We have seen reputable independent bodies such as NISTlaunch its AI Risk Management Frameworkand CISA its Roadmap for AI. Also there have been various governments that have established new guidelines, such as EU AI EthicsGuidelines. The Five Eyes (FVEY) alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States have also weighed in and developed Secure AI guidelines, recommendations that are a stretch for most organizations to address but speak volumes of the joint concern that these nations have for this new AI threat.

How enterprises can cope

To make matters worse, the shortage of cyber talent and an overloaded roadmap aren’t helping. This new world requires new skills missing in most IT shops.  Just consider how many staff in IT understand AI models – the answer is not many.  Then extend this question to who understands Cybersecurity and AI Models?  I already know the answer and it is not pretty.

Until enterprises get up to speed there, current best practice include establishing a generative AI standard that includes guidance on how to use AI, and what risks need to be considered. Within large enterprises the focus has been on segmenting generative AI use cases into low risk and medium/high risk. Low-risk cases can proceed with haste. On the other hand, more robust business cases are required for medium- and high-risk examples to ensure the new risks are understood and part of the decision process.