Whenever you visit our websites, information may be collected using cookies and similar tools to improve your user experience and to enhance the performance of the website.
Closing this message means you accept the use of cookies.

 
Show:
All 0 0
Gen AI Application Deployments Inhibited by Data Loss Risk

    Enterprises are embracing generative AI (Gen AI) to streamline operations and increase revenue by letting AI perform manual, tedious tasks. However, the potential for data loss hinders many deployments. Organizations are concerned about their key intellectual property and sensitive data being inadvertently disclosed. GenAI-based apps were a top data loss vector, with 43% of enterprises having experienced a data loss event via a GenAI-based application.

    Existing data loss prevention (DLP) tools are based heavily on regular expression (regex) logic that functions well with known, structured data types like personally identifiable information (PII). However, the regex approach does not lend itself to GenAI applications where intellectual property and other unstructured data are commonplace. Conventional solutions being redeployed for GenAI applications can be a burden to configure and administer and also tend to generate significant false positive alert noise that burdens security teams. GenAI applications are a different beast that benefits from a new DLP approach.

    GenAI applications are also being rapidly adopted, frequently without oversight from security teams. It is easy for employees to fire up their browsers and visit ChatGPT, Claude, or Perplexity to complete their tasks. Such tools may be unauthorized or risky AI applications, and security teams frequently lack visibility and control over AI apps.

    Any solution needs to overcome the traditional DLP challenges of minimizing administrative overhead and reducing alert noise. While existing solutions might solve that challenge for existing data loss vectors like email and endpoints, GenAI applications pose different risks to sensitive information. Enterprises need to have an adequate inventory of AI assets, identify and assess shadow AI, enforce AI policies, and continuously guide end users to avoid inadvertent data leakage. GenAI is different in that solutions need to prevent leakage of unstructured sensitive data like intellectual property and source code. Compliance requirements mean that solutions also need to detect personally identifiable information (PII) and cardholder information affected by Payment Card Industry Data Security Standard (PCI-DSS) mandates.

    |
    To the Top
     
    Actions
    Report Downloads