The widespread, and almost indiscriminate, use of AI and generative AI is apparently opening up a new can of worms for business leaders and technologists to worry about.
With every promising new technology comes nefarious people wanting to steal or do harm. Unfortunately, AI and machine learning are the latest technology vectors for cybercriminals, with one in five already reporting incidents involving their AI systems. With AI, of course, massive amounts of data are being employed to train models, and the confidentially of such data is still relatively unknown. Combined, AI usage is introducing new cyber threats that businesses must address.
That’s one of the findings of a survey of 300 senior cybersecurity leaders which finds growing vulnerabilities in AI deployments, as well as cloud itself. AI brings both vulnerabilities, but also solutions. Close to eight in ten executives (79%) believe AI/ML will be “important” or “extremely important” to improve their security posture by 2024.
Still, AI model attack or compromise incidents occurred at 20% of companies within the last 12 months, taking this category of attack out of the theoretical and into reality. A majority, 68%. were also worried that employees would “upload sensitive data to ChatGPT and 49% that threat actors would poison AI/ML models.”
See also: AI and the Future of Hacking
Supply chains are also seen as vulnerable areas, the survey shows. Software supply chain compromises were the fourth most frequently occurring attack for 34% of firms within the last 12 months. While 63% of organizations sought greater visibility and transparency into the state of security. Improving insight into the software supply chain was also a high priority for security leaders (60%) as well as protecting AI/ML models and data pipelines (57%).
Cloud service attacks: Half of the organizations surveyed experienced at least one incident against a cloud service in the last 12 months, with a significant increase in attacks against third-party services and phishing attacks that resulted in stolen credentials.
Overall, the number of reported security incident types at organizations increased. In fact, 71% of organizations experienced three or more types of security incidents, a 51% increase year-over-year. And it’s hard to find people to fix and stay ahead of the wave. Sixty percent of security leaders considered cloud security the most difficult role to fill, with network security (56%) and application security roles (55%) not far behind.
There is some good news buried within the survey stats: this year, while cyber threats, in general, are growing, the number of successful ransomware attacks and data breach attempts fell by 30% over the last year.
The widespread, and almost indiscriminate, use of AI and generative AI is apparently opening up a new can of worms for business leaders and technologists to worry about. With AI on the rise, it’s important that such efforts are folded within the security and protection of existing cyber and data security efforts.