This is the first of a five-part series on the dangers of AI that corporate leaders and even cybersecurity personnel are not fully cognizant of.
AI is a phenomenal work enhancement tool but should be seen as a sword that cuts both ways. What we have seen across the board is the excitement, the promise, and the victories of an advanced technology finally getting its day. And, its all been puppy dogs, unicorns, and rainbows. It’s high time for someone to balance out the scales and inform the general public about some issues, problems, and negative impacts that AI can have.
Having said that, there’s good news. Securing your organization for the use of AI helps you greatly elevate your system and user base’s security posture. Nth's recommendation is to use the issues discussed below as a way to securely use AI, as well as make the overall environment more secure. It’s a corporate win-win in the long run.
Below, we list risk and threat-specific mitigations at the end of each topical section, with a general set of mitigations at the end of this article.
AI Risks at All Levels
The unbelievable tsunami of AI technologies and their use within organizations has led to significant improvements in productivity, but these benefits come with substantial risks and challenges that desperately need to be addressed as quickly as possible.
Across almost the entire organizational landscape, AI has been incorporated into processes and procedures without any matching policies or enforcement. Given a complete lack of planning and coordination, there is often no rhyme or reason as to where AI is in use and whether it is properly supported (e.g., contracts, commercial backing, cybersecurity), as well as secured. The risk of an AI service becoming deeply embedded in mission critical organizational workflows and then disappearing overnight (given a lack of proper risk assessment as part of normal acquisition checks) raises the specter of extended outages as personnel no longer have necessary capabilities and no knowledge of processes, given that the AI controlled them. This has always been a side effect of process automation, but the pell-mell adoption of autonomous constructs has exacerbated the problem. This causes organizations to now be two generations away from human-mediated or performed steps, phases, and execution.
AI Risks: The Big Picture
1. Risky Executive-Level Embrace
C-Level and Board Support: Senior executives and board members are championing AI adoption due to the lure of enhanced productivity without incurring significant additional costs. Many such levels of organizations have not adopted risk-informed decision making.
Cost-Effective Solutions: Many AI capabilities are available for free online, or embedded within existing software, reducing the need for substantial new investments. With that comes the notion within the executives’ minds that AI capabilities are instantly interchangeable without the need for any sort of cost/benefit/risk analysis, assuming that AI learns so it will automatically adapt to the needs of the business without extensive modification or retraining.
2. Stealth Usage by Employees
Unmonitored AI Utilization: Many employees use AI tools without their organization's knowledge, often because these tools are freely accessible and easy to use.
Challenges in Tracking: Efforts to monitor AI usage are difficult due to the explosion of available services and embedding of AI constructs within existing products. But there have been in-depth investigations that have revealed widespread, unregulated use, making it difficult for organizations to gauge the full extent of AI adoption.
3. Pervasive Usage Without Control
Lack of Oversight: The pervasive use of AI across organizational departments occurs with minimal control and visibility from IT and management.
Governance Issues: Without proper governance, the use of AI can lead to inconsistencies in how data is handled, analyzed, processed, and protected.
4. Risk of Sensitive Information Leakage
Data Security Threats: The uncontrolled use of AI tools can lead to the inadvertent leakage or exfiltration of sensitive information.
Compliance Concerns: Organizations may face compliance issues if sensitive data is mishandled or shared inappropriately through AI applications.
5. Inability to Turn Off AI
Dependency on AI: As AI becomes more embedded in daily operations, organizations may find it increasingly difficult to operate without these tools. Vendors are making it difficult if not impossible to disable the AI as it becomes integrated at the very core of their product suites.
___________
In summary, AI has crashed our corporate party and is here to stay. While there are many hidden dangers, there are ways to mitigate them, allowing organizations to reap the benefits of enhanced productivity.
Our next article will dive deeper into risks specific to critical infrastructure of the U.S., operational technology, and smart technologies that are, along with AI, invading everything from our corporate offices to our power and water supplies to our own homes.
Comments