What IT Teams Need to Know About AI Advancement and the Cybersecurity Challenge

Posted January 16, 2024

As the impact of generative AI continues to evolve within the digital landscape, corporate IT teams are increasingly confronted with sophisticated new cyber threats. These threats, as highlighted by the National Institute of Standards and Technology (NIST) and other researchers, pose increasing challenges in ensuring the security and integrity of AI systems being introduced to corporate environments.

NIST’s recent publication “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations” casts a spotlight on the vulnerabilities inherent in AI systems. These vulnerabilities are exploited through various types of attacks, including evasion, poisoning, privacy, and abuse attacks, each with its own unique characteristics and methodologies. As AI tools are being introduced into more and more software in daily use, the new threats must be monitored and understood. A brief summary of some of the more common attacks AI is introducing to corporate America are outlined below.

Evasion attacks typically occur post-deployment of AI systems. They involve altering inputs to manipulate the AI’s response, such as modifying road signs to mislead autonomous vehicles.

Poisoning attacks, on the other hand, take place during the training phase of AI systems. These attacks introduce corrupted data into the training set, potentially leading to undesirable behavior in AI responses, such as chatbots adopting inappropriate language.

Privacy attacks aim to extract sensitive information about the AI system or its training data, often during deployment. This kind of attack can enable adversaries to reverse-engineer the AI model, leading to misuse of the system and disclosure of sensitive data.

Abuse attacks involve inserting incorrect information from legitimate but compromised sources, and repurposing the AI system’s intended use.

These attacks highlight the threat AI presents to otherwise protected corporate data and systems. Think of the AI as a new employee who isn’t bound by an NDA or who can likewise be swayed to disclose data. Just as we train employees to recognize phishing or other social engineering threats, we must now understand and control AI systems that are being injected into otherwise secure environments.

The challenges posed by these attacks are not just theoretical; they have practical implications, especially as AI systems become more integrated into various aspects of corporate operations. For instance, Microsoft’s announcement about integrating a dedicated Co-Pilot key in future Windows releases underscores the growing reliance on AI-driven functionalities in mainstream software. While this integration signifies advancement, it also potentially opens up new vulnerabilities and avenues for cyberattacks targeting AI systems.

To combat these threats, NIST and other experts emphasize the need for innovative and robust mitigation strategies. However, they also caution that there is no foolproof defense against these types of attacks. AI developers and users must be aware of these limitations and continually work towards enhancing the security of their systems.

For corporate IT teams, this means adopting a proactive approach towards AI security. This includes staying informed about the latest developments in AI and cybersecurity, understanding the types of threats their AI systems might face, and implementing comprehensive strategies to mitigate these risks. Collaboration with AI developers and adherence to guidelines like those provided by NIST can be instrumental in fortifying AI systems against these emerging threats.

The rapidly advancing field of AI presents both opportunities and challenges for cybersecurity. As AI becomes more embedded in corporate IT infrastructure, the need for vigilance and innovative security measures becomes ever more critical. Understanding the nature of these cyber threats and adopting a proactive, informed approach to AI security will be key to safeguarding corporate assets in this new era of technology. And something we’ll be monitoring closely.

Kyle Vinar

Kyle Vinar is Partner / President of Verus Corporation. He oversees all business operations and coaches Verus teams to continually improve on their solutions from client experience to product development and overall solution implementation. He works with all Verus resources to increase efficiencies and excellence in every aspect of their organizational roles. Kyle believes that people are the last real competitive edge that a company can have and constructing a rich culture is a vital step in running a world-class organization. Therefore he strives to create a culture within Verus that allows everyone to show up authentically and grow both personally and professionally, which in turn allows Verus Corp team members to provide clients with top-of-the-line service. Kyle helps balance strategy, capacity, and culture in such a way that has allowed Verus Corp to achieve exponential growth since he joined the company in 2013. One of Kyle’s greatest professional achievements has been in helping lay the foundation upon which Verus Corporation could be named the 2nd Best Place to Work by the Minneapolis/St. Paul Business Journal. Kyle holds a Bachelor of Science in Marketing from St. Cloud State University. He lives in Champlin with his wife and 3 children. He has enjoyed volunteering as a soccer coach for over 6 years and was the former Director of Coaching for Rebels Soccer Club. If Kyle isn’t on the sidelines of one of his children’s soccer games or in the audience of his eldest’s musicals, he can often be found cruising scenic routes on his Harley, in a deer stand, or on the golf course.