Artificial Intelligence (AI) is evolving rapidly and being used in various ways within enterprises. However, CIOs have concerns about the security and privacy risks associated with AI usage. There are fears that employees and stakeholders may inadvertently share sensitive data or expose vulnerabilities. CIOs are also concerned about compliance with emerging AI regulations.
To manage the use of AI in the enterprise, CIOs are finding ways to incorporate generative AI safely. One suggestion is to gradually integrate AI into the existing architecture rather than attempting to block access to it. This requires training employees, partners, and stakeholders about AI, its risks, and how to use it safely. Employee training, usage policies, and monitoring AI traffic are some of the techniques used to protect data and assess the risks of using public large language models (LLMs).
The U.S. government has recognized the need to regulate AI and has issued guidelines for AI governance in government agencies. Although the implementation of new laws is still far off, it is essential to start shaping AI regulation for the broader market. Given the rapid evolution of AI, it is necessary for CIOs to take steps to manage its safe use within their organizations.
CISOs can take four key steps to manage the safe use of generative AI:
- Training, policy, and process: Employees, partners, and stakeholders should undergo AI training and organizations should implement policies and processes to ensure the safe use of AI.
- Sandboxing the public LLMs: Creating a sandbox for public LLMs allows users to access their capabilities without sharing local knowledge back to the LLMs. Alternatively, organizations can use open-source LLMs locally to protect proprietary information.
- Monitoring AI traffic: CISOs can monitor network traffic to identify which prompts are going to LLMs and what information is coming back. This helps the security team make informed decisions about the safe use of LLMs.
- Future of LLM firewall (proxy server): If LLMs can provide firewall capabilities, organizations can more safely use generative AI within their networks. Proxy servers could be developed to incorporate organizations’ processes and policies for added security.
CISOs must work with senior management to implement these steps and manage the safe use of generative AI in their organizations. It is also worth considering the role of a Chief AI Officer (CAIO) to oversee the practical and marketable use of AI in the enterprise alongside the CISO.