Why Security and AI Need to Grow Hand in Hand

Enterprises are letting cybersecurity fall by the wayside in favor of their AI ambitions. 

Recent data from Accenture found that 77% of organizations lack the foundational AI security necessary to keep models, data pipelines and cloud infrastructure safe. Meanwhile, 42% of companies say they have struck the right balance between AI deployment and security. 

Data is the core of AI. If security strategies don’t grow in tandem with AI development and adoption, your enterprise is putting anything that goes into a model at risk, said Stephen Gorham, chief strategy officer at security firm OPSWAT. 

“That data is often sensitive data, that data is often proprietary data, that data is often regulated data,” said Gorham. “If it doesn’t evolve alongside, you’re going to risk data leakage.” 

But as AI continues to take budget and priority within organizations, enterprises may struggle to find a balance. According to Accenture, only 28% of organizations embed security protocols into tech transformation initiatives from the jump. 

Plus, AI is often used outside of the view of organizations entirely. A survey from Zoho IT subsidiary ManageEngine found that 60% of employees increased their use of shadow AI, or unapproved AI tools, over the last year. Around 91% believe that shadow AI poses little to no risk. Though Shadow IT has been around for years, “the issue with AI is it kind of exacerbates this problem,” said Gorham. 

The best place to start leveling up your security protocols, Gorham said, is by implementing principles of zero trust:

• In case you’re unaware, zero trust is a framework that assumes nothing is inherently safe – no user, device or application – even if it’s within your organization’s network. 
• Grounding AI development and deployment in zero trust principles as a “standard bearer” could help prevent your data from ending up in the wrong hands, he said. 
• This could look like creating an inventory to classify data that’s being fed to models, doing security and compliance scans through the model development lifecycle, and only allowing minimum necessary permissions for access.  

“I know I sound like a broken record, but zero trust, zero trust, zero trust” said Gorham. “Strict identity controls solve a lot of this stuff. Visibility and monitoring solve a lot of this stuff. Policy enforcement and education solves a lot of these things.”