In the wake of ChatGPT, every company is trying to figure out its AI strategy, work that quickly raises the question: What about security? Some may feel overwhelmed at the prospect of securing new technology. The good news is policies and practices in place today provide excellent starting points. Indeed, the way forward lies in extending the existing foundations of enterprise and cloud security. It’s a journey that can be summarized in six steps:

• Expand analysis of the threats
• Broaden response mechanisms
• Secure the data supply chain
• Use AI to scale efforts
• Be transparent
• Create continuous improvements

The first step is to get familiar with the new landscape. Security now needs to cover the AI development lifecycle. This includes new attack surfaces like training data, models and the people and processes using them. Extrapolate from the known types of threats to identify and anticipate emerging ones. For instance, an attacker might try to alter the behavior of an AI model by accessing data while it’s training the model on a cloud service. The security researchers and red teams who probed for vulnerabilities in the past will be great resources again. They’ll need access to AI systems and data to identify and act on new threats as well as help building solid working relationships with data science staff.

Full commentary : Defending enterprise AI is a journey that begins with extending security practices already in place.