Enterprises have been keenly exploring the potential of generative AI, deploying it to fuel innovation in data science, machine learning and AI teams. But the stealthy integration of AI features into products already owned by organizations has cybersecurity experts worried, said Jeff Pollard, vice president and principal analyst at Forrester.
According to Pollard, many AI solutions are being discreetly bundled into products that enterprises are already using. Vendors often integrate these capabilities without informing security teams, procurement departments or even third-party risk management teams. The absence of notifications or amendments to contracts means that stakeholders may remain entirely unaware of the new additions.
“This technology emerged so quickly, came on so fast, that one of the real challenges here is that if it’s been integrated into a product or service that you use, and you know about it, there is no telemetry layer. There’s no instrumentation that tells you that people are using it,” Pollard said.
The cybersecurity landscape is on the cusp of a major shift in which enterprises must not only be vigilant about their technology stacks but also about the controls that govern them, he advised.
In this interview with Information Security Media Group at Black Hat USA 2023, Pollard also discussed:
- Generative AI adoption trends;
- The benefits of mapping security controls and processes;
- How to make informed budget decisions while keeping AI and other emerging technologies in mind.
Pollard has over 15 years of experience in IT and cybersecurity. Before Forrester, he worked at Dell Secureworks and Verizon Business.