It’s now widely accepted that artificial intelligence will permeate nearly every aspect of our lives. That presents new challenges related to AI threats, enterprise AI management and adapting security programs for an increasingly AI-driven world.
What matters most in assessing your risk exposure is to understand what type of AI is being used. There’s a direct correlation: More modern generative and agentic AI can expose us to greater threats. Lack of transparency with gen AI apps makes it more difficult for security teams to get necessary visibility into where potentially sensitive data is going.
The convenience and accessibility of AI tools often outweigh users’ perceived security risks, creating a cycle of adoption and potential exposure. To effectively counter these evolving threats, organizations must adapt their security programs. With that in mind, let’s explore strategies to prevent these challenges from manifesting across various organizational domains.
Fostering flexibility
A key area for transformation is rethinking approval workflows for AI use. Traditional security models, often characterized by binary yes/no or allow/block decisions, are too rigid for the dynamic nature of AI. Instead, security teams need to embrace more flexible approaches, potentially including opt-in/opt-out models for certain AI functions, especially when customer or regulated data is involved.
One strategy I’m implementing with my team is setting clear parameters for what users can and can’t use. The goal is to shift security from a bottleneck that impedes innovation to an enabler of secure AI adoption, with clear lines of in- and out-of-bounds activities.
Yes, there is always going to be a layer of shadow AI and agentic AI to keep an eye out for as those expand your attack surface, but there’s also a need to respond to legitimate requests from business units. It’s important to have a system that reduces the friction of processing and auditing requests for new tools as they come in from other teams within the organization.
I started by looking for trusted platforms and partners, and finding ways to process and approve requests for those tools faster. I call this a “yellow light” process, wherein you have the decision to speed up or hit the brakes. This means finding the two questions that absolutely need to be answered about a tool to get this trusted platform or partner approved. For example, we may ask, “Are you learning from my data?” and “What controls do you have in place for us to be able to turn this tool on or off if we need to?”
This allows us to speed a review that once took days into just 15 minutes. Now, teams have a level of flexibility to use the tools they want without sacrificing the necessary layers of security.
The power of AI ambassadors
Many of us are familiar with the concept of having “security champions” within an organization, but I am also a big proponent of “AI ambassadors.” These programs seek to engage and empower business units to take on a greater share of AI governance responsibilities.
AI ambassadors are people from across teams and departments, who know the rules around AI tools, and can encourage their teams to follow them. Essentially, they operate as an extension of the security team, bringing a layer of accountability that makes sure their colleagues are following the correct procedures in choosing and using AI tools. They can inventory their team’s apps and request reviews of the approval process, giving them more investment in making sure the ways their own team is using AI are secure and in line with broader security policies.
By training and equipping AI ambassadors within different departments, organizations can decentralize some of the initial security review processes. The ambassadors are responsible for understanding and adhering to AI governance policies, ensuring that security considerations are integrated from the outset with any new tool brought into the organization.
Security Champions and AI Ambassadors aren’t the same. Keeping the teams distinct from each other fosters a culture of shared responsibility, enabling faster deployment of AI solutions while maintaining a customer-focused governance and robust security posture.
AI ultimately doesn’t require major changes but smaller strategic adjustments to existing strategies to alleviate some of the friction for end users and foster a better security culture.
By understanding the true nature of AI-driven threats, addressing the unique nature of managing AI and fostering a culture of shared security responsibility, organizations not only mitigate risks but also harness the technology’s full potential.
James Robinson is the chief information security officer at Netskope Inc. He wrote this article for SiliconANGLE.
Image: SiliconANGLE/Ideogram
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
