With the proliferation of generative AI, much of it consumer-oriented, it may be inevitable that such platforms and tools find their way into the workplace -- even if they are not designed to meet the oversight businesses require in their technology.
From proprietary code to sensitive data, the stakes can be high for organizations. Generative AI (genAI) that is not built specifically for the rigors businesses face could be a liability when it comes to regulatory compliance on information security and access. Moreover, what consumer-focused generative AI produces might be fraught with AI hallucinations, errors, and simply not measure up to the standards businesses require.
Amusing tools for spawning digital content might leave a few windows, doors, and ventilation ducts open -- potentially compromising digital security.
Anton Chuvakin, security advisor at the Office of the CISO with Google Cloud, spoke with InformationWeek about how consumer-oriented generative AI might bring more headaches than efficiency to businesses.
Consumer technology, such as smartphones, worked their way into the workplace, sometimes before folks really thought about how device management or security was going to be dealt with. Organizations might be caught up in the shiny new object of generative AI now, and not asking how they can actually police this. Can they shift to something else, potentially stop the use of consumer-oriented generative AI?
Related:How Generative AI Is Changing the Nature of Cyber Insurance
I think that the cases weve encountered are kind of fun and occasionally quite irrational. Wasnt there the classic case in the media about the lawyer who was using ChatGPT, and it was giving him made-up data? To me this is like the top of the iceberg of consumer-grade AI being used for business. In many cases what I would have to deal with as part of the Office of the CISO is the security leader calling me and saying, We need security guidance. And then they ask about these controls and those controls. And then they, Oh, by the way, we use ChatGPT-3.
Im like, But its a toy.
A very fun toy. The point is that these are toys for fun and personal education. But youre describing the levels of control, granular access between teams at your organization, but then you say you use ChatGPT-3. That makes absolutely no sense, but to him it did because his business was pushing him -- that they want to use this tool.
In essence, these stories are quite surreal at times because what we encounter from clients is just a lack of understanding of whats a consumer toy -- probably inaccurate, but still good.
Related:Selipsky at AWS re:Invent on Securing Data in the GenAI World
I was writing a letter to my former dance teacher using Bard [Googles chat-based AI tool. Today, Google announced it was changing Bard's name to "Gemini."] Its like a belated Christmas message. Bard [Gemini] is doing great with that. Would I do it for security advice given my realities to a customer? No. General advice would probably be good, but you need to have precision; you need to have certainty; you need to have provenance of data. But this intermixing is kind of endemic and sometimes it pops up not only as mismatch of use cases, but also people demanding controls, which they expect in enterprise technology from consumer-grade technology.
The result is even more hilarity is generated because its not going to fit.
When our field teams talk to customers about Vertex AI [Googles tool for testing and prototyping generative AI models], there are many, many layers of controls -- technology, procedural controls explaining how we do things.
What I want to invent, ultimately what we want to invent, is more than just education. We dont just want to tell people, Hey, youre really doing it wrong. It only goes so far. I feel like building an enterprise stack so that its as easy to adopt as consumer-grade tech but has all the controls is going to be the direction, probably for the future.
Related:Generative AI an Emerging Risk as CISOs Shift Cyber Resilience Strategies
Another common enterprise theme is people say, Would it learn from my prompts? And the answer is, Yes, of course for consumer-grade; no, of course not for enterprise.
Its like complete polar opposites. Yes, it would. No, it would not. Absolutely, yes. Absolutely, no. You see these forks in the road and if you really want an enterprise AI for enterprise use cases, you push vendors to build things, require things, require controls, require privacy controls, require governance controls -- a long list of things versus just go and sign up.
There are mindsets about being aware of security, visibility, access, and what is going on within an IT infrastructure or cloud infrastructure. For whatever reason, did that just kind of get forgotten once generative AI came onto the scene?
If you look at some of the online reports about some people who are trying to create an enterprise AI out of consumer AI, you would see some hilarity in the access permissions. For example, your function at an enterprise shouldnt see what my function in the enterprise does with the AI. It may be compliance; it may be just practical. It may be that mine is less sensitive than yours, but this type of cross-pollination, cross-learning is sort of assumed in consumer because you wanted to learn from everything. But its assumed to not be there in enterprise.
For example, if I am a security incident responder and you are an IT guy, I dont want you looking at my tickets (a very 1990s example), because it is possible that Im investigating you for leaking corporate data. There are many other reasons why security data is more sensitive. Imagine the same thing with genAI where youre training AI on tickets.
Some companies would say, AI -- tickets. Push the button. Did they think, Whoa, wait a second. Their permissions, the level of sensitivity here, its not just like a ticket database. Ive been telling a story -- it didnt happen to a client, but its something Ive heard from industry contacts where something vaguely similar happened. If they didn't have genAI, if they were just playing in enterprise, they would think, OK, what are the access rules? Who would access what?
But with this particular AI, not only they didnt think about it, the actual tech stack they used did not have a way to do it because it was kind of a derived from ultimately consumer genAI. To me this type of permissioning, and Im not talking about like fine permissioning, but more like, Just give it all the data.
What are the consequences for enterprises? Whats at stake here if organizations dont make it clear within their operations how theyre going to use gen AI, whether or not theyre going to allow use of the consumer-facing options? Have we learned lessons from examples in the earlier days for ChatGPT when proprietary code from Samsung got into the wild?
In essence they went to ChatGPT, and they submitted pieces of Samsung code and wanted to improve it or whatever the use case was -- I vaguely recall that. It wasnt really an accident from their point of view. They really did want to do exactly that. It was just the wrong tool.
The problem is that at the time, there were no right tools. I think that the excitement to use new technology is obviously a feature of many IT technologists. Maybe less so in security. Frankly, just the other day, I was polling security leaders about what they care more about: securing AI or using AI for security?
I expected them to go full-on paranoia and say, Hey, were all securing AI. But in reality, it split half and half. It was a very informal poll, not Google-sponsored. The point is that the balance wasnt, Im a CISO; I care about secure use of AI by my company. The result was one CISO, "yes," another CISO is, I care about using AI for security now. The motivation to move quickly is very strong and I sense that the fear of missing out here is stronger. This is my guess, based on my experience.
More:
Google Cloud's Anton Chuvakin Talks GenAI in the Enterprise - InformationWeek
- Open source cloud computing slow to catch on, survey finds [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle CFO: no acquisitions needed to compete in cloud [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- IDC Survey: U.S. Corporations Aim to Tackle IT Challenges with Cloud Computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Where does the ICO's new cloud guidance take you? [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- ChinaSoft International Signs Strategic Cooperation Agreement with Alibaba Cloud Computing to Develop PaaS Platform [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- IT Leaders Forum: Shedding light on cloud computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle Public Cloud Computing [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Oracle Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing 101 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Lenovo Gets Into Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing Certification Training | Cloud Computing Training By Simplilearn - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Succeeding or Failing with Cloud Computing - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Demystifying the Cloud - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- N: Cloud Computing, Syria PM Defects, US to Clean Agent Orange and MORE! - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Cloud Computing - Tv9 - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- AWS 101 Cloud Computing Seminar-Bangalore - Video [Last Updated On: October 5th, 2012] [Originally Added On: October 5th, 2012]
- Trust - The Key to Cloud Computing Growth in Europe [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Cloud Computing Saves Health Care Industry Time And Money [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Synnex CEO Kevin Murai: Tablets, Mobile, Cloud Computing (p3) - Video [Last Updated On: October 6th, 2012] [Originally Added On: October 6th, 2012]
- Enterprise computing IS the cloud [Last Updated On: October 8th, 2012] [Originally Added On: October 8th, 2012]
- 44 Percent Of US Execs To Tackle IT Challenges Through Cloud [Last Updated On: October 8th, 2012] [Originally Added On: October 8th, 2012]
- ZapThink Announces Expansion of Cloud Computing for Architects Course [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Euro Zone Eyes Cloud Computing to Kick Start Economy [Last Updated On: October 9th, 2012] [Originally Added On: October 9th, 2012]
- Advantages, challenges of cloud computing discussed Oct. 10 at NJIT [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- Dell Expands Cloud Client Computing Solutions for VMware View®, Desktop as a Service and Channel Offerings to Europe [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- Cloud West to Focus on Entertainment Delivery, Network Infrastructure, and Investment, More at Nov. 8-9th Forum [Last Updated On: October 10th, 2012] [Originally Added On: October 10th, 2012]
- IBM, AT&T Offer Secure Passage to the Cloud [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing company hits new fundraising heights [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing firm hits new fundraising heights [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Cloud computing: here we go again [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- Chinese Want to Put Computer 'Brains' in the Cloud [Last Updated On: October 11th, 2012] [Originally Added On: October 11th, 2012]
- CenturyLink Unveils Cloud Product [Last Updated On: October 12th, 2012] [Originally Added On: October 12th, 2012]
- Cloud Security Evolves in Wellington [Last Updated On: October 14th, 2012] [Originally Added On: October 14th, 2012]
- 2X ApplicationServer XG Joins the Intel AppUp SMB Service Hybrid Cloud [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- Piston Cloud to Exhibit and Present at the 2012 OpenStack Summit in San Diego [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- How to get your first cloud computing job [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- DreamHost Adds Public Cloud Computing Service: DreamCompute [Last Updated On: October 15th, 2012] [Originally Added On: October 15th, 2012]
- Aryaka Receives 2012 Cloud Computing Excellence Award [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Making a Europe fit for the cloud [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Cisco Execs Plumb The Limits Of Cloud Computing [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Cloud firm invests in new network [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- AirWatch Receives 2012 Cloud Computing Excellence Award [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Dell Extends Cloud Client Computing Portfolio with New Solutions Validated by Citrix [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Pano Logic and Alliance InfoSystems Join Forces to Deliver Zero Client Computing [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- 5 Cloud Business Benefits [Last Updated On: October 17th, 2012] [Originally Added On: October 17th, 2012]
- Alteva Receives 2012 Cloud Computing Excellence Award [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Open Text profit beats estimates on cloud services [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing improves nurse call system [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing: Top five tax considerations for your business [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- OKI and ISID to Provide Chemical Information System as Cloud Computing Services [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- As Mobile Grows, So Does Cloud Computing [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- IBM Analytical Decision Management SaaS - IBM Cloud TechTalk October 2012 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- JAX London 2012: Achieving genuine elastic multitenancy with Waratek Cloud VM for Java - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Microsoft 2020 technology future vision - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Infinity Cloud Point of Sale and Complete Retail Suite.mp4 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Small Business IT Support, Computer Support, Web Design Atlanta - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing - Simplified - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- How Allied Valve Used the Cloud to Expand in Bakken Oilfield - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing in the Public Sector - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing | Sacramento | Data Protection | IT Consulting | Symmetry Managed Servces - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- The Business Value of Cloud Computing - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- GYMNAZO Owner/Coach Michael Hughes is excited about edufii - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Automation in the age of cloud computing - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud Computing.mp4 - Video [Last Updated On: November 1st, 2012] [Originally Added On: November 1st, 2012]
- Cloud computing in 2013: a conversation with Appcore's CEO [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Cloud adoption growing in India: study [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Eastday-Microsoft picks city for cloud computing [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Towards a blue sky: How SMEs can avoid Cloud Computing confusion [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Consultancy Services - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Axxis Solutions Sponsors FIBA Technical Seminar on Cloud Computing - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- RightScale Webinar: 451 Research Webinar: Cloud Dos and Don'ts - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Apple Technology (Vishwa Bandhu Gupta) - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Mind Tree Ltd. - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- BIM Cloud Computing [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Entreda discusses cloud services for small and medium businesses - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Austin IT Company | Computer Networking [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- Cloud Computing and Services - After Effects Template - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- FieldStorm App Tour - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]
- The Hon Brendan O'Connor's speech: AccountRight Live launch event - Video [Last Updated On: November 3rd, 2012] [Originally Added On: November 3rd, 2012]