Password manager LastPass has fortified its AI risk governance and security by working with AI risk consultancy StackAware.
The vendor’s chief information security officer (CISO) Mario Platt said via the company blog that AI risks range from data breach and poor governance to increased costs and complexity.
Key challenges include the need to streamline security and privacy processes, guardrails and controls for existing and new AI implementations.
“LastPass carefully integrates AI across its products and operations,” Platt wrote. “Our focus is responsible, ethical, safe and secure use while maintaining emphasis on security and privacy.”
Therefore, LastPass engaged StackAware to develop comprehensive AI governance. The work took in principles and practices from the National Institute of Standards and Technology (NIST) AI Risk Management Framework (RMF) in development.
Also, they approached large language model (LLM) risk through an Open Web Application Security Project (OWASP) lens. Other considerations included System and Organisation Controls (SOC) 2 as well as International Standards Organisation (ISO) standards 27001 and 27701.
“AI presents a massive opportunity for companies to increase velocity, productivity, efficiency, and innovation. However, risks arise when business and customers outpace the ability to ensure scalable, secure, and private AI services,” Platt noted.
Breaking down AI risk and governance
StackAware helped LastPass develop a structure for identifying, assessing and mitigating AI-related risks, weighing compliance considerations and security versus innovation, the vendor said.
Typically, StackAware works by outlining business objectives and communicating with stakeholders, reviewing documentation and preparing business impact analyses and risk priorities. It also penetration tests AI systems to confirm control and identify gaps.
In another post, LastPass said password cracking and compromise is common.
“Many [passwords] have been harvested with infostealers like the notorious Lumma, the focus of a global law enforcement takedown in May 2025,” the vendor noted.
And the number of infostealers of browser and cloud-based credentials has increased. AI tools and high-end GPUs make cracking faster and easier, it added.
While changing your passwords regularly does help protect your data, that isn’t enough on its own, according to LastPass.
Password managers can make it easy to create and manage strong, complex individual passwords for every account – but it’s still important not to share passwords insecurely or reuse them.
Because even with password management including multi-factor authentication (MFA), secure autofill and other features, risk remains.
Further LastPass updates and product improvement details can be found here.
( Photo by Radission US on Unsplash )
