Unveiling cybersecurity threats in the age of generative AI

Organisations’ utilisation of generative AI may overshadow the security risks associated with large language model (LLM)-based technologies like ChatGPT, warns recent research. According to a report, the open-source development space and the software supply chain are particularly vulnerable to these threats.

Studies reveal that despite the widespread adoption of LLMs in the open-source community, the initial projects developed using this technology are largely insecure. Cybersecurity professionals underline the urgent need for improved security standards and practices to mitigate the growing risks in developing and maintaining this technology.

 

This issue poses a significant security risk to organisations, especially as generative AI continues to gain momentum across various industries.

 

As these technologies gain wider adoption, they become attractive targets for cybercriminals, leading to substantial vulnerabilities. The risks associated with LLMs must be addressed promptly to ensure the continued development and deployment of secure generative AI technologies.

Further, experts emphasise the need for enhanced security standards and practices concerning LLMs. Without significant improvements in security measures, the likelihood of targeted attacks and unlocking vulnerabilities within LLMs will only increase over time.

Meanwhile, in the workplace, while the adoption of generative AI offers productivity benefits, organisations overlook the potential insider risks associated with these technologies. The “overwhelming majority” of organisations lack an insider risk strategy, leaving them unaware of users leveraging generative AI for tasks like code writing and form filling.

Researchers highlight that data breaches can occur even without malicious intent. Often, users employ generative AI to enhance their job efficiency. However, if companies are unaware of LLMs accessing critical code or sensitive data repositories, they face a ticking time bomb of potential consequences.

Addressing the insider risk associated with generative AI requires organisations to establish robust strategies and prioritise security measures. Implementing comprehensive insider risk programs that include user education, access controls, and monitoring can help mitigate potential data breaches.

Additionally, organisations must monitor and log LLM interactions, regularly audit and review AI system responses, and promptly address potential security and privacy issues. By updating and refining LLMs accordingly, organisations can enhance the security and privacy of their AI systems.

By being proactive and adopting these measures, organisations can navigate the unique challenges posed by generative AI and LLMs, ensuring the future development and deployment of secure and reliable AI technologies.