DSPM is Your AI Minesweeper: How Cyera can help you navigate the AI threat landscape

In Generative AI Security: Theories and Practices, Ken Huang paints a daunting picture of the AI threat landscape. In this article, we’ll take a look at some of the key features of that landscape - observability, data integrity and security, entitlement policies, and security tools integration - and how Cyera’s data security platform can help your organization navigate them successfully.

Observability

“With tools like Microsoft’s Copilot becoming integral to various industries,” Huang says,  “the speed at which AI models generate outputs often exceeds organizations’ ability to enforce relevant security protocols.”

A key challenge here is correct data classification. According to Tina Ying and Neta Haiby of Microsoft, manual classification efforts will simply be too slow to keep up with AI-generated data. Fortunately, Cyera’s AI-native DSPM can discover and classify data anywhere in your data estate, regardless of who or what is generating it, with 95 percent precision. In turn, Cyera’s Omni DLP can step up in real time and prevent the over-sharing of AI-generated data.

Another observability issue relates to third party risk management, in particular where and how organizational data may be exposed along the supply chain. As Belle Lin put it in the Wall Street Journal:

“The challenge with generative AI is that the technology is developing so quickly that companies are rushing to figure out if it introduces new cybersecurity challenges or magnifies existing security weaknesses. Meanwhile, technology vendors have inundated businesses with new generative AI-based features and offerings—not all of which they need or have even paid for.”

Here, too, Cyera can discover your data anywhere it resides, including in Shadow IT apps and services that use generative AI. Organizations can leverage the visibility Cyera provides to build and manage an AI asset inventory. They can also deploy Cyera’s Omni DLP to prevent users from sharing valuable IP or sensitive customer data with AI-powered applications.

Data integrity and security

Data integrity is going to be the central challenge of the AI era, and Huang identifies two major threats: data poisoning and data manipulation. Data poisoning refers to the corruption of training data sets in order to deceive an LLM into generating a desired outcome. By data manipulation, Huang means the use of AI to generate content like deepfakes, disinformation, or other artifacts that could be used for malicious ends. 

Cyera’s Data Risk Assessment service gives you a complete overview of the risks to your data estate, including AI training data sets. Leveraging its DSPM in conjunction with virtual, CISO-led evaluations relative to thirty different control frameworks like ISO 27001 and NIST CSF, Cyera will provide you with actionable insights that will allow you to immediately shrink your attack surface, gain visibility into potential threats, and develop a plan to improve your data security posture moving forward.

Cyera’s AI-native data security platform ensures the segregation of training, testing, and validation data for AI systems. It also detects risky behavior and proactively protects against fraud and insider threats. 

AI also poses a threat to data security. In particular, Huang describes the potential problem of data leakage due to the aggregation of training data sets. Even when training data has been anonymized, generative AI systems may be able to triangulate between various training data sets and infer sensitive or personal data. But Cyera’s Omni DLP monitors and classifies AI-generated data in real time, and can alert when AI tools are creating and attempting to share things like PII, PHI, or trade secrets.

Entitlement policy

According to Huang, “the absence of clear entitlement policies concerning GenAI systems poses significant risks to data privacy and security. Without defined access controls and user roles, sensitive information can be exposed to unauthorized users.”

Moreover, robust identity and access management, and the use of role-based access controls, aren’t just for human users. Anthropic CISO Jason Clinton thinks we’re just ten months away from deploying fully autonomous security defenders in our SOC environments. In two to three years, he predicts all human cybersecurity professionals will be managing teams of AI agents. Those agents will need organizational identities and privileges, and the same concerns around authentication and least privilege will apply to them. 

Cyera can identify all entities, whether human or non-human, internal or external, that have access to your data. It can create a catalog of identities and associated privileges that will help administrators identify your most high-risk users, detect stale identities whose access should be revoked, maintain RBAC, and prevent configuration drift.

Security tools integration

Huang argues that security vendors need to develop “connectors and APIs that enable seamless communication between GenAI and SIEM, DLP, and SOAR systems,” and that the absence of these integrations will result in a “disjointed security landscape where threats can go undetected.”

At Cyera, we agree. Cyera can integrate with your existing SIEM, SOAR, and DLP tools to help coordinate incident response and automate remediation workflows. Additionally, Cyera’s Omni DLP solution represents a quantum leap beyond existing DLP tools. Omni’s AI-native policy engine can understand the DNA of your data, allowing it to craft DLP rules that are actually relevant to the categories of data you care about. Its classification engine analyzes and prioritizes data events, reducing false positives by 95 percent and freeing up security engineers to focus on the issues that really matter.

Conclusion

As Cyera’s Chief Data Security Evangelist Shane Coleman has said, AI gives businesses the opportunity to “enter new markets before the competition, boost customer loyalty, and unlock unprecedented internal productivity. But… velocity without deliberation is just risk in disguise.” Unless you know what data you have and where it lives, trying to securely enable AI is like wandering blind into a minefield. 

Cyera’s data security platform is your map, compass, and minesweeper all in one. Cyera DSPM’s AI-native discovery and classification capabilities, and Omni DLP’s intelligent policy engine, will give you confidence to move quickly and safely across the AI threat landscape. See how at cyera.com.