The Rise of AI PCs and the Immediate Security Considerations

Posted February 27, 2024

The emergence of AI PCs, spearheaded by companies like Microsoft, introduces a new frontier in computing, blending the capabilities of generative AI directly into the PC experience. However, this innovation also raises several security concerns.

One of the core features of these AI PCs, as highlighted by Microsoft’s integration of Copilot into Microsoft 365, is the ability to streamline productivity across various applications. Copilot can generate content, summarize meetings in Teams, prioritize emails in Outlook, and analyze data in Excel. While this integration promises significant productivity enhancements, it also introduces potential security vulnerabilities, particularly in data exposure and permission management as reported by Hacker News.

The AI PC market is anticipated to grow rapidly, driven by an increased focus on AI capabilities from manufacturers. Analysts predict a significant uplift in tech spending in 2024, with shipments potentially reaching 267 million units, an 8% increase compared to 2023. This growth is attributed to the need for replacing older devices and the introduction of AI-optimized hardware and software, indicating a major shift towards AI-capable PCs.

The security model for Microsoft 365 Copilot, for instance, illustrates the delicate balance between productivity and security. While Copilot operates within tenant isolation, ensuring data from the user’s Microsoft 365 tenant isn’t mixed with others, and doesn’t use business data for training its LLMs, challenges remain. Permissions settings may allow Copilot to access all organizational data that users have view permissions for, without inheriting the Microsoft Purview Information Protection (MPIP) labels from the source files. This could potentially lead to sensitive data being included in AI-generated content, underscoring the importance of tight permission controls and vigilant review of AI-generated outputs.

The inheritance of Microsoft Purview Information Protection (MPIP) settings is crucial for maintaining robust security across an organization’s data ecosystem. MPIP labels help classify, protect, and govern sensitive information, ensuring that data handling complies with company policies and regulatory requirements. When these settings are properly inherited by documents and emails, it requires consistent application of protection measures, preventing accidental exposure of sensitive information. This automated enforcement of security policies across all data types and locations significantly reduces the risk of data breaches and enhances compliance efforts.

Several other companies have announced plans to release AI PCs and we’re sure more will as the trend continues. Lenovo has introduced the ThinkBook 13x Gen 4 laptop and ThinkCentre neo-Ultra desktop with built-in AI capabilities, such as a dedicated NPU for enhanced productivity and creative power. These devices are designed to optimize user experiences through AI-powered features in various software applications, offering a new level of performance and battery life optimization. Additionally, other major players like Dell Technologies, HP, and Microsoft have also joined Intel at CES 2024 to highlight their business prospects for AI PCs, indicating a widespread industry shift towards integrating AI into personal computing devices.

As AI PCs become more prevalent, organizations must navigate these security considerations carefully. AI should bring an incredible leap to productivity as models manage and operate more and more of our digital lives. However with great access to data comes great responsibility and how responsible these AI systems are, is still to be seen. In the meantime, ensuring data privacy, managing permissions wisely, and maintaining a balance between leveraging AI’s productivity gains while mitigating risks will be crucial. The development and adoption of AI PCs herald a new era of computing, promising enhanced efficiency but also demanding heightened security awareness and measures.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.