A Deep Dive into AI and the Concerns and Strategies of Security Leaders

With the rapid adoption of Generative AI and Large Language Models (LLMs), a subset of Generative AI, such as OpenAI’s ChatGPT and Google’s BARD and others, securing a business against cyber threats just became infinitely harder. 

At the recent CISO Executive Forum hosted by Fortify Experts, over 35 security leaders discussed the concerns of employees using LLMs in the workplace.

Chart 1: Security Leaders’ Concerns

Security Leaders Express Concerns

In a survey conducted among the forum’s security leaders, a staggering 100% expressed varying degrees of concern regarding the security risks associated with the use of LLMs in their organizations.

Integration of Generative AI in Major Software

Leading software companies such as Microsoft, Salesforce, and Canva are actively incorporating Generative AI into their core offerings to empower users. Consequently, businesses are faced with the reality that they can no longer simply restrict access to AI. This AI empowerment, while beneficial, also presents an unforeseen challenge: it empowers malicious actors with unprecedented avenues to exploit users and organizations.

“Businesses will have 10 times the number of attacks coming at them now,” warns one Chief Information Security Officer (CISO).

Chart 2: The Emergence of Shadow AI

The Rise of Shadow AI

Similar to the concerns surrounding Shadow IT a few years ago, a new threat has emerged—Shadow AI. This term refers to users employing unapproved and unauthorized AI systems for business activities. The ramifications of Shadow AI include privacy breaches, loss of intellectual property, and an open door for attacks. Even well-intentioned actions, like code checks for vulnerabilities, can inadvertently create security risks.

Chart 3: Top Security Vulnerabilities

Top Security Vulnerabilities

When asked about their primary security concerns, a substantial 64% of security leaders cited the disclosure of sensitive data as their top worry. This was closely followed by 50% expressing concerns about supply chain impacts and the introduction of additional third-party risks. These vulnerabilities underscore the critical need for robust cybersecurity measures.

Chart 4: Current Actions Taken by Companies

Current Actions Taken to Address LLM Security Concerns

An alarming revelation from the survey is that over 85% of the represented companies have implemented very few technical controls to prevent users from sharing sensitive data or reducing potential vulnerabilities when using LLM AI solutions. Only 14% felt they had adequate controls in place. 

Chart 5: Current LLM Security Maturity

To address LLM security concerns, 29% of respondents reported limiting access to approved users, while 7% have opted to block access to all LLMs in the workplace. 50% of leaders were in the process of developing appropriate use policies and procedures for LLMs.

The Acceleration of Generative AI

Generative AI is advancing at an astonishing pace, introducing new productivity capabilities daily. The upcoming release of OpenAI’s GPT-5 promises to revolutionize AI capabilities again by seamlessly integrating voice, text, and images. It will serve as a virtual assistant, capable of content creation, task execution, teaching, visual analysis, and offering recommendations.  Businesses risk falling behind if they do not harness the full potential of Generative AI.

Embracing AI Securely

In the face of these transformative changes, leaders who advocate for blocking AI entirely may find themselves sidelined. Instead, security leaders must embark on a journey to enable AI securely, ensuring that businesses not only survive but thrive in this new AI-powered era.

In the next article, we will dive deeper into the discussions with these 35 security leaders, exploring strategies for securely enabling AI within organizations and fortifying the future of cybersecurity.

About Tim Howard

Tim Howard is the founder of 5 technology firms including Fortify Experts which helps companies hire Cybersecurity Leadership and AI Cyber Advisors which helps companies to Securely Enable AI through Strategic Risk Assessments and deploying AI Secure Solutions. 

In addition, he has a passion for helping CISO’s develop Higher Performing Teams through coaching, by creating interactive CISO Forums and by helping them create highly-effective team cultures.

He also teamed up with Lyndrel Downs to launch www.CybersecurityDIVAS.com to help promote the most influential women in cybersecurity and provide a mentoring program to help encourage and support more diversity within the cybersecurity industry.

Tim has been leading technology staffing teams for over 20 years and has degrees from Texas A&M University in Industrial Distribution and Marketing.  

Invite me to connect:  www.linkedin.com/in/timhoward

Leave a comment