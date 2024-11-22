There are few better current-day examples that demonstrate the impact of an industry innovation than the disruptiveness of gen AI. Its benefits are already employed by actors both good and bad. Good implementation of gen AI (or similarly related AI tools) can result in increased productivity through better response to security events, whereas poor implementation can result in financial loss, operational disruption and reputational damage — at minimum.

But with the most exciting innovations, adoption almost always outpaces adaptation. Visualize two acceleration curves: the top one, accelerating at a greater rate, represents adoption, while the lower one, accelerating at a lesser rate, represents adaptation. That gap between the curves represents the risk, or threat to resilience, being incurred.

In the gen AI space, business pressures demand adoption — almost any technology or service solution today comes with the “we use artificial intelligence” tag somewhere. But security measures are consistently outpaced by adoption, especially when nefarious actors are using that same technology to help give themselves a competitive advantage.

So, what is a method to bridge that gap?

Determining risk tolerance is always the first step to maximizing your organization’s resilience. In the case of gen AI’s high-speed adoption, where there is a “build it while flying it” mantra, frameworks are particularly helpful. For example, IBM’s Framework for Securing Generative AI helps outline key principles, including:

Securing data

Securing models

Securing usage

Securing infrastructure

Establishing governance

Managing the pipeline

So far, this framework looks very much security-focused, and that would be a correct assessment. But to shift the focus back to the bigger picture, start by asking some of these questions:

Can we secure the data, models, usage and infrastructure in a timely and cost-effective manner?

Do we have the necessary controls and processes to establish and implement governance and manage the influx of data?

Is there a business case for adoption?

Have we considered the consequences of “too early” versus “too late” adoption?

Can we manage and recover from a gen AI failure, regardless of the source?

If it does fail, how do we get stronger from that lesson after recovery?

These types of questions can be useful during any type of rapid change. In the course of working towards the answers to your organizational needs, using the rule of “perfect is the enemy of good enough” can help move towards practical solutions. Moreover, in the case of a data breach or other incident, answering these questions in advance can dramatically impact strategic and tactical response and recovery efforts.