The latest rapid developments in AI and GenAI are a new juncture in the IT and cybersecurity landscape. They present new business opportunities, growing challenges for enterprise security, and the need for new capabilities in security platforms.
Although the debate over cybersecurity platforms versus point solutions has been a hot topic in cybersecurity for years, the new security challenges from enterprise AI adoption reinforce the need for a consolidated platform approach.
As with security paradigms like Zero Trust, SASE, and SSE, optimal security in the age of AI benefits from centralized management, consistent enforcement, and unified monitoring. It makes a consolidated security platform the foundational component of modern cybersecurity infrastructure, able to combat new threats from AI adoption, reduce complexity, simplify security operations, reduce costs, and improve overall levels of security.
In particular, the most advanced modern security platforms must comprehend how AI changes the enterprise attack surface and be able to mitigate the new, very real, and substantial risks of those changes.
AI Adoption Increases the Attack Surface
Employees are adopting AI applications at an unprecedented rate. Major players across every industry are gaining a competitive edge by introducing their own AI-powered applications. However, the increasing usage of these technologies expands the attack surface and presents security professionals with three new challenges:
- Eliminate the data and security risks associated with employees accessing and using Generative AI (Gen AI) applications.
- Enable rapid Gen AI application development by reducing risk in the AI application stack and supply chain.
- Provide runtime protection against new attacks targeting their AI ecosystem.
New Attack Surface #1: Employee AI Adoption
Because of their extraordinary capabilities, AI-powered applications and large-language models (LLMs) have opened up new data security issues and expanded the attack surface. As adoption snowballs, these applications become more enticing and profitable targets for attackers. A recent Salesforce survey of over 14,000 workers found that 55% of employees use unapproved Gen AI at work. With dozens of new AI applications being launched every month, it is only a matter of time before there are AI applications for every employee and every use case.
This new type of shadow IT usage can expose organizations to data leakage and malware. At the same time, according to TechTarget’s Enterprise Strategy Group, 85% of businesses have proprietary LLMs planned or already built into products generally available to their customers. Shadow IT is morphing into shadow AI. Employees gravitate toward what is convenient and makes them more productive, creating significant challenges for a robust security posture.
New Attack Surface #2: The AI Supply Chain
Employee use of third-party AI is not the only way AI is making its way into the enterprise. Innovative organizations realize they can improve both their top and bottom lines by supercharging their own applications with AI. As that happens, new AI components get added to application stacks, increasing the potential for exposure of sensitive data via training and inference datasets.
Reducing security risks in the AI development supply chain will be increasingly important to enterprises as they need to identify vulnerabilities and exposure in their AI-based applications.
New Attack Surface #3: The Entire AI Ecosystem at Runtime
In addition to protecting the AI development supply chain, the security of AI components extends to the runtime use of applications that depend on these new supply chains. Runtime threats to these AI ecosystems include prompt injections, malicious responses, LLM denial-of-service
training data poisoning and foundational runtime attacks, such as malicious URLs, command and control, and lateral threat movement.
The Platform Blueprint for Secure Enterprise Adoption of AI
So, how can companies unleash the competitive edge of game-changing AI technologies while keeping them secure? This is the burning question for security professionals looking for ways to enable their organizations to create value from AI.
In the age of AI, modern security platforms must:
Provide visibility and control of organizational AI usage
Information security professionals need visibility and control over hundreds of third-party AI applications. Their platform must prevent sensitive data leaks with comprehensive data classification capabilities. It should also enable them to secure their devices, applications, and networks against threats from insecure or compromised AI platforms.
Enable secure integration of AI during application development and runtime
The modern security platform must be able to defend against the exposure of sensitive data by classifying the entire AI stack with data security across model resources. Security professionals need
visibility into AI application code, models, and associated resources to identify and trace the lineage of AI components and data used in building new applications. Their security platform must also provide model risk analysis to reduce data exposure, misconfigurations, and excessive access.
Effectively utilize AI to meet the newly enabled scale and efficiency of adversaries
The modern security platform must also use AI to combat the evolving nature of threats which also use AI. It must leverage large amounts of high-quality data to drive better security outcomes within the organization, including the ability to “ingest” data from third-party sources at will. This centralized high-quality data plays an important role in driving high levels of attack protection and reducing MTTR (mean time to respond).
The AI Future is Here, and it can be Secured
With enterprise adoption accelerating, now is the time to protect enterprise AI utilization, reduce operational complexity, and simplify network security operations by investigating the latest in platformized AI-powered security. Click here to learn more.
