The idiosyncratic use of AI within organizations is a problem when it comes to risk. Instead, AI deployment must be part of the entire strategic enterprise operation.
Speaking at the AI Summit during Black Hat USA, Larry Clinton, president of the Internet Security Alliance, argued that company boards need to be educated about the use of artificial intelligence within their organizations in order to deploy it securely.
“AI deployment needs to be done strategically, and this is very much in line with the advice we give on cybersecurity. We are already seeing research that shows organizations are underestimating the risks associated with AI,” he argued.
Beware of One-Off AI Projects
One of the most significant issues is AI being used in small one-off projects by individual business units, which brings risk to the organization.
“It needs to be woven into the full process of the business,” Clinton said.
Brandon Dixon, a partner product manager at Microsoft’s Security AI Strategy, said that when Microsoft is looking to integrate AI with a customer, it suggests using AI to complement an existing workflow rather than creating a new workflow. The latter typically introduces more risk to an organization.
Clinton also implored the audience at Black Hat to educate the board on the impacts of various AI deployments.
AI Security, Not (Just) an IT Function
Clinton argued that the discussion around AI needs to be moved outside the “IT bubble” and make it part of the overall business.
“AI security is an enterprise-wide function, not an IT function,” Clinton added.
“That means that the entire enterprise needs to get comfortable with AI. Why is the organization using AI, and how is it doing it?”
Also speaking, Matthew Martin, the founder of consulting firm Two Candlesticks, said, “When you analyze the risks, it needs to be done the same way you would with cybersecurity. Risk assessments need to be enterprise-wide, meaning we need to put a dollar and cent sign on the various risks. How much is this AI deployment going to cost our organization if it goes bad?”
Clinton said that the Internet Security Alliance is working on a risk management handbook that will tackle the use of AI. It will be launched in the early Fall. He also supported a secure by design approach to AI deployment.