Artificial Intelligence Can Make You More Secure - and More Vulnerable

Generative AI (GenAI) seems to be taking over everything, everywhere. You may already be considering the best ways to integrate the technology to benefit your own organization. While putting it to use certainly has potential upsides, its very existence is already posing a range of security risks to businesses of all types. This is where managed cybersecurity becomes crucial, as it helps mitigate these risks and ensures safe and effective AI integration.

Hackers love GenAI

Even though it’s been around a relatively short time, GenAI has already become a go-to tool for cybercriminals. The technology’s ability to continually and quickly learn, adapt, and improve itself makes it a powerful capability that’s seemingly irresistible. According to the “Hacker-Powered Security Report” from HackerOne:

• 14% of hackers now consider GenAI to be a significant tool 
• 61% indicate they plan to use and develop hacking tools using GenAI to find more vulnerabilities.
• 55% of hackers predict that GenAI tools themselves will become a major target in the coming years. 

A more effective attack

Hackers are putting Generative Artificial Intelligence to work making phishing attacks harder to detect and easier to fall for. The technology enables attackers to build more attractive lures into phishing emails in order to reel in potential victims. It can also make attacks more realistic by eliminating spelling and grammar mistakes, and utilizing more professional, personalized writing styles.

GenAI can utilize real-time information to make messages seem more believable and boost the sense of urgency to act. In just seconds, it can collect, curate, and combine information from multiple sources, and turn it into an ultra-targeted, extremely convincing email, or even clone a voice or image of a trusted colleague to use in a deepfake video or voice message.

Using GenAI for good

Dangers aside, organizations around the world are adopting GenAI technology to benefit their businesses at an extremely rapid pace. According to a 2024 Gartner poll, nearly two-thirds of organizations surveyed are using GenAI across multiple business units, a 19 percent jump since 2023.

Forty percent of poll respondents say their organization is using GenAI in more than three business units. And, one in five organizations currently have a GenAI project in process. Customer service is the most common usage, followed by marketing and sales. 

Interestingly, GenAI can even squeal on itself, which means it can be extremely effective at detecting AI-powered cyberrisks. GenAI may also be able to identify the types of attacks an organization is most likely to experience. While using Generative Artificial Intelligence to monitor all incoming messages could be an effective preventative step, it’s an expensive strategy at this point. Looking forward, however, GenAI tools will likely become more cost-effective. They may also become more efficient, focusing on specific industries, demographics, and other indicators. 

A work in progress

While GenAI can certainly be a useful business tool, it’s not without its flaws. A few important pitfalls to beware of:

• It’s not always right, and can present incorrect information as facts – referred to as “AI hallucination.”
• It can be biased, and easily influenced by leading questions.
• It can be steered into creating offensive content – referred to as “prompt injection attacks.”
• It can be corrupted by manipulating the data used to train the model – referred to as “data poisoning.”

Defining best practices

As more people become comfortable using Artificial Intelligence-based tools like ChatGPT, smart organizations are establishing basic guidelines for their employees. The primary directive is to avoid inputting any private, protected, or proprietary information. It’s vital to remember that AI learns from everything a user inputs into the system, and that means it can be served up to another user at any time. 

Because interacting with an AI tool can easily distract employees from other tasks, some organizations are monitoring usage, setting time limits, and emphasizing the importance of staying focused on work-related topics. 

Additionally, it’s important to ensure employees respect copyright and intellectual property rights. Utilizing this type of content without proper permission can have unpleasant consequences. 

And finally, because AI does make mistakes, it’s vital to verify any AI-generated information before using it in company communications or decision-making processes.

Getting it right

Developing secure GenAI systems begins at the organizational level, where security is the starting point for all AI-based projects. This “secure by design” approach requires strong leadership, and a focus on security as a business priority, rather than simply a technical consideration. 

The operational, financial, and reputational damage wreaked by an AI-based security compromise can be swift and substantial. Because of those risks, many small and mid-sized businesses are choosing to work with an external partner to integrate AI into their organizations. 

A CompassMSP representative would be happy to discuss your needs and explain how the right expertise can help you securely integrate Generative Artificial Intelligence to boost efficiency and propel you toward your business goals, please contact us here, or call 833-444-2677. 

Register for the next CompassMSP Cybersecurity Webinar

You’re invited to joins us on June 27^th at 1:00 PM EDT for "Identify: Risk Management Essentials Safeguarding Business Assets and Growth", the second of a series of informative webinars. We’ll discuss the current cybersecurity landscape, a roadmap for effective, holistic protection, and much more.