AI and business OPS collided, and its impacts raised unprecedented security challenges. Protecting AI systems is now an urgent priority across the industry. Traditional cybersecurity approaches simply aren't enough.
In a recent episode of Security Balance Lawhost Diana Kelly sat down with two AI security experts, executive vice president and CISO at Globe-SEC Advisory, and two AI security experts, David Linthicum, founder and lead researcher of Linthicum Research, to talk about the unique security risks of AI systems and how organizations can safely use AI.
Traditional security cannot protect AI systems
Traditional methods to protect systems simply do not work with AI, resulting in unique vulnerabilities. However, Raiford, Kelley, and Linthicum suggest ways to overcome them, including the adoption of Machine Learning Security Operations (MLSecops), which integrates security throughout the AI development lifecycle. Specifically, we recommend using the MLSecops framework that integrates security checkpoints in each development phase. Additionally, you will create a dedicated AI security team. This is something that has been trained to understand AI-specific security issues and how to avoid or at least mitigate them.
“It's not security anymore,” Linthicum said. “We have to burn it into model architecture development, training development, and data development for inference engines.”
Where is AI the most unstable?
In this session, Raiford and Linthicum discussed how AI systems can create their own uncertainty. Data addiction is important. According to Raiford, this is when an actor injects malicious data while training to destroy the behavior of the model, making it impossible to trust the output from the model.
Experts in this session promoted solutions that implement rigorous data integrity checks on all AI training data sets, including source tracking and integrity verification. They also proposed development and regular testing of controls that work against AI-specific attacks such as rapid injection and model manipulation.
Though not inherent to AI, privacy issues were another concern discussed in detail by three security experts. “If you can access the prompt, for example, Linthicum said, “You misuse it, [personally identifiable] Information that a particular model can access. “AI-oriented privacy impact ratings are essential. In that respect, the panel proposed implementing more powerful data minimization practices and other privacy techniques when sensitive data is part of AI model training.
How to do AI correctly
The rush to launch an AI project before thinking through security implications was another focus of this discussion. This is the main reason, and Raiford and Linthicum agreed. Why does AI projects fail? Linthicum notes widely cited statistics from McKinsey's report that 80% of AI projects implemented failed to show expected ROIs. Linthicum condemned the lack of strategic planning and the use of quality data. Raiford agreed, “I saw a client leaning around and now I realized they were moving too fast, or literally, “How do I do this right?”
The discussion shifted to what organizations who want to take advantage of AI should do to ensure their projects are safe. A clear AI strategy is the first step, but you should include an AI governance framework that takes into account how risk is managed. Security monitoring controls must also be implemented.
For more information, see the full episode of About the dangers of AI and the best routes to manage them – Security Balance Act. Or read the transcription here.
Editor's Note: The editors used AI tools to help generate this article. Our expert editors should always review and edit content before publishing.
Brenda Horrigan is the executive managing editor for Informa TechTarget's editorial program and execution team.
