June 12, 2024 at 08:06AM
Microsoft introduced the AI-powered ‘Windows Recall’ to capture user activities on PCs, raising concerns about privacy and security. Other companies like DocuSign and Slack also faced backlash over their use of data for AI training. As businesses navigate the AI landscape, understanding and monitoring vendors’ data policies and fostering transparent communication with employees becomes crucial.
Based on the meeting notes, it is clear that there is growing concern over the risks associated with data policies and AI features being offered by technology vendors. Security professionals have expressed dissatisfaction with the vague data policies of companies like Microsoft, DocuSign, and Slack, which have raised concerns about the use of customer data for training AI models. It is evident that the trend of vendors pushing boundaries to harvest data for AI training purposes is likely to continue.
The meeting notes also emphasize the importance of businesses being vigilant and proactive in understanding and addressing potential risks related to the adoption of AI features. It is recommended to thoroughly review the terms and conditions of commonly used applications, despite the challenges of finding details about data usage for training models. Additionally, businesses should focus on the apps they truly need and have honest conversations with employees to identify and manage unauthorized AI applications or shadow AI.
Technical measures such as traditional cybersecurity tools and specialized third-party solutions can aid in identifying and mitigating shadow AI instances. Finally, it is highlighted that a balanced approach, combining technical controls with active employee engagement and open dialogue, is crucial to effectively harnessing AI’s potential while safeguarding against the risks of unchecked shadow AI proliferation.
For further insights and information on managing AI-related risks and security, attendees are encouraged to learn more at SecurityWeek’s AI Risk Summit.