AI SecurityArtificial Intelligence (AI), especially generative AI is gaining more popularity, and as such risks relating to the usage of AI are increasing. PrivSec provide a range of services to support those leveraging AI in their organsiastion.
|
Why does it matter?
With Artificial Intelligence (AI) gaining more and more traction within businesses, here at PrivSec we've started seeing some of our clients grappling with the concerns it presents and reaching out to us for advice. While each use case for AI will be different, there's some general advice which applies, and like all new technology it can be summarised with "be cautious".
Specific considerations regarding the use of AI include:
Specific considerations regarding the use of AI include:
- Disclosure of sensitive data
- Hallucinations and authority bias
- Lack of AI awareness
What do I need to consider?
Each AI implementation works differently and consideration should be given to each of the following factors (along with many others!) when assessing how AI should be used:
- WHERE is the data processed? If everything is processed on the local device then the chance of accidental disclosure via AI prompts drops dramatically.
- WHAT type of data is being fed to AI? Maybe your developers just want help with a CSS problem where all the pieces can already be seen publicly on your main website - the risks here are very different to if you're feeding it your raw financial data to look for areas that can be optimised.
- WHO controls the AI? Maybe you're running AI yourself on an internal host or maybe the AI provider is a company you already have an non disclosure agreement (NDA) with and the new services could be wrapped under existing contracts.
- WHY are your employees looking to use AI? AI changes the workload for organisations and under the right circumstances provides access to an extremely powerful resource which can create optimisations, but, depending on the desired outcome, can create unexpected tasks and increase technical debt in ways that are difficult to solve.
How can we help?
PrivSec can help you with:
- Conducting a security risk assessment on the usage of AI within your organisation
- Conducting a privacy impact assessment on the usage of AI within your organisation
- Review AI generated code for security best practice
- Conducting a penetration test on solutions leveraging AI technologies