Source: www.darkreading.com – Author: Michael Bargury
Source: Michael Turner via Alamy Stock Photo
Working for a large enterprise for many years often leaves you with a strong feeling that everything will forever stay the same. Sure, some things change, even drastically. There are ups and downs, reorgs on a regular cadence, and sometimes companies even reinvent and rejuvenate themselves like Satya Nadella’s Microsoft did in recent years. But most things stay the same, and culture runs deep. There is an inherent unwillingness to change; after all, these are large, successful enterprises — why change?
Security professionals often reach a point in their careers where they look back and ask: Have we made any progress? Are organizations really more secure today than they were 20 years ago? Sure, the threat landscape is different, but so is the amount of money and, more importantly, mindshare being spent on security throughout the industry. Even with all of that, some things never change. We have evergreen sayings, like “developers don’t care about security,” “you can’t secure the perimeter,” “x is the new perimeter,” and my personal (un)favorite, “users are the weakest link.”
Securing a large enterprise means having to deal with the problems of a large enterprise, which, as stated above, has a basic unwillingness to change.
Until it does.
Changing at the Speed of AI
Enter artificial intelligence (AI). Emboldened by the technology’s promise of changing all industries, large enterprises are mobilizing their AI initiatives at lightning speed. It’s been incredible (and frightening) to see how fast Microsoft and others, including Salesforce, Google, and Amazon, have pushed AI directly into their core enterprise offerings. They do this despite knowing that AI has serious problems that no one can really solve yet, like alignment with human values and safety risks. They do this because their customers — the entire enterprise market — are eager to adopt the bleeding edge to get one up on their competition.
Whether you are an AI enthusiast or an AI skeptic doesn’t matter at this point. The winds of change are blowing, and an opportunity has opened up in which enterprises are willing to risk their core competencies to reap the rewards of AI before their competitors do.
Breaking the Enterprise
The most significant advancement in enterprise AI is business Copilots. Every large Microsoft shop is looking into Microsoft 365 Copilot to seek fulfillment of the promise of a huge productivity boost. Google, AWS, and Salesforce have released their own versions: Duet AI, Amazon Q, and Einstein, respectively. They’re doing this because they see a huge value to be gained. This idea of a Copilot also completely breaks key assumptions about how an enterprise operates.
-
Breaking permissions. To service my requests, my personal corporate AI needs to munch through all of the data I can access in order to index it so that it’s available for query. Pretty soon we can expect it to train on the previous conversation I had with it. Now let’s consider what happens when I move to a different role in the company or somebody removes my access. Can we remove that knowledge from the AI’s neural network? That does not seem to be an existing capability of models today. Maybe tomorrow?
-
Breaking data boundaries. If a single AI can answer questions across all of my corporate data access, it is difficult to see how data boundaries could be maintained. Every control we put in front of data becomes meaningless, when the AI can read the data and write it infinite times from its “memory.”
-
Breaking activity monitoring. We’re used to monitoring user activity to find snooping employees or distinguish between human and scripted behavior. When AI works by user impersonation and has to touch every piece of data to which I have access to build an index, does anomalous access mean anything anymore?
These problems might have solutions right around the corner, or they might be insurmountable in AI’s current form and require a fundamental rethink. But one thing is clear: The problems have not been solved, yet we’re moving forward anyway. And that is bound to be interesting.
Original Post URL: https://www.darkreading.com/cyber-risk/move-fast-and-break-the-enterprise-with-ai
Category & Tags: –
Views: 0