Managing the Risks of the Future Internet of Things

The pandemic’s continuing effects on corporate budgets will result in a net reduction in cybersecurity budgets in 2021.

Kayne McGladrey, IEEE Senior Member, noted that the use of generative AI models in business hinges on their ability to provide accurate information. He cited as examples studies of AI models’ abilities to extract information from documents used for financial sector regulation that are frequently relied on to make investment decisions. “Right now, the best AI models get 80 percent of the questions right,” McGladrey said. “They hallucinate the other 20 percent of the time. That’s not a good sign if you think you are making investment decisions based on artificial intelligence telling you this is a great strategy four out of five times.”

“We can audit software code, manually or automatically, for privacy defects,” said IEEE Senior Member Kayne McGladrey. “Similarly, we can audit software code for security defects. We cannot currently audit software code for ethical defects or bias, and much of the coming regulation is going to screen the outcomes of AI models for discriminatory outcomes.”

The big picture: AI model operators don’t have a good way of reigning in these malicious use cases, Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers (IEEE), told Axios. Allowing LLMs to digest and train on CVE data can help defenders synthesize the wave of threat alerts coming their way each day. Operators have only two real choices in this type of situation: allow the models to train on security vulnerability data or completely block them from accessing vulnerability lists, he added. “It’s going to be a feature of the landscape because it is a dual-use technology at the end of the day,” McGladrey said.