Deploy Securely

Share this post

Deploy Securely
Deploy Securely
The ONLY 4 ways security leaders can manage AI risk to deter lawsuits, prevent fines and hacks, and reduce costs
Copy link
Facebook
Email
Notes
More

The ONLY 4 ways security leaders can manage AI risk to deter lawsuits, prevent fines and hacks, and reduce costs

Applying tried and true risk management tools to AI.

Walter Haydock
Jul 29, 2024
1

Share this post

Deploy Securely
Deploy Securely
The ONLY 4 ways security leaders can manage AI risk to deter lawsuits, prevent fines and hacks, and reduce costs
Copy link
Facebook
Email
Notes
More
2
Share

Check out this YouTube Short on the topic.

1. Transfer

Cyber insurance is the obvious one here. Adjust your premium if AI use can especially hurt (or help) you.

Another one?

Indemnification for alleged copyright infringement.

  • OpenAI

  • Microsoft

  • Google

and others will bankroll your legal defense if someone else sues you for infringement. (Only applies in certain situations. Not legal advice).

2. Avoid

Straightforward, but requires knowing about risks first. Examples:

  • ChatGPT’s default data retention period (forever) and training policy (continuous) are too risky for you. You decide not to use it in this mode.

  • You understand using system prompts to control data access with a retrieval-augmented generation (RAG) application is a security risk. So you don’t do it.

  • Choosing another architecture, like a neutral security policy, might also be considered mitigation.

    Refer a friend

That brings us to the next technique:

3. Mitigate

This means reducing the likelihood or impact of a risk and includes:

  • Requesting OpenAI’s Zero Data Retention (ZDR) feature to prevent your data from sitting on someone else’s servers.

  • Rate limiting the number of messages or prompt length an application will accept. This reduces the risk of someone running up your compute costs by bombarding the application with requests.

  • Applying guardrails to an AI chatbot to prevent it from saying things you don’t want and embarrassing your company.

If it’s too expensive to mitigate, transfer, or avoid a risk, you might decide to do this with it:

4. Accept

No different from “traditional” cyber risk situations, except:

  • Passive acceptance of AI risk becoming easier to do.

  • With 4th party AI (your vendors’ vendor), it’s possible to find your data in AI systems for which you didn’t decide to accept the risk.

  • Monitor your vendors continuously to make sure you aren’t passively accepting AI risk.

Acceptance also includes willful ignorance of the risk.

Need help managing AI-related risk?

StackAware helps AI-powered companies tackle these issues related to:

  • Cybersecurity

  • Compliance

  • Privacy

Taking a quantitative approach with the Artificial Intelligence Risk Scoring System (AIRSS), we give you the information you need for informed risk management decisions.

Ready to chat?

Book a call

1

Share this post

Deploy Securely
Deploy Securely
The ONLY 4 ways security leaders can manage AI risk to deter lawsuits, prevent fines and hacks, and reduce costs
Copy link
Facebook
Email
Notes
More
2
Share

Discussion about this post

No posts

Ready for more?

© 2024 StackAware
Publisher Privacy ∙ Publisher Terms
Substack
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More