The Cybersecurity Risks Of Generative AI

Uploaded on 2024-06-06 in TECHNOLOGY-Key Areas-Artificial Intelligence, TECHNOLOGY--Resilience, FREE TO VIEW

We’re all still getting to grips with the exciting possibilities of generative AI as a technology that can create realistic and novel content, such as images, text, audio and video. Its use cases will span the enterprise, and include enhancing creativity, improving productivity, and generally helping people and businesses work more efficiently.

We are at a point of time in history where no other technology will transform how we work more drastically than AI is already doing.

However, generative AI also poses significant cybersecurity risks to your data. From seemingly innocuous prompts entered by users that may contain sensitive information (which the AI can then collect and store), to building large-scale malware campaigns, generative AI is nearly single-handedly expanding the ways in which sensitive information can be lost for modern enterprises.

For most LLM companies, they are just now starting to consider data security as part of their strategy and customer needs.

Businesses must adapt their security strategy to accommodate this, as generative AI security risks are revealing themselves as multi-faceted threats that stem from how users inside and out of the organisations interact with the tools. For many organizations, the risk is too high for them to allow generative AI tools into their organization and are seeking a secure path forward here.

What We Know So Far

Generative AI systems can collect, store, and process large amounts of data from various sources - including user prompts. This ties into the three primary risks facing organisations today:

Data Leaks:  If employees enter sensitive data into generative AI prompts, such as unreleased financial statements or intellectual property, then enterprises open themselves up to third-party risk akin to storing data on a file-sharing platform. Tools like ChatGPT or Copilot could also leak that proprietary data while answering prompts of users outside the organisation.

Malware Attacks:  Generative AI can generate new and complex types of malware that can evade conventional detection methods – and organisations may face a wave of new zero-day attacks because of this. Without purpose-built defence mechanisms in place to prevent them from being successful, IT teams will have a difficult time keeping pace with threat actors. Security solutions need to be using the same technologies at scale to keep up and stay ahead of these sophisticated attack methods.

Phishing Attacks:  The technology excels at creating convincing fake content that mimics real content but contains false or misleading information. This fake content can be used to trick users into revealing sensitive information or performing actions that compromise the security of the business. Threat actors can create new phishing campaigns – complete with believable stories, pictures and video – in minutes, and businesses will likely see a higher volume of phishing attempts because of this. Deep Fakes are being produced to spoof voices for targeted social engineering hacks and have proven to be very effective.

The three main security risks stemming from generative AI all follow one common thread: Data.

Whether it’s the accidental sharing of sensitive information or targeted efforts to steal it, AI is further amplifying the need for robust data security controls. 

Other Concerns  

Bias:  LLM’s can become biased in their responses and potentially give misleading or wrong information back out of models that were trained with bias information.

 Inaccuracies:  It has been seen that LLMs can accidently provide the wrong answer when analysing a question due to lack of human understanding and full context of a situation

Prioritizing Data Security Wherever Data Resides

Mitigating the security risks of generative AI broadly centres around three key pillars: employee awareness, security frameworks and technological solutions. 

Educating employees on the safe handling of sensitive information is nothing new. But the introduction of generative AI tools to the workforce demands consideration of the inevitable accompanying new data security threats. First, businesses must ensure employees understand what information can and can’t be shared with AI-powered solutions. Similarly, people should be made aware of the increase in malware and phishing campaigns that may result from generative AI.

The way businesses are operating is more complex than ever before - which is why securing data wherever it resides is a business imperative today.

Data is continuing to move from traditional on-premises locations to cloud environments, people are accessing data from anywhere, and keeping pace with various regulatory requirements is challenging. Traditional Data Loss Prevention (DLP) capabilities have been around forever and are super powerful for their intended use cases, but with data moving to the cloud, it is now clear that DLP capabilities also need to move while extending abilities and coverage. Organisations are now moving toward cloud-native DLP – prioritizing unified enforcement to extend data security across key channels. This approach streamlines out-of-the-box compliance and provides enterprises with industry-leading cybersecurity wherever data resides.

Leveraging Data Security Posture Management (DSPM) solutions allows for further protection for enterprises. AI-powered DSPM solutions enhance data security and protection by quickly and accurately identifying data risk, empowering decision-making by examining data content and context, and even remediating risks before they can be exploited. This prioritizes essential transparency about data storage, access and usage so that companies can assess their data security, identify vulnerabilities and initiate measures to reduce risk as efficiently as possible. 

Platforms that combine innovations like DSPM and DLP into a unified solution that prioritises data security everywhere are ideal – bridging security capabilities wherever data exists.

Successful implementation of generative AI can significantly boost an organisation’s performance and productivity; however, it is vital that companies are fully prepared for the cybersecurity threats such technologies can introduce to the workplace.

To best take advantage of exciting new tools while adequately protecting employees, organisations must prioritise security strategies that focus on protecting data wherever it resides with a strong focus on understanding their current data posture and the risks associated therein.

With this understanding, security practitioners will be empowered and able to take the necessary steps to reduce their risk posture quickly and accurately with minimal business impact.

Jaimen Hoopes is Vice President, Product Management at Forcepoint

Image: Allison Saeng

You Might Also Read:

What Can Be Done About Cyber Threat Actors Weaponizing AI?:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Hackers Target Healthcare
Securing The Supply Chain »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

Riscure

Riscure

Riscure is a global test lab and tools leader for device security. Core expertise in side channel analysis, fault injection and embedded device software.

RazorSecure

RazorSecure

RazorSecure offers products and services to enhance railway cyber security, by protecting and monitoring networks and key systems.

Build38

Build38

Build38 provides the highest levels of security for mobile applications.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Charterhouse Müller UK

Charterhouse Müller UK

Charterhouse Müller UK are a leading service provider for end of life IT services including data erasure and secure IT asset disposal.

ITRecycla

ITRecycla

ITRecycla are specialists in the protection of sensitive computer data by data destruction, re-marketing of reusable computer equipment, computer recycling and disposing of electronic e-waste.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Brimondo

Brimondo

At Brimondo we help you to maximize and protect your brand value by being a proactive and strategic partner within brand protection with experts within intellectual property and digital assets.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

Sencode Cyber Security

Sencode Cyber Security

Sencode provides a range of IT security solutions and services, including penetration testing and cyber awareness training to help mitigate the growing risks to your corporate infrastructure.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

LockMagic

LockMagic

Lockmagic is an information asset management solution to protect, track, audit and control accesses to sensitive information inside and outside your organization.