Many organizations use artificial intelligence (AI) to optimize processes, analyze data, diagnose and treat patients, and customize user experiences.

We recently wrote about the privacy and cybersecurity risks with AI. Since that time, the use of AI has continued to expand, and the Canadian Centre of Cyber Security has now issued an awareness bulletin on the significant risks posed by generative AI.

In this blog we provide an overview of the risks outlined in the bulletin and what your organization can do to mitigate those risks.

What is generative AI?

The bulletin focuses on generative AI – this is the type of AI that is used to generate new content by modelling features of data from large datasets fed into the model (think ChatGPT, Bard and Bing). This AI can be used to generate content in many forms including text, image, audio and software code. As a result, it is currently used in a number of areas including health care, software development, online marketplaces, business, publishing and media, education and cybersecurity.

What are the risks?

The Centre emphasizes that, while the capabilities of generative AI present great opportunities, they also bring many concerns from a cybersecurity standpoint.

Some of the key risks in generative AI that the Centre has identified are as follows:

  • Using content for misinformation and disinformation and as part of scams and fraudulent campaigns against individuals and organizations
  • Creating sophisticated and highly realistic phishing emails and scams that lead to identity theft, financial fraud and other cybercrime
  • Users supplying confidential corporate and personal information in queries and prompts, allowing threat actors to harvest and misuse this information
  • Creating malware for use in targeted cyberattacks
  • Deliberately or inadvertently introducing unsecured or buggy code in software development
  • Injecting malicious code into datasets which undermine the accuracy and quality of content and boost the chance of large-scale supply-chain attacks
  • Fundamental bias and prejudice as a result of reliance on content
  • Stealing corporate data faster and in bulk, including proprietary business information and intellectual property

How can you mitigate risks for your organization?

The Centre recommends the following to minimize the risk of compromise resulting from cyberattacks that leverage generative AI:

  • Implement strong authentication mechanisms including multi-factor authentication (MFA)
  • Apply security patches and updates
  • Stay informed of latest threats and vulnerabilities
  • Protect networks using network detection tools to monitor and scan for abnormal activities
  • Train employees on the risks and how to respond to attacks
  • Establish and implement generative AI usage policies that include guidance on how to use technology in a way that avoids compromises to your organization's data and intellectual property and to improve the quality of outputs
  • Choose tools from security-focused vendors
  • Avoid the use of sensitive corporate or personal information with AI

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.