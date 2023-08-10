Generative artificial intelligence (AI) tools have the potential to significantly enhance worker productivity. However, business technology leaders who are responsible for implementing these tools are grappling with the cybersecurity risks they may bring.

As generative AI tools become more prevalent, business leaders must ensure they understand the capabilities they are deploying and whether they meet security standards. Similar to how companies rely on inventories of goods to manage their supply chain, software vendors are now being urged to provide a “software bill of materials” that outlines the components within their code, including open-source and proprietary elements.

The purpose of a comprehensive inventory is to enable companies to track the inner workings of their software more effectively and respond promptly to security vulnerabilities. The SolarWinds incident in 2020, which involved tainted software leading to a massive hack, highlighted the need for companies to reassess their relationships with third-party software vendors.

With the advent of AI models trained on company data, businesses must be even more cautious about potential data exposure in the supply chain. The rapid development of generative AI technology poses a challenge for companies trying to ascertain if it introduces new cybersecurity risks or exacerbates existing vulnerabilities. Additionally, technology vendors are inundating businesses with a barrage of generative AI features and offerings, not all of which are necessary or paid for.

The complexity of large language models makes it incredibly difficult to conduct thorough audits, leading to concerns among security leaders about the lack of visibility, monitoring, and explainability of certain AI features. There is also the possibility that generative AI can introduce security risks when models are trained using pre-existing code. If the code contains vulnerabilities, the generated code may inherit those weaknesses.

To address these concerns and ensure cybersecurity, technology vendors and companies need to navigate the complexities of generative AI and closely evaluate the security implications of the tools they adopt.