Artificial intelligence (AI) adoption continues to accelerate, with nearly 70% of organizations already using cloud-based AI platforms and products and many seeing the trend as just getting started.
The cybersecurity and privacy concerns around AI’s use are also palpable. Security leaders are increasingly looking for ways to enable their organizations to make use of AI tools but to do so without putting the organization at risk.
In this analysis, I’ll cover cloud-native security leader Wiz’s recent launch of AI Security Posture Management (AI-SPM). Wiz already has one of the most comprehensive and recognized Cloud Native Application Protection Platforms (CNAPP) featuring agentless capability that unifies visibility across multi-cloud environments and empowers context-rich vulnerability prioritization.
In Wiz’s AI-SPM announcement, it pointed out that AI is where cloud was 5 to 10 years ago: facing exponential adoption and growth but with little to no oversight or governance because security tools struggle to keep pace with the business. Over half of business leaders cite concerns around abuse of AI potentially impacting customer trust. Nations around the world are scrambling to implement policy and regulatory guardrails to ensure “safe and responsible” AI use. In its announcement, Wiz cites examples such as Microsoft’s AI researchers leaking over 38 terabytes (TB) of data as an indicator of the risks that AI usage can present.
So, what exactly does Wiz’s AI-SPM entail, and why should customers explore it?
One major struggle for security leaders is simply understanding what AI products their organizations are using. Wiz emphasizes the ability to perform agentless inventory, identifying every AI service, technology, and library in use and presenting it all in the Wiz Security Graph. The Graph can help security leaders understand what AI services and products their engineering, development, and business peers are using and to establish a plan to govern and secure their inventory.
Much like the cloud, and often run in the cloud, AI can suffer from risks such as misconfigurations. Wiz’s AI-SPM can enforce AI configuration baselines and perform misconfiguration checks against the AI services in use to ensure the organization isn’t inadvertently exposing sensitive data or allowing access to those who don’t warrant it.
Misconfigurations have led to some of the cloud’s largest data breaches, and I suspect cloud-enabled AI services will encounter similar problems since organizations quickly adopt these services without understanding the nuanced configurations and potential to introduce risk. Example configuration checks include the lack of encryption or publicly exposed IPs (internet protocol addresses), which can put the organizations’ data at risk and lead to a loss of confidentiality.
A common cybersecurity quip is that “attackers think in graphs, defenders think in lists.” This points to the reality that malicious actors often use complex attack paths to impact organizations, chaining together vulnerabilities or misconfigurations to do so. Wiz’s AI-SPM extends its CNAPP Attack Path Analysis to include AI, providing visibility for users into how attack paths can play out and where organizations can mitigate risks to stop attacks literally in their tracks.
Another major concern around AI use is the potential of exposing sensitive data to unauthorized AI services and platforms. Wiz’s AI-SPM boasts data security posture management (DSPM) for AI, allowing defenders to implement DSPM safeguards to ensure sensitive data isn’t flowing to unauthorized third-party AI products and platforms without the organization’s consent. This can potentially protect data such as intellectual property (IP), personal identifiable information (PII) and personal health information (PHI).
Lastly, it can simply be a challenge to visualize all of the AI use and associated risks and vulnerabilities with an organization’s AI consumption footprint. Wiz’s AI-SPM provides an AI Security Dashboard, empowering security practitioners to understand what AI is being consumed, the top AI security issues, and then contextualizes those risks to enable effective risk prioritization, which is crucial as most organizations struggle with resource constraints in security.
AI is a tool like any other that can be used for good or abused for malicious purposes. Security leaders are scrambling to keep pace with their organizations’ thirst to leverage this emerging and evolving technology and inevitably need innovative tools to help them do so.
Baked into Wiz’s comprehensive CNAPP, the company’s AI-SPM positions it as a promising offering that cloud-native environments and organizations can use to enable secure use of AI while not impeding business outcomes and velocity.