Artificial Intelligence and Cybersecurity – Volume 1

I am considering using AI in my business.  What basic cybersecurity components should I factor into my decision?

Artificial Intelligence has become a hot topic recently.  The basic concept of Artificial Intelligence is that it uses computers and automated methods to perform problem solving and decision-making skills typically performed by humans.  Considering this, what cybersecurity controls should be included when making the decision on how to apply artificial intelligence:

1. Confidentiality and Access. Like any other critical asset, the information used and created by artificial intelligence should be controlled.  First, the access to information that is fed into Artificial Intelligence tools should be limited to a “need to know” basis.  This may be information that is collected from various integrated systems within your company.  Also, the information that is generated by Artificial Intelligence should be controlled. The AI tools themselves should also be carefully controlled and monitored, specifically from an administrative standpoint.
2. Integrity. The information that is fed to and produced by humans is reviewed and scrutinized.  The information in the AI process should be treated similarly.  A recent example of that that we have encountered is related to the automatic creation of a product description.  AI was fed various pieces of information and created a four-paragraph description of the product.  Research has shown that the human attention span may not be able to regularly absorb a description that long.  When reviewed, the product description was cut to one paragraph, essentially stating the same thing.
3. Capacity Management.  Like many automated tools, AI requires a significant amount of processing power and capacity.  Before engaging in an AI exercise, the capacity of systems should be understood and planned accordingly.