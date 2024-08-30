Not knowing where to start might be the inhibitor for security action too. Which is why IBM and AWS joined efforts to illuminate an action guide and practical recommendations for organizations seeking to protect their AI.

To establish trust and security in their generative AI, organizations must start with the basics, with governance as a baseline. In fact, 81% of respondents indicated that generative AI requires a fundamentally new security governance model. By starting with governance, risk, and compliance (GRC), leaders can build the foundation for a cybersecurity strategy to protect their AI architecture that is aligned to business objectives and brand values.

For any process to be secured, you must first understand how it should function and what the expected process should look like so that deviations can be identified. AI that strays from what it was operationally designed to do can introduce new risks with unforeseen business impacts. So, identifying and understanding those potential risks helps organizations understand their own risk threshold, informed by their unique compliance and regulatory requirements.

Once governance guardrails are set, organizations are able to more effectively establish a strategy for securing the AI pipeline. The data, the models, and their use—as well as the underlying infrastructure they’re building and embedding their AI innovations into. While the shared responsibility model for security may change depending on how the organization uses generative AI. Many tools, controls, and processes are available to help mitigate the risk of business impact as organizations develop their own AI operations.

Organizations also need to recognize that while hallucinations, ethics, and bias often come to mind first when thinking of trusted AI, the AI pipeline faces a threat landscape that puts trust itself at risk. Conventional threats take on a new meaning, new threats use offensive AI capabilities as a new attack vector, and new threats seek to compromise the AI assets and services we increasingly rely upon.