Data Is the Fuel of AI

We are in the dawn of the Age of AI. LLMs are proliferating and chips are powerful enough to run AI engines. The promise of the summer project lead by John McCarthy in 1956 is now commercially viable, over 65 years later. The machine is ready. It just needs fuel. Data is that fuel. And there lies the problem: corporate data control has to move beyond the $165 cost per record of data breach fines model to the cost of loss of intellectual property to AI engines. In other words: the cost is not just a fine, but the fact that a competitor may train their AI engine with your unique knowledge. This is the equivalent of your best employee going to a competitor, taking everything with them, and sharing it all with that competitor with no respect/fear/awareness of a noncompete agreement. But, here's the thing: this may happen EVERY SINGE DAY!!

Unfortunately, most companies still view data protection through the breach liability lens and only secure credit card numbers, HIPAA info, and PII. Although that is necessary, that is very far from being sufficient. The valuable data is the PowerPoint Presentations, emails, word documents, and other things which are under-examined. How valuable is this data? Cisco spent $28B to acquire Splunk and Palo Alto spent $500M to acquire QRadar assets from IBM as I stated in a previous blog, the product gains in these acquisitions were the fries in these happy meals: they were about data acquisition to train AI. Data is the Fuel of AI, and it is extremely valuable. Companies who are lax in the data protection strategies are literally fueling their competitors' AI.

In order to have a comprehensive data protection strategy viable for the Age of AI, I recommend 5 things:

1. Monitor traffic leaving by all means. This starts with comprehensive SSL decryption. If you can decrypt it, you are not securing it.
2. Integrated data security platform which can secure traffic to websites, email attachments, and endpoint data all in one place. Multiple security tools combining to provide this leaves security gaps and contradictions which devalues security.
3. A security approach beyond URL filtering, to track things like the data deletion properties of cloud applications.
4. A way to monitor Third Party Oauth applications. These things accumulate over time, are more permissive than necessary, and are never removed.
5. The ability to enforce tenancy restrictions, especially with respect to AI tools.

Without this type of full coverage, data will leak, it will be as effective as having a knight guarding the office downtown: you are overpaying for security which is ineffective.