That means that CISOs need to do a risk assessment of every genAI app employees are using, he said in an interview, and then set policies and procedures staff have to follow.
He warned CISOs and CEOs against following ‘the Ostrich algorithm’ – pretending the danger doesn’t exist by ignoring, if not rewarding, the shadow use of AI by employees, either in the office or at home.
“There’s no question there’s a tremendous amount of use of generative AI apps being used in ways that are highly problematic for the organization,” he said. “Remember, I can use a genAI app from my personal computer that my company has no control over, and still leak a tremendous amount of data just from what I’m asking – and it may not be only what I’m asking, but what others are also asking, and the generative AI learns from the pattern of questions.
