Методика оценки финансовых рисков организаций на основе внедрения Isolated Multiagent Arbitration
https://doi.org/10.35596/1729-7648-2026-32-1-33-44
Аннотация
Рассмотрена проблема обеспечения снижения финансовых рисков хозяйствующих субъектов в условиях масштабного внедрения автономных интеллектуальных агентов. Показано, что существующие угрозы безопасности для систем больших языковых моделей, такие как стеганографические инъекции и поисково-дополненная генерация, трансформируются из технических инцидентов в существенные факторы операционного риска, способные нанести прямой экономический ущерб, исчисляемый миллионами долларов. Предложена методика оценки финансовых рисков на основе целевой функции полной стоимости владения, включающей операционные затраты и ожидаемые годовые потери, а также дисконтированного анализа для инвестиционного обоснования мероприятий защиты. В качестве практической реализации рассматривается архитектура Isolated Multiagent Arbitration, реализующая принцип эшелонированной защиты и изоляции генерации от исполнения и включающая модуль глубокой инспекции файлов, кастомную модель-аудитор для постгенерационного анализа ответов и механизм динамической оценки доверия к источникам в поисково-дополненной генерации.
Об авторах
Е. С. ПискунБеларусь
Пискун Екатерина Сергеевна, канд. экон. наук, доц. каф. проектирования информационно-компьютерных систем
220013, Минск, ул. П. Бровки, 6, Тел.: +375 17 292-20-80
А. А. Азизов
Беларусь
магистрант каф. проектирования информационно-компьютерных систем
Минск
Е. В. Крячев
Беларусь
магистрант каф. проектирования информационно-компьютерных систем
Минск
Список литературы
1. Singla A., Sukharevsky A., Yee L., Chui M., Hall B. (2024) The State of AI in Early 2024: Gen AI Adoption Spikes and Starts to Generate Value. USA, McKinsey & Company Publ. Available: https://www.mckinsey.com/capabilities/quantumblack/our-insights/the-state-of-ai (Accessed 24 May 2024).
2. Brier P., Thibaud A.-L., Marandon A., Shah H., Roberts Dr. M., Jones S. (2024) Harnessing the Value of Generative AI. Capgemini Research Institute. Available: https://www.capgemini.com/wp-content/uploads/2024/05/Final-Web-Version-Report-Gen-AI-in-Organization-Refresh.pdf (Accessed 15 August 2024).
3. Gartner Says Worldwide AI Spending Will Total $1.5 Trillion in 2025. Stamford, Connecticut, 2025. Available: https://www.gartner.com/en/newsroom/press-releases/2025-09-17-gartner-says-worldwide-ai-spending-willtotal-1-point-5-trillion-in-2025 (Accessed 10 October 2025).
4. 2023 Was a Record Year for AI Incidents. Surfshark Research, 2024. Available: https://surfshark.com/research/chart/ai-incidents-2023 (Accessed 12 February 2024).
5. Cost of a Data Breach Report 2024. IBM Security, 2024. Available: https://www.ibm.com/reports/data-breach (Accessed 20 July 2024).
6. CVE-2025-32711 Detail. NIST, National Vulnerability Database, 2025. Available: https://nvd.nist.gov/vuln/detail/CVE-2025-32711 (Accessed 20 May 2025).
7. Inside CVE-2025-32711 (EchoLeak): Prompt Injection Meets AI Exfiltration. Hack the Box, 2025. Available: https://www.hackthebox.com/blog/cve-2025-32711-echoleak (Accessed 22 May 2025).
8. Burgess M. (2025) A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT. Wired. Available: https://www.wired.com/story/chatgpt-poisoned-document-data-leak/ (Accessed 14 March 2024).
9. Slack AI Can Leak Private Data Via Prompt Injection. The Register, 2024. Available: https://www.theregister.com/2024/08/21/slack_ai_prompt_injection/ (Accessed 25 August 2024).
10. How Microsoft Defends Against Indirect Prompt Injection Attacks. Microsoft Security Response Center, 2025. Available: https://www.microsoft.com/en-us/msrc/blog/2025/07/how-microsoft-defends-against-indirectprompt-injection-attacks (Accessed 30 July 2025).
11. Zou A., Wang Z., Kolter J. Z., Fredrikson M. (2023) Universal and Transferable Adversarial Attacks on Aligned Language Models (GCG). arXiv Preprint. Available: https://arxiv.org/abs/2307.15043 (Accessed 15 January 2024).
12. Robey A., Wong E., Hassani H., Pappas G. J. (2023) SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks. arXiv Preprint. Available: https://arxiv.org/abs/2310.03684 (Accessed 20 January 2024).
13. Huang D., Shah A., Alexandre A., David W., Chawin S. (2025) Stronger Universal and Transferable Attacks by Suppressing Refusals. NAACL. Available: https://doi.org/10.18653/v1/2025.naacl-long.302 (Accessed 10 May 2025).
14. Su J., Kempe J., Ullrich K. (2024) Mission Impossible: A Statistical Perspective on Jailbreaking LLMs. arXiv. Available: https://arxiv.org/abs/2408.01420 (Accessed 1 September 2024).
15. Zeng Y., Lin H., Zhang J., Yang D., Jia R., Shi W. (2024) How Johnny Can Persuade LLMs to Jailbreak Them. arXiv. Available: https://arxiv.org/abs/2401.06373 (Accessed 15 February 2024).
16. Zou W., Geng R., Wang B., Jia J. (2025) PoisonedRAG: Knowledge Corruption Attacks to RetrievalAugmented Generation of Large Language Models. Proceedings of USENIX Security. Available: https://arxiv.org/abs/2402.07867 (Accessed 12 March 2025).
17. Xiang Ch., Wu T., Zhong Z., Wagner D., Chen D., Mittal P. (2024) Certifiably Robust RAG against Retrieval Corruption. arXiv Preprint. Available: https://arxiv.org/abs/2405.15556 (Accessed 10 June 2024).
18. Shafran A., Schuster R., Shmatikov V. (2024) Machine Against the RAG: Jamming Retrieval-Augmented Generation with Blocker Documents. arXiv Preprint. Available: https://arxiv.org/abs/2406.05870 (Accessed 15 July 2024).
19. Gaidamakin N. A. (2025) Methodology of Expert-Analytical Analysis of Technical and Economic Efficiency of the Information Security System of an Enterprise Based on Comparison with “Best Practices”. Voprosy Kiberbezopasnosti. (5), 149–161 (in Russian).
20. Kozyr N. S. (2023) Costs and Benefits of Business Information Security. Management. 11 (4), 110–118 (in Russian).
21. Astakhov A. M. (2017) The Art of Information Risk Management. Saratov, Profobrazovanie Publ. (in Russian).
22. Kovaleva N. V. (2021) Methods of Financial Risk Assessment and Possibilities of Their Application in Modern Economic Conditions. Consumer Cooperatives. 1 (72), 34–38 (in Russian).
23. Saltelli A., Ratto M., Andres T., Campolongo F., Cariboni J., Gatelli D., et al. (2008) Global Sensitivity Analysis: The Primer. Chichester, John Wiley & Sons, Ltd.
24. Lukasevich I. Ya. (2016) Financial Management. Moscow, National Education Publ. (in Russian).
25. Petrenko S. A., Simonov S. V. (2009) Management of Information Risks. Economically Justified Security. Moscow, DMK Press (in Russian).
26. Methodological Recommendations for Assessing the Efficiency of Investment Projects. Approved by the Ministry of Economy, Ministry of Finance, and Ministry of Architecture and Construction, No 158/104/246. National Register of Legal Acts of the Republic of Belarus, 2005, No 158, 8/13148 (in Russian).
27. Information and Network Infrastructure Protection. InfoWatch, 2025. Available: www.infowatch.ru (Accessed 12 February 2026) (in Russian).
28. On Personal Data Protection. Law of the Republic of Belarus, May 7, 2021, No 99-Z. National Register of Legal Acts of the Republic of Belarus, 2021, No 2/2819 (in Russian).
29. Code of the Republic of Belarus on Administrative Offenses, January 6, 2021, No 91-Z (Amended October 11, 2024, No 37-Z). National Register of Legal Acts of the Republic of Belarus, 2021, No 2/2811 (in Russian).
30. On Approval of the Instruction on Requirements for Ensuring Information Security in the Banking System of the Republic of Belarus. Resolution of the Board of the National Bank of the Republic of Belarus, November 25, 2021, No 351. National Register of Legal Acts of the Republic of Belarus, 2021, No 8/37389 (in Russian).
31. On the Development of the Digital Economy. Decree of the President of the Republic of Belarus, December 21, 2017, No 8 (Amended November 14, 2023, No 357). National Register of Legal Acts of the Republic of Belarus, 2017, No 1/17471 (in Russian).
32. On Approval of the Information Security Concept of the Republic of Belarus. Resolution of the Security Council of the Republic of Belarus, March 18, 2019, No 1. National Register of Legal Acts of the Republic of Belarus, 2019, No 1/18260 (in Russian).
33. On the State Program “Digital Development of Belarus” for 2021–2025. Resolution of the Council of Ministers of the Republic of Belarus, February 2, 2021, No 66. National Register of Legal Acts of the Republic of Belarus, 2021, No 5/48748 (in Russian).
34. On Approval of the Rules for the Development of Business Plans for Investment Projects. Resolution of the Ministry of Economy of the Republic of Belarus, August 31, 2005, No 158 (Amended December 14, 2023, No 25). Minsk: National Center of Legal Information of the Republic of Belarus, 2024 (in Russian).
35. Kim J.-О., Mueller Ch. Y., Klekka Y. R., Oldenderfer M. S., Blashfild R. K. (1989) Factor, Discriminant, and Cluster Analysis. Moscow, Finansy i Statistika Publ. (in Russian).
36. Lukasevich I. Ya. (2017) Investments. Moscow, Vuzovskiy Uchebnik Publ. (in Russian).
37. Baldin K. V. (2006) Risk Management. Moscow, Eksmo Publ. (in Russian).
38. Cattell R. B. (1966) The Scree Test for the Number of Factors. Multivariate Behavioral Research. 1 (2), 245–276. DOI: 10.1207/s15327906mbr0102_10.
39. Information Technology – Security Techniques – Information Security Management Systems – Requirements. ISO/IEC 27001:2022. 3rd ed. Geneva, ISO/IEC.
Рецензия
Для цитирования:
Пискун Е.С., Азизов А.А., Крячев Е.В. Методика оценки финансовых рисков организаций на основе внедрения Isolated Multiagent Arbitration. Цифровая трансформация. 2026;32(1):33-44. https://doi.org/10.35596/1729-7648-2026-32-1-33-44
For citation:
Piskun E., Azizov A., Krychev E. A Method for Assessing the Financial Risks of Organizations Based on the Implementation of Isolated Multiagent Arbitration. Digital Transformation. 2026;32(1):33-44. (In Russ.) https://doi.org/10.35596/1729-7648-2026-32-1-33-44
JATS XML


















