According to McKinsey, with global and regular use of generative AI nearly doubling over the past year, rapid adoption has created a lucrative new target for cybercriminals. While off-the-shelf solutions have accounted for much of this adoption, organizations, seeing the power of fine-tuned, business-specific responses, have allocated a large amount of budget to training their own AI models.
Continued innovations such as agent AI mean adoption is only increasing. The considerable autonomy that agent AI possesses allows it to make decisions, plan actions and learn from its experiences within the specific context of a company, making it applicable across all business functions.
However, amid the excitement around AI, there are considerable cybersecurity risks that are too often not considered. By adopting any new software solution, companies are introducing a new attack vector for cybercriminals. The problem with internally developed AI models is that they are essentially a repository of a company’s most valuable data, ranging from intellectual property, customer and employee data to trade secrets, making them a very attractive target.
This software runs on hardware likely housed in a data center, so business leaders must ensure they are equipped with the right tools to have control over all aspects of their network and ensure sensitive company data is secure. in the new attack vectors they are adopting.
CEO and co-founder of Goldilock.
The challenge to existing frameworks
The fact is that the existing security configurations in many companies today are not fit for purpose. For years, IT departments have viewed cybersecurity as a compliance hurdle rather than a way to protect company data. This has led to an over-reliance on perimeter defenses and single sign-on solutions, which can create a false sense of security for organizations that believe compliance equals security.
Software solutions and more traditional approaches to data security, such as firewalls, still have a place in protecting an enterprise’s data security, but deeper defense is required to ensure operations run smoothly. without problems. AI, while powerful, is still a type of software that runs on hardware typically found in a data center. Data centers are complex and sensitive environments. Factors such as power requirements, cooling systems, and physical security make these facilities prime targets. Additionally, the nature of AI development and deployment requires frequent access and updates. This requires strict control over who can access these systems and when. Organizations must ensure they have the right framework in place to ensure their AI models function properly and are protected at all levels of operation.
Physical segmentation: establishment of control and defense.
Many will already have some of the necessary components installed. What most are missing is a first and last layer of defense that can be established by segmenting the physical network. Through a hardware-based approach, physical network segmentation allows users to segment all digital assets remotely, instantly and without using the Internet. With the push of a button, from anywhere in the world, organizations can use this technology to physically isolate the chosen segment from the overall network, disconnecting it from the Internet. This technology acts as a gatekeeper to AI, controlling access and ensuring its benefits can be reaped. For companies using AI, it can offer the following benefits:
1. Improved security and reduced risk
In the context of protecting an AI model, this type of protection can act as a gatekeeper, preventing a company’s own AI from being poisoned and preventing the AI from being used for malicious purposes.
Without an Internet connection, physical network segmentation can be used to take the model offline, preventing a cyber attack or unwanted access. This will hide assets from view and improve an organization’s existing defense depth. For AI models, network segmentation can be used to keep components offline until they are needed, greatly reducing the time a hacker has to access the software.
Organizations may be hesitant to take this approach, assuming it would cause disruptions to operations. But this does not have to be the case. The key is to implement a process that establishes intelligent and well-considered times. A generative AI model does not necessarily need to be connected to the Internet 24/7 to function well. A connection is required for a short period when users send a message. Once submitted, the model can be disconnected and reconnected once the response has been generated and needs to be returned. This short period of time is not enough for a cybercriminal to clone the model and obtain sensitive company data. In terms of user experience, the time needed to connect and reconnect should be short enough that humans won’t notice the delay.
2. Help with regulatory compliance
Governments around the world are adapting to the sensitivity of data. With AI models hosting such a variety of sensitive data, all eyes are on companies to demonstrate that they are doing everything they can to prevent an attack or breach. In the absence of specific AI regulation, it is difficult to know where to start. Physical network segmentation can support overall compliance because there is no better effort than keeping sensitive data completely off the Internet or physically separating it when it is attacked.
3. Effective incident response and recovery
In the event of a cyber attack, reactive network segmentation can be used to prevent the spread of the attack and quickly isolate compromised assets and data, effectively preventing further access by hackers. During the recovery process, leaders will have the ability to quickly reconnect previously isolated and known safe segments after an attack, ensuring AI models can be used as quickly as possible and ensuring services are restored.
Looking forward
With more and more AI models trained in-house, it is very likely that cybercriminals will begin to target these repositories of sensitive data. Once they have access to AI, all kinds of havoc can be wreaked by the ability to clone data, poison the model to generate harmful responses, or lock it with ransomware, causing significant damage to the business.
Organizations must be able to confidently harness the power of AI without compromising security. By implementing a framework that enables individual zone control through network segmentation, business leaders will be able to not only mitigate threats but also establish effective response and recovery processes while ensuring maximum performance across the business. .
We have created a comprehensive list of the best artificial intelligence tools.
This article was produced as part of TechRadarPro’s Expert Insights channel, where we feature the best and brightest minds in today’s tech industry. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing, find out more here:
