CAMBRIDGE, Mass. — As CIOs fortify enterprise data estates for an onslaught of large language model technologies, security anxieties are rising.
Emerging technologies introduce new vulnerabilities, attaching risk to the adoption process. But the speed of generative AI model development and implementation has intensified enterprise concerns, McKinsey and Company Partner Jan Shelly Brown said, speaking Tuesday at the MIT Sloan CIO Symposium.
“If you’re bringing in a GenAI-enabled third-party product and you don’t have the right data and access controls, your current gaps are going to be exposed,” Brown said.
Internal guardrails and data governance fortifications are table stakes for organizations shaping generative AI strategy. But the rapid uptake of generative AI productivity tools and LLM-ready software can undermine even the strictest control measures.
“All of your businesses are using AI, whether they're telling you about it or not,” Jeffrey Wheatman, SVP at security software company Black Kite, said during the panel.
“Your vendors are all using AI whether they're telling you about it or not,” Wheatman said, adding: “If we don't know what our businesses are doing, it makes it much harder for us to solve the problem.”
For cloud veterans, post-adoption security woes are a familiar foe. Threats in cloud represent a perennial enterprise concern, second only to cost overruns, which just recently overtook cybersecurity as the top worry.
After a post-migration evaluation, Home Depot found its primary challenge in cloud was cyber, the company’s EVP and CIO Fahim Siddiqui said during the panel. Siddiqui expects a similar pattern to emerge with generative AI.
“We have to reimagine how we think about social engineering, sharing our credentials and the different places of ingress and egress that the attacker has,” Siddiqui said. “It's not just the doors and the windows — they might pop in from the ceiling or they might drill a hole through the wall."
Home Depot is already using traditional AI/ML-powered defense tools to shore up its cyber operations, according to Siddiqui. But the executive believes it’s too early to entrust untested generative AI models with security solutions.
Instead, Siddiqui’s organization is building awareness throughout the Home Depot workforce, arming executives and associates with the knowledge they need to safely navigate generative AI use.
“We have, as part of our cyber team, one team that is entirely dedicated to educating, testing, and informing our people what to do and what not to do.” Siddiqui said. “You’ve got to help people not do the stupid [thing].”