C-Suite’s Infatuation with Generative AI Puts the Heat on CISOs

It’s pretty clear that Generative AI is this year’s “shiny object” for the vast majority of folks occupying corporate C-suites, but while everyone else is in “damn the torpedoes!” mode, a recent CSOonline article says that CISOs are stressing out:

According to a recent survey from NTT Data, 89% of C-suite executives “are very concerned about the potential security risks associated with gen AI deployments.” But, the report found, those same senior execs believe “the promise and ROI of genAI outweigh the risks” — a situation that can leave the CISO as the lone voice of risk management reason.

And it may be taking its toll, as almost half of enterprise CISOs “hold negative sentiments” about generative AI, feeling “pressured, threatened, and overwhelmed,” according to the survey.

The conflict is quite familiar. Senior executives pressure line-of-business chiefs to embrace a new technology to leverage efficiencies and boost the bottom line. But generative AI is risky business — arguably more risky than any technology to date. It hallucinates, overrides guardrails, jeopardizes compliance, and gobbles up sensitive enterprise data. And it’s being embraced by enterprises quickly without proper security hardening, while being pushed by vendors who highlight functionality over security.

The article says that one of the biggest concerns facing CISOs is how “casual” AI vendors are when it comes to selecting data to train their models.   The risks associated with this casual approach are heightened by the fact that hundreds of SaaS applications have embedded large language models in them that are used throughout the company.