Phones can be a problem because of BYOD, and IT needs to take steps in this domain as well. With organization-provided phones, IT can provide a controlled configuration. With BYOD phones, IT may need to restrict access unless configuration standards are maintained.
For low-risk functions, organization members may be encouraged to use AI wherever they feel it will improve productivity. There are some functions where actually installing a full LLM will make sense. One such functional area that is receiving a lot of current attention is customer service. For some organizations, it may make sense for IT to provide each customer service agent with an end point system that includes a full LLM that can help them with their job.
Because of the AI imperative, other vendors of hardware and software may feel impelled to integrate AI into their products. Right now, every organization that does so trumpets it. So, it is relatively easy for IT to track these and implement protections.
What do you do if you have taken good precautions, but a supplier or customer has not? This is likely to happen. This means that IT needs to re-examine APIs and messaging interfaces to check to make sure that information that might leak to AIs is controlled. It may be that control is the best that can be achieved in such cases because the data inherent to the functioning of the organization has to flow. In such cases good communication and coordination between organizations may help.
Over time, it is possible that AI “upgrades” may be introduced without notice by vendors with products already installed. IT must be careful and check all updates to identify and respond to new AI insertions.
The same kind of analysis of functions and data sets to identify those of high value and risk should be done for cybersecurity threats, especially from GenAI turbocharged social engineering. There may be refinements to policies and procedures that can lower risk somewhat. Good communication between IT Ops and Security Ops can also be very helpful. But, in the long run, new tools to meet the threat are needed. Existing tool vendors are struggling to catch up with GenAI threats. It is good practice at this point to identify and partner with new entrants who have tools specifically designed to meet this new threat environment.
Finally, it is likely that government recommendations, frameworks, regulations, etc., may appear in this area. IT needs to monitor the government situation so that it can respond in such a way as to keep the organization both safe and in conformance.
The advent of PCs with built in AI added to existing online AIs is creating new challenges for IT Ops. The recent announcements of Co-Pilot from Microsoft, Gemini from Google, AI embedded in the MacOS, etc., plus being able to run GenAI on PCs, promise productivity increases but bring new vulnerabilities in cybersecurity, privacy, and maintenance of proprietary information assets. In smart organizations, IT Ops and senior management need to partner in developing solutions that will maximize the benefits from AI while protecting the organization.