Security and generative AI are learning to get along

When it comes to generative AI, it’s important to make sure something designed to help doesn’t actually hurt.

Despite the potential for AI to enhance cybersecurity, IT professionals are still figuring out how to deploy generative AI on the security front. Melissa Ruzzi, AppOmni director of AI, told IT Brew that one of the roadblocks to proper deployment is the data ingestion needed to effectively use the technology.

The use of raw data logs, which involves AI systems being fed large amounts of unsorted data that could reveal information to malicious actors, creates an expanded threat surface that complicates security solutions. Ensuring data is contextualized and sorted requires valuable work hours.

“In cybersecurity, that’s actually a big part of domain expertise,” Ruzzi said.

Hurdles ahead. Using generative AI for security can hand over control of important processes to chatbots. Ruzzi said that’s a real threat with dangerous consequences. Generative AI acts like it talks to staff, giving it an air of trustworthiness that can become problematic if it’s compromised by an attacker.

“Users want generative AI to do everything they want for them, but they also want to be safe,” Ruzzi said. “How do you combine them? And that’s really about the security expertise in terms of the architecture behind the generative AI and the controls in place.”

On March 6, the White House released a cyber strategy defining the administration’s goals for cybersecurity. Included in the brief document, which was heavy on directional recommendations but light on actual policy, was a section devoted to AI: “Sustain Superiority in Critical and Emerging Technologies.”

Diplomacy will ensure generative AI “advances innovation and global stability,” according to the document. The order also calls for AI-enabled cyber defense.

Build it, they’ll come. Security architecture—ensuring that your IT stack is providing protection while AI is deployed to assist staff—is the key, whether it’s coming from the White House or an IT security pro like Ruzzi. IT teams managing their organization’s generative AI security solutions need to consider both the data inputted and the answers outputted in response to questions.