assistant capabilities are advanced.

As we’ve spoken with customers and partners, we’ve realized that generative AI can be transformational but there is also caution based on how data is trained, stored, and even considerations for hallucination. As Gen AI Assistant capabilities rollout within Verify, the following tenets will remain: 

• Your data is your data: IBM’s approach to enabling organizations to harness the power of generative AI should not and will not require your data to be the source of training. With this tenet, Verify uses pre-trained data created by the IBM Verify team using supervised learning. IBM Verify does not use customer data to train models. By default, the Gen AI Assistant within Verify is disabled and requires explicit enabling.
• Augmentative interactions: IBM Verify does not automatically apply the outputs from Gen AI Assistant. Ultimately, IAM admins have the final say. For example, Gen AI Assistant can create access policies, but IAM admins need to review and apply them to applications. IAM admins must still review the summarization and generation and use Gen AI Assistant to augment how IAM interactions are experienced within IBM Verify. This also helps IAM admins remain in control in case hallucination is experienced.
• Data residency and hosting: IBM Verify can be deployed and hosted in 5 regions (United States, Canada, Japan, Australia, and Europe). The initial deliver of Gen AI Assistant within Verify will be available in the United States and Europe. This means customers using Verify in regions outside of United States and Europe will not be able to use the Gen AI Assistant within Verify, initially. The prompt inputs and outputs do not leave the region where Verify is hosted and leverage underlying tooling like watsonx Orchestrate hosted within region.
•  Data retention: The prompt inputs and outputs, as with any of the data the is processed and hosted within Verify, are encrypted at rest and in motion. The inputs and outputs are also stored for 90 days for logging and troubleshooting purposes. This is intentionally consistent with IBM Verify’s data retention of 90 days for events.

Get started now and start using Gen AI Assistant within IBM Verify

The Gen AI Assistant within Verify is a requestable feature. To request for this feature please contact your sales contact, open a support ticket requesting interest, or email our feature request alias (verifypreview@wwpdl.vnet.ibm.com).

We are eager to learn, provide value, and expand how generative ai capabilities within Verify can deliver positive value to our customers, partners, and users.