How LastPass Fortified AI Governance and Security with StackAware

Artificial Intelligence (AI) presents a massive opportunity for companies to increase velocity, productivity, efficiency, and innovation. However, given its fast-changing nature and employee demand, risks arise when business and customers outpace the ability to ensure scalable, secure, and private AI services 

 

These risks can include: 

• Data leakage 

• Ungoverned use 

• Regulatory non-compliance 

• Unexpected costs 

• AI ecosystem changes 

• Complexity and instability 

To navigate this complex terrain, LastPass partnered with StackAware, a firm specializing in AI risk management and governance. 

Challenge 

As LastPass carefully integrates AI across its products and operations, our focus is to ensure responsible, ethical, safe and secure use while maintaining a stringent emphasis on security and privacy. This requires addressing several key challenges: 

• The need to streamline security and privacy processes, guardrails and controls for existing and new AI implementations.  

• Ensuring compliance with emerging AI laws, regulatory guidance, and industry frameworks. 

• Reviewing and addressing data handling practices of third-party AI tools. 

• Ensuring employee AI use aligns to the company’s acceptable use policies, avoiding the risk of Shadow AI. 

• Oversight by the Executive team and Board of Directors as part of the company’s risk management framework. 

Solution 

LastPass engaged StackAware to develop a comprehensive AI governance program.  Together we leveraged: 

• National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF) 

• Open Web Application Security Project (OWASP) Top 10 risks for Large Language Models (LLM) 

• System and Organization Controls (SOC) 2 

• ISO 27001

• ISO 27701

This collaboration focused on several key areas: 

• AI risk assessment. StackAware assessed LastPass’ systems which make use of AI, identifying potential areas for improvement and providing actionable recommendations aligned with best practices and the frameworks described above. 

• Vendor review. We jointly completed a thorough review of the vendors used by LastPass - including the underlying AI systems and models - to understand whether and how they would process LastPass’ or its customers’ data with AI. 

• Streamlining security and privacy reviews. In addition to due diligence on existing vendors, StackAware improved the security and privacy review process for both commercial and open-source AI systems and models. This reduced friction and accelerated timely deployment while maintaining security. 

• Governance development. With StackAware’s help, LastPass built robust AI governance policies and processes, addressing data handling, secure development and ethical AI use. 

• Employee training. After the governance framework was in place, LastPass leveraged StackAware to develop training around common risks associated with AI use and how to mitigate them using LastPass processes and procedures. 

Results 

At the end of the engagement with StackAware, LastPass had: 

• A structured approach to identify, assess, and mitigate AI-related risks. 

• Compliance framework considerations integrated into the company’s governance program. 

• The ability to balance innovation with security, allowing LastPass to move forward with AI initiatives confidently. 

“As we embrace AI, ensuring its secure and responsible use is paramount,” said Mario Platt, Chief Information Security Officer at LastPass. “StackAware has brought deep expertise in AI governance and risk management, helping us implement a structured, standards-aligned approach to identifying and mitigating AI-related risks. Their guidance empowered us to innovate with confidence, while upholding the trust our customers expect.” 

 

Christofer Hoff, Chief Secure Technology Officer, added that “AI isn’t just another technology shift—it’s a trust shift. StackAware helped us translate complex compliance frameworks into practical, actionable steps. Their work enabled us to move fast without breaking trust—balancing innovation with the security and privacy our users expect.” 

 

With the StackAware engagement complete, LastPass is well prepared to navigate the complex artificial intelligence landscape while upholding its commitments to its customers and ensure the responsible, ethical, safe and secure use of AI while maintaining a stringent focus on security and privacy.