Security vs. AI: In an era where technology is advancing at an unprecedented pace, organizations worldwide are grappling with the widespread use of generative AI tools by their employees. A recent survey conducted by ExtraHop, a leading provider of cloud-native network detection and response solutions, sheds light on the challenges faced by IT and security leaders in managing the adoption of generative AI within their organizations. This study, which included 1,200 IT and security leaders from around the world, showed some interesting things about how often generative AI is used and how unclear its security risks are.
The Proliferation of Generative AI Tools
Generative AI tools have become ubiquitous in today’s workplace, with nearly three-quarters (73%) of organizations acknowledging their frequent or occasional use. These tools, powered by advanced AI models, have the potential to revolutionize productivity and efficiency. However, their unchecked usage has raised security concerns that demand immediate attention.
The survey data indicates that less than half (46%) of organizations have established policies governing the use of AI, and merely 42% offer training programs to educate employees on the safe and responsible utilization of these applications. This discrepancy between the high utilization of generative AI tools and the insufficient preparedness of organizations highlights the urgency of addressing these concerns.
The Ban Conundrum: A Questionable Solution
In response to the security risks posed by generative AI tools, some organizations have resorted to outright bans. The survey findings indicate that approximately a third (32%) of respondents reported implementing such bans. Despite these prohibitions, only 5% of those surveyed claimed that employees never use generative AI or large language models at work.
The inefficacy of bans is evident, and experts suggest that a more nuanced approach is necessary. Randy Lariar, Practice Director of Big Data, AI, and Analytics at Optiv, a prominent cybersecurity solutions provider, emphasizes the need for organizations to embrace this technology securely rather than attempting to prohibit it entirely. He likens the ban on generative AI to blocking employee access to web browsers, which is becoming increasingly impractical.
Balancing Use and Privacy
Limiting the use of open-source generative AI applications while establishing privacy guardrails is a prudent step, according to Patrick Harr, CEO of SlashNext, a network security company. By allowing the use of essential tools and simultaneously safeguarding sensitive information, organizations can strike a balance between innovation and data security.
CISOs and CIOs are entrusted with the crucial task of managing generative AI tools in a privacy-conscious manner. Many of these tools offer subscription levels with enhanced privacy protection to ensure that user data remains confidential. However, compliance with relevant regulations remains paramount, as protected data must align with specific business requirements.
Protection Mechanisms and Data Deletion
AI companies are also investing in security measures such as encryption and obtaining certifications like SOC 2, which audits service providers to ensure the secure management of customer data. These safeguards are critical to maintaining data integrity and privacy. However, the challenge arises when sensitive data inadvertently finds its way into AI models, whether through malicious breaches or unintentional actions by employees.
Most AI companies provide mechanisms for users to request the deletion of their data. Still, questions persist regarding how data deletion impacts the learning process conducted on the data prior to removal. These considerations underscore the complexity of managing generative AI tools and protecting sensitive information.
The Confidence vs. Investment Dilemma
The survey reveals an intriguing paradox: nearly 82% of respondents express confidence in their organization’s current security stack to protect against generative AI threats. Yet, 74% of these respondents plan to invest in generative AI security measures in the current year. This incongruity raises questions about whether organizations truly have the necessary insight into the usage of generative AI tools.
Jamie Moles, ExtraHop Senior Sales Engineer, highlights that the business sector has had less than a year to evaluate the risks associated with generative AI. The fact that not many direct investments have been made in technology for tracking the use of generative AI suggests that people may not fully understand how these tools are used in businesses.
The Call for Government Intervention
An intriguing aspect of the survey results is the resounding call for government involvement. A remarkable 90% of respondents express the desire for government intervention, with 60% advocating for mandatory regulations and 30% supporting government standards that businesses can voluntarily adopt.
The call for government regulation underscores the uncharted territory that generative AI represents. With organizations still navigating the complexities of employee governance and security policies for these tools, clear guidelines and government involvement can offer much-needed clarity and confidence for businesses.
In conclusion, the proliferation of generative AI tools in the workplace presents both opportunities and challenges. Organizations must strike a balance between harnessing the potential of AI for productivity and efficiency while safeguarding sensitive data and ensuring user privacy. As the generative AI landscape evolves, organizations must remain agile, adaptable, and vigilant in their approach to security. Government regulations and standards may provide the guidance needed to navigate this rapidly changing terrain. In this era of transformative technology, the ability to harness the power of AI securely is the key to unlocking its full potential.