Sign up for our newsletter! →

With Great AI Comes Great Responsibility

Written By
hanabyte blog by Otis Thrasher on AI and ML with AWS

Can’t Run from AI

Yes, “AI! AI! AI!.” AI is here to stay. There is no avoiding it; however, there are revolutionary advancements that can be made by leveraging AI to create, automate, and streamline mundane processes with security best practices.

Artificial intelligence is a magnificent tool that allows humans to do what we naturally innately do: create and push boundaries on existing processes, platforms, workloads, and products. Everything around us has been created by a human being, with some exceptions. Buildings, computers, tables, lights, AI, etc.,  all were created by someone or a group of people. AI is here to help us foster new ideas with less effort and less error, for example:

  • Simplifying complex processes making it more viable and streamlined.
  • Improving customer experience through innovative personalization.
  • Enhance employee productivity and learning.
  • Help to nurture creativity and refine content creation.

These are just some of the use cases that can be used in multiple industries. However, great innovation comes with a healthy amount of skepticism. Although AI aims to be a perfect machine by definition and design, no machine is truly perfect in actuality. It is imperative that all organizations, regardless of size, have an incident response plan against all types of cyber attacks–especially if AI-driven. “It’s not if an attack will happen, it’s when.”

AI is the Tool

AI can help with many diverse sets of problems. As Uncle Ben from the Spider-Man comic series would say: “With great power comes great responsibility!” AI can also be used incorrectly or unethically as it can affect individuals directly and/or indirectly. All tools have instructions on how to properly use them. For example, you can’t use a screwdriver when you need the capabilities of a wrench; it will not do the job properly and give you the wrong outcome. AI is way more dynamic than a screwdriver and has vast capabilities. That’s why proper security measures around it are imperative. It’s simple to get caught up in new tech. Considering the boundless ways that it can be utilized, there are critical steps that must not be overlooked when it comes to implementing AI into an organization’s processes. The first and most important step is to always begin with security in mind. 

Home Foundation

Organizations must know when, where, and how things are moving within their established environment. Let’s look at this way: you are building a house and you don’t vet the foundation or location. This can lead to major problems after the house is built. The foundation could be built on swamp land at a low sea level, making the house unstable; it could even be built on a cemetery – now your house is haunted by ghosts. There are vital steps to this process that simply cannot be ignored. This level of substantiating your decisions with a healthy dose of skepticism to ensure that the steps moving forward are secure – is not so different when implementing AI within your organization.

Securing Data

Data is the highest commodity within any company – it can easily be monetized for financial gain. When it comes to ML/AI models, data security is critical. Data is the food that you feed to ML models to build the capabilities of your AI. AI is your child and you want them to grow up big and strong. If you feed your child candy, soda, and chips for every meal, it would be hard for your child to function without proper nutrition. If you feed AI bad data, the outcome is not preferable. Yes, it’s hard to know what foods to eat properly as an adult in today’s modern world which is why there are nutritional experts. Having the knowledge to properly nourish the body so that it has the ability to run at its optimum. Think of HanaByte as your nutritionist for your ML/AI models. We are experts in cybersecurity and we want to make sure you are feeding your AI child the cleanest data possible.

Top priorities when it comes to securing data:

  • Authentication and access control.
  • Data encryption at rest and in transit.
  • Data monitoring and frequent data audits.
  • Secure data sharing.
  • Continued education throughout the organization.
 

Security standards and attacks are always changing. That’s why continued education for any company is pivotal. AI is not perfect by any means. There are instances where AI gives confidential/sensitive information after users input particular queries. Not having this knowledge could lead to individuals using AI without proper caution. It is important to be cognizant about what data you are feeding certain AI models. Using confidential information about a client to ask questions is also discouraged. There are AI models that store information so that it can better perform.  

Previously, I highlighted the importance of knowing when, where, and how things are moving within your organization. Following secure frameworks can help put policies in place to make sure your organization is following least privilege. For example, in the Zero Trust Framework: it’s a priority to, “never trust, always verify.” Making it apparent to authenticate users and their devices. As well as utilizing automation and orchestration to be able to focus on more critical aspects of the organization infrastructure. These examples are just some of the stringent policies that can help solidify an organization’s security measures.

The cloud gives you flexibility and agility with vast resources available. It would be advantageous to use cloud provider tools to secure and constantly monitor your data. Our cloud partners have documentation of their secure AI frameworks and ways to use ML/AI to secure organization. GCP has its Secure AI Framework(SAIF), which gives steps on how to secure your organization to implement AI. AWS has AI/ML security, which talks about tools that can be used to secure the environment. An example is AWS Macie, a data security service that uses ML and pattern matching to locate and help protect sensitive data like Personal Identifiable Information(PII). 

Keep Everyone Safe

We must not forget humans created AI. It is critical not to dismiss the humanitarian aspect of AI. It is pivotal that there is no bias when creating ML/AI models. Everyone should be treated equally no matter their race, ethnicity, religion, gender, sexual orientation, or age.  For example, a company created an AI to be able to calculate how much someone should receive in a loan. Loans should be denied and approved based on the statistical data that is given such as monthly income, debt to income ratio, credit score, whatever the case may be.

Social media has become a major influence on individuals’ ideology. It’s a great way to learn about new topics and connect with others. However, social media is also a playground for misinformation. It’s important that we remain skeptical about the information we consume.  AI is becoming more integrated into our technology and we are obligated to make sure that we are not intentionally giving misinformation to sway the masses. Cybersecurity is about making sure everyone is safe, not just some.

Relevant Blogs

Steven blog art based on Salesforce interface.
Business

From Salesforce Recruitment to Cloud Security: A Business Development Manager’s Journey into AWS

The cloud industry is so fast-paced, with AWS at the forefront of providing scalable and flexible cloud solutions to businesses across various sectors. Although my experience with Salesforce has given me a strong foundation in understanding complex technical environments and client needs, AWS’s extensive service portfolio demands a deep dive into new concepts and capabilities…

Read More →
Shea Nangle for HanaByte blog on Bill of materials cybersecurity
Cloud Security

Cloud Services Bill of Materials: An Idea Whose Time Has Come

A Cloud Services Bill Of Materials (CSBOM) is a comprehensive listing of each cloud-based asset utilized by a service that you run. For instance, if your company has a SaaS offering, it is very likely that the offering is dependent on a number of services provided by one or more cloud providers…

Read More →