As the adoption of generative AI (GenAI) soars, so too does the risk of insider threats. This puts even more pressure on businesses to rethink security and confidentiality policies.

In just a few years, artificial intelligence (AI) has radically changed the world of work. 61% of knowledge workers now use GenAI tools — particularly OpenAI’s ChatGPT — in their daily routines. At the same time, business leaders, often partly driven by a fear of missing out, are investing billions in tools powered by GenAI. It’s not just chatbots they’re investing in either, but image synthesizers, voice cloning software and even deepfake video technology for creating virtual avatars.

We’re still some way off from GenAI becoming indistinguishable from humans. Even if  — or perhaps when — that actually happens, then the ethical and cyber risks that come with it will continue to grow. After all, when it becomes impossible to tell whether or not someone or something is real, the risk of people being unwittingly manipulated by machines surges.

GenAI and the risk of data leaks

Much of the conversation about security in the era of GenAI concerns its implications in social engineering and other external threats. But infosec professionals must not overlook how the technology can greatly expand insider threat attack surface, too.

Given the rush to adopt GenAI tools, many companies have already found themselves getting in trouble. Just last year, Samsung reportedly banned the use of GenAI tools in the workplace after employees were suspected of sharing sensitive data in conversations with OpenAI’s ChatGPT.

By default, OpenAI records and archives all conversations, potentially for use in training future generations of the large language model (LLM). Because of this, sensitive information, such as corporate secrets, could potentially resurface later on in response to a user prompt. Back in December, researchers were testing ChatGPT’s susceptibility to leaking data when they uncovered a simple technique to extract the LLM’s training data, thereby proving the concept. OpenAI might have patched this vulnerability since, but it’s unlikely it’ll be the last.

With the unsanctioned use of GenAI in business growing fast, IT must step in to seek the right balance between innovation and cyber risk. Security teams might already be familiar with the term Shadow IT, but the new threat on the block is Shadow AI or the use of AI outside the organization’s governance. To prevent that from happening, IT teams need to revisit their policies and take every possible step to reinforce the responsible use of these tools.

Learn more about AI cybersecurity

Proprietary AI systems carry unique risks

An obvious way to address these threats might be to build a proprietary AI solution tailored to the specific business use case. Businesses may build a model from scratch or, more likely, start with an open-source foundation model. Neither option is without risk. However, while the risks that come with open-source models tend to be higher, those concerning proprietary AI systems are a little more nuanced —and every bit as serious.

As AI-powered functions gain traction in business software applications, they also become a more appetizing target for malicious actors — including internal ones. Data poisoning, where attackers tamper with the data used to train AI models, is one such example. The insider threat is real, too, especially if the data in question is widely accessible throughout the organization, as is often the case with customer service chats, product descriptions or brand guidelines. If you’re using such data to train a proprietary AI model, then you need to make sure its integrity hasn’t been compromised, either intentionally or unintentionally.

Malicious insiders with access to proprietary AI models may also attempt to reverse engineer them. For instance, someone with inside knowledge might be able to bypass audit trails since proprietary systems often have custom logging and monitoring solutions that might not be as secure as their mainstream counterparts.

Secure your AI software supply chains

The exploitation of model vulnerabilities presents a serious risk. Whereas open-source models may be patched quickly through community involvement, the same can’t be said of the hidden flaws that a proprietary model might have. To mitigate these risks, it’s vital that IT leaders secure their AI software supply chains. Transparency and oversight are the only ways to ensure that innovation in AI doesn’t add unacceptable risk to your business.

More from Artificial Intelligence

Brands are changing cybersecurity strategies due to AI threats

3 min read -  Over the past 18 months, AI has changed how we do many things in our work and professional lives — from helping us write emails to affecting how we approach cybersecurity. A recent Voice of SecOps 2024 study found that AI was a huge reason for many shifts in cybersecurity over the past 12 months. Interestingly, AI was both the cause of new issues as well as quickly becoming a common solution for those very same challenges.The study was conducted…

Does your business have an AI blind spot? Navigating the risks of shadow AI

4 min read - With AI now an integral part of business operations, shadow AI has become the next frontier in information security. Here’s what that means for managing risk.For many organizations, 2023 was the breakout year for generative AI. Now, large language models (LLMs) like ChatGPT have become household names. In the business world, they’re already deeply ingrained in numerous workflows, whether you know about it or not. According to a report by Deloitte, over 60% of employees now use generative AI tools…

ChatGPT 4 can exploit 87% of one-day vulnerabilities

3 min read - Since the widespread and growing use of ChatGPT and other large language models (LLMs) in recent years, cybersecurity has been a top concern. Among the many questions, cybersecurity professionals wondered how effective these tools were in launching an attack. Cybersecurity researchers Richard Fang, Rohan Bindu, Akul Gupta and Daniel Kang recently performed a study to determine the answer. The conclusion: They are very effective. ChatGPT 4 quickly exploited one-day vulnerabilities During the study, the team used 15 one-day vulnerabilities that…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today