After AI Reaches Production: 12 Ways Security Teams Can Take Control

In my previous column, I offered some suggestions to help security teams avoid being blindsided when AI applications are moved into production. In this piece, I’d like to offer some thoughts on what is required for security teams to efficiently and effectively incorporate AI applications into the operational security workflow. While there has been much hype around AI applications, many security teams struggle with securing, monitoring, and defending them for a variety of reasons.

While not an exhaustive list, I’ve put together 12 practices that I’ve found helpful for incorporating AI applications into the operational security workflow:

Visibility: We cannot defend what we cannot see. As such, visibility is really the most fundamental of building blocks when it comes to securing AI applications. Beyond just awareness of and inventorying AI applications, visibility can help us identify exposures of sensitive data, vulnerabilities, deficiencies in controls, fraud, abuse, attacks, and other issues. This makes continuous visibility an extremely important ingredient when it comes to incorporating AI applications into the operational security workflow.

Understand Risk: If we’ve taken visibility seriously, we’ll have good data around risk. That data can be used to scientifically understand risk, rather than playing a guessing game. Beyond just a snapshot in time, understanding risk can be done on an ongoing basis in near real-time to allow the security team to more precisely evaluate the risk that one or more applications present to the enterprise. This makes understanding risk another helpful tool when it comes to incorporating AI applications.