Business use cases for generative AI continue to grow as the technology permeates all kinds of products, services, and technologies. At the same time, the security implications of evolving generative AI capabilities continue to make headlines. A recent Salesforce survey of more than 500 senior IT leaders revealed that the majority (67%) are prioritizing generative AI for their business in the next 18 months. Nearly everyone agrees that additional measures are needed to address security concerns and prepare them to successfully leverage technology.
Most organizations buy (and don’t build) generative AI, but many don’t buy generative AI directly and may receive it through bundled integrations. This mandates that security leaders invest time in understanding the various generative AI use cases and associated risks within their business.
A new Forrester report reveals the business sectors most likely to adopt generative AI, its primary use cases, and the security threats and risks teams need to defend against as the technology goes mainstream.
The 7 most likely generative AI business use cases
According to Forrester’s Securing Generative AI report, the seven most likely generative AI use cases within organizations and their associated security threats and risks are:
- marketing: Text generators allow marketers to instantly draft copy for their campaigns. This poses the threat of data breaches, data theft and competitive intelligence, Forrester said. Risks include public relations/client issues related to the release of text due to inadequate pre-release oversight and governance processes.
- design: Image generation tools inspire designers to mock up ideas with minimal time and effort, writes Forrester. It can also be integrated into a wider workflow. This poses the threat of model poisoning, data tampering, and data integrity, writes Forrester. Risks to consider are design constraints and policy violations due to data integrity issues and potential copyright/IP issues in generated content.
- that: Programmers use the Large Language Model (LLM) to detect errors in code and automatically generate documentation. While this poses data exfiltration, data leakage, and data integrity threats, the documents created risk revealing critical system details that companies typically don’t disclose, Forrester said. rice field.
- Developer: TuringBot helps developers to prototype code and implement complex software systems. According to Forrester, this raises issues of code security, data tampering, ransomware, and IP theft. Potential risks include insecure code that does not follow SDLC security practices, code that violates intellectual property licensing requirements, and generative AI being compromised and ransomed into production systems.
- Data Scientist: Generative AI allows data scientists to create and share data to train models without compromising personal information. This creates the threat of data poisoning, data deobfuscation, and adversarial machine learning. A related risk relates to reverse-engineered synthetic data generation models, which “allow an attacker to identify the source data used,” Forrester wrote.
- sale: AI generation helps sales teams generate ideas, use inclusive language, and create new content. This creates the threat of data tampering, data leakage, and regulatory compliance. “Sales teams can violate contact preferences when generating or distributing content,” Forrester said.
- operation: Internal operations use generative AI to improve organizational intelligence. This poses threats to data tampering, data integrity, and employee experience. The risk, writes Forrester, is that data used for decision-making purposes could be tampered with, leading to inaccurate conclusions and implementations.
Supply chain, third-party controls critical to securing generative AI
Forrester’s list of most likely generative AI business use cases focuses on internal business functions, but urges security leaders to also look at supplier and third-party risk factors . “Given that most organizations have integrated generative AI into their already deployed products and services, one of the immediate priorities for security leaders is third-party risk management,” the report said. writing. According to Forrester, when companies buy products and services that include generative AI, they rely on their suppliers to secure the solution. “Microsoft and Google are responsible for bundling and integrating generative AI into services like Copilot and Workspace, while other providers end up sourcing AI solutions from their own supplier ecosystems. Security should compile its own supplier security and risk management question set, based on the use cases outlined above,” he added.
