Reflecting on Securing AI and a busy spring
Hello everyone! It’s been an incredible spring, busy with customer, partner, and industry engagements, as well as events spanning RSA to our own CEO Summit. The adoption and implementation of AI continues to be top of mind in all of these discussions and what is increasingly clear is that AI transformation requires security transformation. For AI to elevate human potential, security must be our first consideration. We have to prioritize safety above all else to ensure that this new wave of technology always serves and amplifies human good.???
Last month, when we announced a new category of Windows PCs designed for AI – Copilot+ PCs , I had the amazing opportunity to take part in a discussion with Sarah Bird , Divya Kumar , and Chitra Gopalakrishnan where we talked about why it is crucial for RAI and security to be so intertwined.?
With all the incredible advances happening, it’s critical to ensure that the AI we create, and use includes built-in controls for security, compliance, privacy, and responsible AI. At Microsoft, we have developed and published for our industry an actionable, ethical framework that explicitly prioritizes security. It guides our own work, and we hope it can serve as a helpful guide for other organizations as they develop AI applications.??
We also talked about the importance of having diverse perspectives in the designing, building, and testing of AI applications because to build systems that serve all we need to reflect all and include all. And that’s also true when we think about how to secure AI because we need great diversity in order to understand how adversaries may attack or use AI for nefarious purposes.?
This new age of AI is a journey, one that has the power to help people, industries, and society. Within an ethical framework, we believe the possibilities for this exciting technology are limitless.?
Over the last year, we’ve begun to see the incredible transformative power that generative AI can bring. This is particularly true when applied to cybersecurity. Even in its infancy, AI is able to perform incredibly complex, specialized and time-consuming tasks like reverse engineering malware in mere seconds. But we also recognize that the adversaries will use AI to augment their activities as well. That’s why we think about security and AI in two ways: leveraging generative AI to solve cybersecurity challenges as we do with Copilot for Security, and securing AI so that organizations can deploy AI tools from a variety of sources confidently and securely.??
The era of AI will enable things we never dreamed possible. I truly believe generative AI is security’s not-so-secret superpower; and to unleash AI’s full potential we also need to secure it.?
While many employees feel more productive, creative, and fulfilled when they use AI tools at work, some organizations feel unprepared to adopt it. Just as companies had to adapt to employees bringing their smart phones to work, we’re now at a similar inflection point with AI. Our recent Work Trend Index Annual Report shows that 75% of knowledge workers use generative AI at work, but 78% of them are using non-sanctioned tools. And pressure for AI adoption is not only coming from employees: 77% of leaders believe their company needs to adopt AI to stay competitive, yet 60% of leaders worry their organization’s leadership lacks a plan and vision to implement it.??
This puts us all at a critical juncture where we need to ensure organizations are ready for the influx of AI usage and ensure that data used to power AI innovation is handled responsibly to maximize the impact of this transformative technology without a privacy and security tradeoff.?
So how do we do that??
The answer is actually pretty straightforward: we have to be able to secure against the risks we know of today and set up guardrails for the things we may not yet be able to anticipate.?
We like to think of it in three pillars: discover, protect, and govern. Discover means understanding what GenAI risks exist today in your environment. We see a lot of organizations that are either blocking GenAI apps entirely or turning a blind eye to their use because they are waiting to build out their own AI use roadmap. Neither is a great strategy. Instead, consider developing a comprehensive picture of what is being used in your organization so that you can address each risk in the appropriate way.?
Once you have a handle on how GenAI is being used in your environment, you can make a plan for protection. You’ll need to think comprehensively about protecting your users, applications, and any sensitive data being reasoned over or generated by AI apps - and that includes the prompts and responses.?
And finally, governance is integral to ongoing AI safety. It’s really about human agency and ensuring that ethics and responsibility work in conjunction with innovation and advancement. This allows organizations to safeguard their people, their brand, their operations, and their customers.?
领英推荐
I’m very lucky to have Tina Ying as a member of my security for AI business and marketing team, who help articulate best-practice strategies. Tina tells me she “found her passion at the intersection of strategic thinking and creative storytelling” after coming to the United States from Taiwan for her MBA at the University of California, Berkeley, Haas School of Business. She began her career at Microsoft as an Aspire MBA hire then began her work with me on my data security, compliance, and privacy team where she helped incubate Microsoft Priva. Tina then worked her way up to recently become a Sr. Product Marketing Manager who’s integral to my team.?
Tina looks at the entirety of our work to ensure we are creating responsible and forward-thinking updates for Security for AI. Tina has both the IQ and the EQ to create meaningful content, centered around helping customers navigate their AI journey. Through Tina’s previous work on Adaptive Protection , one of our first ML-based data security solutions from Microsoft, as well as Insider Risk Management, she’s proven to have a deep understanding of the power for integrated security solutions that address security risks across various threat vectors including data, identity, endpoints, applications and cloud. It's rare to find someone so successful at being able to navigate this quickly for our customers.??
Tina’s current role on my team concentrates on shaping Microsoft Security’s end-to-end approach in a dynamic and rapidly evolving environment, with a focus on security for AI: and communicating the power of how Microsoft can help customers adopt AI in a secure and responsible way. She shares that, “Working on security for AI is mission-driven and meaningful because we believe that the transformation of AI necessitates a transformation in security.”?
Tina’s role involves thinking about how AI changes the threat landscape through both new risks and those that may be amplified because of AI, with the ultimate goal of empowering customers to secure and govern their AI tools.
?
Something that recently inspired me is Ted Lasso! I finally started watching the show and loved it. It highlights great leadership lessons such as leaning into vulnerability, putting the team first, leading with optimism, embracing a growth mindset, and believing in yourself and your team. ?
A quote that I love… “The best way to predict the future is to create it.” – Peter Drucker?
Consulting & Digital Transformation Leader| Enterprise Architect | IT Generalist & Strategist | AI/ML , Gen AI Automation | Cloud Security | Tech Evangelist | Business development
4 个月Insightful one Vasu! Every technology advancements require a strong security underpinning to promote the ethical use of the technology !
Referente de seguridad del paciente en Clinica Barraquer
4 个月Thanks f @ or sharing
Senior Product Manager | Discovery, Strategy and Execution
4 个月Great article! It's exciting to witness the surge of new AI capabilities,?but preparing for and protecting against new attack surfaces is a massive challenge.?Simply blocking apps is a short-term and unsustainable reaction—organizations need to aim for a deeper understanding of the landscape and address these challenges strategically for long-term security.
I'm helping organizations in cybersecurity and data privacy. I have experience in various data centers, including public, private, multi and hybrid cloud, and on-premises. Ex- Sify, HCL, ANZ, TechM, Wipro, and Religare.
4 个月This article is such a breath of fresh air when it comes to the future of AI and cybersecurity. I enjoyed the author's humility and her obvious love for people and generative AI technology. The quote about thinking for cybersecurity and AI in two ways really made me think. It makes sense to use generative AI to solve cybersecurity and privacy challenges, but it also makes sense to secure AI so that organizations can deploy AI tools from different sources with confidence. I’m excited to think about the potential of generative AI in the future and I’m glad I read about the ideas in this article.