Nearly 55% of recent data loss prevention (DLP) events involved attempts to capture personally identifiable information (PII), while 40% included confidential documents.
Figures come from Menlo Security report The continued impact of generative AI on security postureposted earlier today.
According to the new data, from July to December 2023, the landscape of generative AI usage has seen significant transformations, with the emergence of new platforms and features contributing to a diverse and specialized market.
“AI can already have a positive impact on the cybersecurity field, far beyond just automating tasks,” commented Pathlock CEO, Piyush Pandey. “From intelligently automating responses to behavioral analysis and prioritizing vulnerability remediation, AI is already adding value in cybersecurity. »
At the same time, the development of generative AI has created new cybersecurity risks for businesses. As organizations become increasingly aware of these risks and step up efforts to mitigate data loss and leakage resulting from increased use of generative AI, security policies primarily target individual applications rather than the spectrum broader generative AI platforms.
At Menlo latest report highlights this trend, revealing a 26% increase in security policies tailored to generative AI sites. However, most of these policies are still implemented at the application level, potentially leaving room for vulnerabilities. Notably, organizations that adopt group-level security protocols place greater emphasis on security, with 92% having security-focused policies in place for the use of generative AI, compared to only 79% for those with domain-level security measures.
“Overreliance on AI could lead to skills atrophy in some core areas,” warned Craig Jones, vice president of security operations at Continue. “For example, if AI tools are still responsible for identifying and categorizing threats, new cybersecurity professionals may not develop a strong fundamental understanding of these processes. It is therefore crucial that cybersecurity training and education evolves alongside developments in AI.
Other insights from the report reveal that while most traffic gravitates to the top six generative AI sites, overall file downloads in the generative AI category increased by 70%. This disparity highlights the inability to rely solely on application-specific security policies.
Learn About AI-Based Attacks: Rise of ChatGPT Cybercrime Revealed in 3,000 Dark Web Posts
Finally, although copy-paste attempts on generative AI sites have decreased slightly (6%), they remain prevalent, highlighting the imperative to implement controls.