Generative AI: Security Risks and Best Practices
Generative AI has taken the tech world by storm, particularly with the release of ChatGPT. As Microsoft adopts OpenAI foundation models, the conversation around AI and security intensifies. Siva Sundaramoorthy, a senior cloud solutions security architect at Microsoft, recently shed light on the security landscape impacted by generative AI at ISC2 in Las Vegas.
What security risks can come from using generative AI?
One of the main concerns surrounding generative AI is its accuracy. Sundaramoorthy explained that while the technology predicts the most likely answer, other answers may also be correct depending on the context. Cybersecurity professionals must assess AI use cases from various angles to mitigate risks.
Sundaramoorthy highlighted seven adoption risks associated with generative AI, including bias, misinformation, and lack of accountability. The unique threat map for AI encompasses usage, application, and platform aspects, introducing potential vulnerabilities that traditional systems may not have.
Security teams must balance the risks and benefits of AI
While AI such as Microsoft’s Copilot can enhance productivity, security teams must remain vigilant. Sundaramoorthy stressed the importance of integrating new technology cautiously to prevent vulnerabilities. Training users, establishing transparency, and securing the AI supply chain are essential for maintaining a secure AI environment.
Trusted ways to secure AI solutions
Despite the challenges, there are reliable methods to secure AI solutions effectively. Organizations can leverage frameworks from NIST and OWASP, as well as tools from Microsoft and Google, to assess and govern AI deployments. Data scrubbing, least privilege principles, and strict access controls are key components of maintaining AI security.
To use AI — or not to use AI
While some advocate for avoiding AI due to risks, Sundaramoorthy emphasizes that proper access controls are crucial for mitigating AI-related security concerns. Understanding the nuances of AI security and implementing best practices can help organizations harness the power of AI safely.
Disclaimer: This article is based on insights shared at the ISC2 Security Congress event.