Dive Brief:
- Virtually all organizations (99%) have experienced at least one attack on an AI system in the past year, according to a recent report from Palo Alto Networks.
- Securing cloud infrastructure could prevent many of those attacks, the report said, given how many AI workloads run in the cloud.
- Palo Alto Networks’ Dec. 16 report identified a wide range of potential AI attack vendors, underscoring the importance of businesses developing strategies to protect their new AI investments.
Dive Insight:
Palo Alto Networks’ report, based on a survey of 2,800 corporate executives and cybersecurity practitioners, offers a fresh window into the worries and priorities shaping decisions about AI adoption and security.
Respondents’ top AI concerns involved the security of the cloud infrastructure underpinning the AI systems, the integrity of the AI models’ training data and compliance with new AI regulations. Executives also cited concerns about the risks of open-source AI libraries.
The fact that businesses worry most about their AI systems’ cloud foundations reflects a key reality of the modern enterprise environment: While AI may be transforming how companies operate, it still requires the same basic cloud infrastructure that companies have been using — and struggling to protect — since long before AI surged in popularity.
“The attack surface, it turns out, hasn’t moved far,” Palo Alto Networks said in its report. “It’s still grounded in cloud infrastructure.”
To protect that cloud infrastructure, the report said, companies should treat identity management as a “tier-one security priority,” streamline incident-response procedures and merge cloud security activities into their security operations centers (SOCs).
The identity recommendation in particular aligns with what a number of other security firms have said in recent months. In November, ReliaQuest reported that nearly half of the attacks it observed on cloud environments involved “identity-related weaknesses.” The cloud data management firm Rubrik recently called identity “the primary attack surface.”
In the Palo Alto Networks report, more than half (53%) of organizations identified overly lenient identity management practices as a top security challenge.