The Cybersecurity Risks of AI & How to Safeguard Sensitive Data

AI in the workplace: how to safeguard data

Experts in the cybersecurity industry are becoming increasingly concerned about artificial intelligence attacks. 

A 2020 report from Forrester Consulting found that 88% of decision-makers in the security industry believed offensive AI was on the horizon, and almost two-thirds of them expected AI to lead new attacks.

Considering that the AI we see today is the worst that it will ever be, organizations need to be aware of the dangers of AI and understand the unique ways that hackers can leverage AI in their attacks. 

With concerns such as these it’s no wonder that companeis such as Apple restrict employees from using AI tools.

In this article we will highlight what artificial intelligence is, how it’s used by employees and threat actors, and the dangers of using AI in the workplace.

What is Artificial Intelligence?

A picture of a woman. Colorful computer code is projected on top of her and in the background

Artificial Intelligence (AI) refers to the development and application of computer systems that can perform tasks typically requiring human intelligence. It involves the creation of intelligent machines capable of simulating and imitating human cognitive abilities, such as learning, reasoning, problem-solving, perception, and decision-making.

AI systems aim to process and analyze vast amounts of data, recognize patterns, and make predictions or take actions based on that analysis. These systems learn from experience and adjust their behavior to improve performance over time, often through machine learning algorithms.

Examples of AI include:

  1. Machine Learning: It involves training machines to learn from data and make predictions or decisions without being explicitly programmed. Machine learning algorithms enable systems to improve performance through exposure to more data.
  2. Neural Networks: Inspired by the structure and function of the human brain, neural networks are algorithms that learn and recognize patterns. They consist of interconnected nodes (artificial neurons) that process and transmit information.
  3. Natural Language Processing (NLP): NLP focuses on enabling machines to understand and interpret human language, including speech and text. It involves tasks such as language generation, translation, sentiment analysis, and speech recognition.
  4. Computer Vision: This field focuses on giving machines the ability to understand and interpret visual information from images or videos. Computer vision algorithms enable tasks such as object recognition, image classification, and facial recognition.
  5. Robotics: AI is closely integrated with robotics, where intelligent machines are designed to interact physically with the environment. Robotics combines AI techniques with mechanical engineering and control systems to create autonomous or semi-autonomous robots.

How is Artificial Intelligence Used in the Workplace?

A woman browsing the internet

AI has the potential to revolutionize various aspects of organizations by improving efficiency, enabling automation, and solving complex problems. It has applications across various industries, including healthcare, finance, marketing, manufacturing, and cybersecurity.

Cybersecurity Teams

Many organizations leverage Security Information and Event Management (SIEM) User Entity and Behavior Analytics (UEBA) tools to detect and respond to cyber threats. These tools are infamous for overwhelming security professionals with a vast amount of data.

AI is revolutionizing cybersecurity by analyzing massive quantities of risk data to speed up response times and augment the capabilities of under-resourced security operations.

Cybersecurity professionals within security teams can use AI powered systems to surface insights from SIEM logs. They can also orchestrate and automate hundreds of time-consuming, repetitive and complicated response actions that previously required human intervention. 

While AI cybersecurity systems are known to generate false positives, they serve as an important threat identification tool. These systems are beneficial for detecting and remediating vulnerabilities, malware, and threat actors. 

Digital Marketing & Copywriting

Marketing teams have been leveraging AI to speed up the writing and research process. While there are legitimate concerns that improper use of AI will result in poor quality and inaccurate information, AI technology has the potential to greatly improve the productivity and efficiency of the copywriting process when used responsibly.

Software Development

AI-based programming assistants allow developers to write code more efficiently by proactively identifying syntax errors, creating basic structures more efficiently, and translating natural language into programming languages that computers understand.

The Dangers of AI in the Workplace

While AI based tools are excellent for automating repetitive tasks, the technology does come with its own set of unique risks and limitations.

This section will focus on the cybersecurity implications of artificial intelligence in the workplace. Later we will discuss cybersecurity defense strategies that companies can implement to address the risks of this technology.

Phishing & Spear Phishing

Personal data phishing concept background. Cartoon illustration of personal data phishing vector

Phishing is a pervasive threat to cybersecurity. Cybercriminals use phishing attacks to break into accounts, steal company funds, and compromise sensitive data.

Thanks to generative AI tools phishing campaigns have become much more scalable. On the low end AI-powered chatbots such as ChatGPT and other natural language processing supported systems can help threat actors craft well-written and convincing phishing emails. 

On the upper end, AI systems can be trained to use publicly available information about individuals and their workplace to craft sophisticated spear phishing campaigns that take place over several emails. 

One example comes from Jonathan Todd, Cyber Operations Specialist for the US Army. 

He demonstrated how a threat actor could use an AI image generator such as DALL·E can create fake profile pictures that cannot be found via a simple reverse image search. This increases the perceived authenticity of the fake image. 

Extracting beyond that, as AI video and audio generation becomes more sophisticated it can even be used in vishing campaigns.

From there, a threat actor can train an AI model on your social media history to craft an email that sounds human generated and uniquely targeted to your interests. 

In Jonathan’s example, his AI tool waited for a response to the initial email, then waited for a period of time before sending a follow-up email with a link that could have contained malicious exploits. 

Leaking Sensitive Data to AI

Why Your Business Needs a Data Loss Prevention Strategy

Without the proper knowledge of AI systems, users may not realize the dangers of sharing sensitive information with AI. 

For example, a bug in OpenAI’s ChatGPT leaked elements of their users’ conversation histories. OpenAI’s privacy policy also notes that user data, such as prompts and responses, may be used to continue training the model.

By default, OpenAI stores all interactions between users and ChatGPT. These conversations are collected to train OpenAI’s systems and can be inspected by moderators for breaking the company’s terms and services.

While tools such as ChatGPT have a “don’t learn/respond only” mode, without a proper NDA, MSA, SOW and/or SLA there’s no guarantee that that sensitive information input into these systems will be kept adequately protected.

For this reason, organizations need to ensure that their employees are not sharing sensitive information with AI models that are not within the organization’s complete control. 

How to Protect Sensitive Data Against AI

Web Filtering & App Blocking Software

BrowseControl is an easy-to-use web filter that helps organizations enforce policies, improve productivity, reduce bandwidth consumption, and meet compliance requirements – no matter where their users are located.

With BrowseControl you can ensure a safe and productive environment by blocking high-risk, distracting, or inappropriate websites, improve network performance by blocking bandwidth hogs, and prevent users from using unsanctioned applications and software-as-a-service providers

BrowseControl’s security policies are enforced by a software agent that is installed on your user’s computers. This allows the solution to continue blocking websites and applications even when computers are taken off-site.

BrowseControl’s central console allows you to configure your security policies from the convenience of a web browser. 

With BrowseControl you can Block or allow websites based on URL, category, domain, or IP address, assign custom policies for each group of computers or users, prevent users from launching specific applications, and block network ports to reduce the attack surface of your network

There are three key methods for blocking websites with BrowseControl:

The Blocked List allows you to block specific websites based on URL, domain, or IP address

Category Filtering allows you to block millions of websites across over 100 content categories including pornography, social media, and virus-infected sites.

and finally, you can use the Allowed List to allow specific websites that would otherwise be blocked based on their category, or for the greatest security and control you can block all websites except for those that are on the Allowed List.

When your users try to visit a blocked website they can either be presented with a custom warning message or directed to another site, such as a page with a reminder of your organization’s internet use policy.

With BrowseControl’s App Blocker you can prevent your users from launching specific applications.

Simply select the group you would like to restrict, enter the Original Filename of the application to the Application List, and add it to the blocked applications list.

When the user tries to launch the blocked application they can be presented with a custom warning message that alerts them of the restriction.

BrowseControl is best used in tandem with our computer monitoring software BrowseReporter. Using both solutions provides the visibility and control you need to ensure that your organization’s computers are being used appropriately.

Don’t let internet abuse run rampant in your organization. Take back control over web browsing with a free trial of BrowseControl.

Get started today by visiting

If you have any technical questions during your evaluation our support team is available to help you over a phone call, live chat, or email.

Thank you!

Organizations can use web filtering & app blocking software to proactively restrict access to unsanctioned AI tools.

For example, CurrentWare’s BrowseControl includes a web content category filter that includes an dedicated AI category, allowing organizations to block all websites associated with that category. As new AI websites are created they are automatically added to the database.

Exceptions for authorized AI websites can be readily made by simply adding their URLs to BrowseControl’s allowed websites list.

Host Artificial Intelligence Tools Locally

While many businesses will proactively decide to restrict all access to AI as a security precaution, it’s worth noting that many others actively embrace AI as a powerful tool to enhance productivity, improve decision-making, automate tasks, and gain competitive advantages.

To reduce data security risks, these AI models can be hosted locally and prevented from accessing the internet. This helps to mitigate the risk of data leaks by keeping all new data inputs within the control of the organization.

Employee Training

Phishing Awareness: How to test your employees - CurrentWare

As with many other cyber threats, defending against the threat of AI technologies starts with ensuring your end-users are aware of the threat in the first place. 

While employees do not need to have advanced threat intelligence, they must understand the limitations and risks of AI, whether or not there is a sanctioned use for AI in their organization, and the types of new threats they may encounter thanks to generative AI. 

The most imminent threat is the increased sophistication of phishing emails. Your phishing training strategy must be reviewed to ensure that employees are well aware of the dangers of phishing attacks and how to spot them.

AI Cybersecurity Policies

Without clear communication it’s easy for employees to see internet-hosted AI models such as ChatGPT as just another website they can visit without officially making it part of the known supply chain.

As there is little no control over how the data is used by AI shadow IT systems, organizations must update their information security policies to reflect the unique vulnerabilities presented by AI.

Conclusion & More Resources

While artificial intelligence creates opportunities for improved productivity, there are legitimate cybersecurity threats that organizations need to carefully consider and mitigate before using them.

Technologies such as web filtering software can enforce compliance with security policies that ban the use of web-hosted AI tools. In addition, employees must be thoroughly trained and retrained to recognize phishing emails, particularly as AI is leveraged to create increasingly sophisticated campaigns.

If your organization intends to allow the use of AI in the workplace, it should consider seeking legal advice to manage the many ethical, privacy, policy, and legal considerations that come from using it. It should also consider reviewing Microsoft’s AI security risk assessment framework to learn how to audit, track, and improve the security of its AI systems. 

More Resources

Dale Strickland
Dale Strickland
Dale Strickland is the Digital Marketing Manager for CurrentWare, a global provider of user activity monitoring, web filtering, and device control software. Dale’s diverse multimedia background allows him the opportunity to produce a variety of content for CurrentWare including blogs, infographics, videos, eBooks, and social media shareables.