Priya PatelTLDR:
- Microsoft advises incorporating transparency in the supply chain and reinforcing built-in software controls to address AI security needs.
- The use of AI in fraud highlights the need to understand how malicious actors use AI to exploit vulnerabilities.
Microsoft is emphasizing the importance of looking to supply chains and implementing a zero-trust approach for AI security. The rapid rise of artificial intelligence technologies poses new risks for enterprises, and Microsoft recommends regularly scanning for prompt injection attacks, implementing supply chain transparency, and reinforcing software controls. The company suggests that enterprises define specific use cases and employee access controls to plan for AI threats effectively.
Conditional access policies are recommended to automatically protect tenants based on risk signals, licensing, and usage. Enterprises are advised to regularly evaluate use cases and policies to ensure they align with objectives and learnings. AI can be utilized to improve threat detection and incident response, making it essential for organizations to design, deploy, and utilize AI securely.
AI’s dual nature is exemplified in fraud, where hackers leverage the technology to manipulate data for malicious purposes. Microsoft warns about the potential threats to identity proofing, urging organizations to prevent prompt injection attacks by fine-tuning large language models and implementing contextual filtering and output encoding.
Organizations are encouraged to assess data touchpoints, set up cross-functional cyber risk teams, and establish policies detailing the uses and risks of AI tools. While threat groups from North Korea, China, and Russia are using AI to augment cyber operations, Microsoft has not observed any significant attacks. By focusing on supply chain security and a zero-trust approach, enterprises can enhance their AI security posture and mitigate emerging threats effectively.
