Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

Artificial Intelligence (AI) in Risk Assessment and Mitigation

Home
Industry Insights
Artificial Intelligence (AI) in Risk Assessment and Mitigation

Blog Article Published: 06/06/2024

Written by Ashwin Chaudhary, CEO, Accedere.

The advancement of generative AI technologies like GPT has led to rapid growth in AI adoption worldwide. While companies adopt AI with the intention of being competitive in the market, they often overlook the security risks that come with AI that can affect individuals, organizations, and the broader ecosystem. In this article, we’ll introduce you to the concept of AI risk management.


What is AI Risk Management?

A specialized branch of risk management, AI risk management is focused on identifying, evaluating, and managing the risks associated with the deployment and use of artificial intelligence.

This process includes developing strategies to address those risks to ensure the responsible use of AI systems that protect the organization, clients, and employees against adverse impacts from their AI initiatives.


AI Risk Management Framework

Several AI risk management frameworks have been introduced for more effective risk management. For example, the NIST’s AI Risk Management Framework a draft publication released on April 29, 2024, provides a structured way to assess and eliminate AI risks. It includes guidelines and best practices for using AI.


Risks Associated with AI

When discussing AI risk management, it is important to understand the risks that are associated with the use of AI. Risks can span domains such as security, privacy, fairness, and accountability. Here are a few common examples of risks for AI:

1. Data Privacy Risks:

  • AI models, especially those trained on large datasets, can contain sensitive and personal information, such as Personally Identifiable Information (PII).
  • These systems can inadvertently memorize and reveal sensitive information: this can result in an actual privacy breach and non-compliance with data protection regulations (like GDPR).

2. Bias in AI Models:

  • Sometimes, the training data used to train AI models can include bias.
  • It causes the AI model to produce inaccurate and discriminatory results.

3. Inaccurate Results:

  • If the accuracy of the trained AI model is low, it can produce inaccurate results.

4. Overfitting:

  • This phenomenon occurs when the AI model becomes too specialized for the training data.
  • When new data is used, it can show poor performance.


Challenges and Examples

Some organizations have faced operational discrepancies due to inexperience with AI technology and a lack of clear frameworks. Few real-life instances:

1. Morgan Stanley restricted the use of ChatGPT by its staff due to concerns about hallucinatory outputs with factual inaccuracies.

2. Samsung banned its staff from using GenAI tools after sensitive intellectual property (IP) code was uploaded to such platforms.

3. Dutch “toeslagenaffaire” scandal involved incorrect penalization on citizens by the tax authorities for suspected childcare benefits fraud using a self-learning algorithm.

In a recent ‘Hype Cycle for Generative AI 2023 report’ by Gartner, by 2026, organizations that operationalize AI transparency, trust and security will see their AI models achieve a 50% improvement in terms of adoption, business goals and user acceptance.


How to Remediate the Associated AI Risks?


Conclusion

AI risk management is a crucial aspect of any organization’s AI strategy. By understanding and mitigating the risks associated with AI, organizations can ensure the responsible use of AI systems. As we move forward, it’s essential to stay updated with the latest developments in AI risk management to ensure the safe and effective use of AI.

It’s important to note that achieving high level of maturity in AI risk assessment and mitigation requires two to three years. Therefore, starting now is crucial.


About the Author

Ashwin Chaudhary is the CEO of Accedere, a Data Security, Privacy Audit, Technical Assessment and Training Firm. He is a CPA from Colorado, MBA, CITP, CISA, CISM, CGEIT, CRISC, CISSP, CDPSE, CCSK, PMP, ISO27001 LA, ITILv3 certified cybersecurity professional with about 22+ years of cybersecurity/privacy and 40+ years of industry experience. He has managed many cybersecurity projects covering SOC reporting, ISO audits, VAPT assessments, Privacy, IoT, Governance Risk, and Compliance.


Reference Links

Artificial IntelligenceRisk ManagementStandards

Share this content on your favorite social network today!

Future Cloud
Related Resources
Certificate of Competence in Zero Trust (CCZT)
The industry's first Zero Trust certificate program.
AI Organizational Responsibilities
A blueprint for enterprises to secure AI development and deployment.
AI Safety Initiative
Addressing present and future challenges of AI safety and security.
Latest from CSA
Missed the Virtual Cloud Trust Summit?
Pre-Sale: Save on the CCSK v5 Exam!
Register for SECtember.ai
Trending This Week
#1 Discover CCSK v5: The New Standard in Cloud Security Expertise
#2 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#3 Cloud Gaming and Data Security: Balancing Fun and Privacy
#4 Top Takeaways from the Gartner Innovation Insight: Data Security Posture Management
#5 CSA STAR Certifications: What are they?
Enhance your cloud security skills with CSA's online training options.
Related Articles:
Navigating the New SEC Cybersecurity Regulations in M&A Transactions

Published: 07/03/2024

Supremacy of AI in Compliance Services: The Dawn of a New Era

Published: 07/02/2024

Cloud Security Study: Most Surveyed Organizations Suffered a Cloud-Related Breach Over an 18-Month Period

Published: 07/02/2024

And now for something completely different… a Cloud Security Alliance RFI

Published: 07/01/2024