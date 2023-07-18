Many organizations use artificial intelligence (AI) to optimize processes, analyze data, diagnose and treat patients, and customize user experiences.

We recently wrote about the privacy and cybersecurity risks with AI. Since that time, the use of AI has continued to expand, and the Canadian Centre of Cyber Security has now issued an awareness bulletin on the significant risks posed by generative AI.

In this blog we provide an overview of the risks outlined in the bulletin and what your organization can do to mitigate those risks.

What is generative AI?

The bulletin focuses on generative AI – this is the type of AI that is used to generate new content by modelling features of data from large datasets fed into the model (think ChatGPT, Bard and Bing). This AI can be used to generate content in many forms including text, image, audio and software code. As a result, it is currently used in a number of areas including health care, software development, online marketplaces, business, publishing and media, education and cybersecurity.

What are the risks?

The Centre emphasizes that, while the capabilities of generative AI present great opportunities, they also bring many concerns from a cybersecurity standpoint.

Some of the key risks in generative AI that the Centre has identified are as follows:

Using content for misinformation and disinformation and as part of scams and fraudulent campaigns against individuals and organizations

Creating sophisticated and highly realistic phishing emails and scams that lead to identity theft, financial fraud and other cybercrime

Users supplying confidential corporate and personal information in queries and prompts, allowing threat actors to harvest and misuse this information

Creating malware for use in targeted cyberattacks

Deliberately or inadvertently introducing unsecured or buggy code in software development

Injecting malicious code into datasets which undermine the accuracy and quality of content and boost the chance of large-scale supply-chain attacks

Fundamental bias and prejudice as a result of reliance on content

Stealing corporate data faster and in bulk, including proprietary business information and intellectual property

How can you mitigate risks for your organization?

The Centre recommends the following to minimize the risk of compromise resulting from cyberattacks that leverage generative AI:

Implement strong authentication mechanisms including multi-factor authentication (MFA)

Apply security patches and updates

Stay informed of latest threats and vulnerabilities

Protect networks using network detection tools to monitor and scan for abnormal activities

Train employees on the risks and how to respond to attacks

Establish and implement generative AI usage policies that include guidance on how to use technology in a way that avoids compromises to your organization's data and intellectual property and to improve the quality of outputs

Choose tools from security-focused vendors

Avoid the use of sensitive corporate or personal information with AI

