Businesses are being left vulnerable to a range of cybersecurity and privacy risks as 70% of business executives prioritize innovation over security when it comes to generative AI projects, according to a new report by IBM.
The survey also found that less than a quarter (24%) of generative AI projects are being secured.
This is despite 82% of respondents admitting that secure and trustworthy AI is essential to the success of their business.
Early Controls Key to Mitigating Breaches
Speaking to Infosecurity about the findings, Akiba Saeedi, VP of Data Security, IBM, said it is vital to avoid mistakes made in the past during the deployment of cloud technologies, which were often implemented without adequate security controls being built in.
For example, she noted that cloud misconfigurations are now one of the most common ways of threat actors infiltrate cloud environments. AI misconfigurations are also likely to be a major driver of breaches in the future if proper security controls are not established early on by organizations.
“We’re in that phase of education to really help organizations get more mature,” noted Saeedi.
The executives surveyed in the report highlighted a range of concerns relating to the deployment of generative AI tools in their organization. Over half (51%) cited unpredictable risks and new security vulnerabilities arising as a result of generative AI, while 47% highlighted new attacks targeting existing AI models, data and services.
The main forms of emergent threats to AI operations highlighted in the report were:
- Model extraction: Stealing a model’s behavior by observing the relationships between inputs and outputs
- Prompt injection: Manipulating AI models into performing unintended actions by dropping guardrails and limitations put in place by the developers
- Inversion exploits: Information on the data used to train a model being revealed
- Data poisoning: Changing the behavior of AI models by altering the data used to train them
- Backdoor exploits: Altering a model subtly during training to cause unintended behaviors under certain triggers
- Model evasion: Circumventing the intended behavior of an AI model by crafting inputs that trick it
- Supply chain exploits: Generating harmful models that hide malicious behavior, or target vulnerabilities in systems connected to the AI models
- Data exfiltration: Accessing and stealing sensitive data used in training and tuning models through vulnerabilities, phishing or misused privilege credentials
Saeedi warned: “The generative AI model itself presents a new threat landscape that didn’t exist before.”
Securing Generative AI in the Workplace
Most (81%) respondents acknowledged that generative AI requires a fundamentally new security governance model to mitigate the types of risks posed to these technologies.
IBM noted that governments around the world are bringing in a range of AI regulations. These include the EU’s AI Act and President Joe Biden’s Executive Order ’Promoting the Use of Trustworthy AI in the Federal Government’ in the US.
This further necessitates a comprehensive governance strategy specifically for generative AI, the researchers said.
No tags.
