AI Risk Appetite: A Tale of Two CISOs

June 12, 2024

We’ve been engaging with CISOs and security leaders across the globe, from Fortune 1000 organizations to SMBs, and in virtually any industry you can imagine. The majority of these conversations have centered around the overall security approach of these CISOs: how to deal with the new attack surface of Generative AI.

Each CISO has a different appetite for risk, influenced not only by their personality but also by a whole host of requirements stemming from their organization's nature, industry, and applicable regulatory environment.

Meet Carl and Clara (real names redacted for confidentiality), two CISOs we’ve recently engaged with, who provide instructive lessons on some of the best practices out there in terms of managing GenAI security in the enterprise.

CISO Carl: The Conservative

CISO Carl is conservative at heart (at least when it comes to security), adhering to the principle of "block all, then allow some." In his company, all GenAI apps were blocked by default, however, Carl recognized the productivity benefits these apps could offer to all employees.

Carl received many requests for approving specific GenAI tools and apps by various teams in the company. He and his team reviewed each app, evaluating their security features and potential value to the company. After careful consideration, he would approve specific apps, providing employees with the GenAI tools they needed while maintaining a robust security posture. His industry’s tight regulatory frameworks necessitated this cautious approach.

CISO Clara: The Quick Adopter

CISO Clara, in contrast, is a firm believer in the power of AI. She allowed all GenAI apps in her organization from day 1, quickly adopting the innovation they brought. However, Clara was not naive about potential security risks.

She closely monitored the apps in use and didn't hesitate to block any that exhibited security weaknesses or unnecessary data access. Clara's approach created a dynamic environment that encouraged innovation without compromising security.

Shared Goal: GenAI Driving the Business

Although CISO Carl and CISO Clara had seemingly contrasting approaches, they shared a common goal: Harnessing the power of AI while maintaining enterprise security. Both succeeded in their own ways, demonstrating that there is no one-size-fits-all strategy when it comes to GenAI Security.

Prompt Security’s New GenAI App Management

At Prompt Security, we are on a mission to help every organization - regardless of their risk appetite - embrace GenAI with confidence and ease at every touchpoint. To keep pace with the innovation and velocity of AI, incorporating GenAI security needs to be as easy as 1, 2, 3.

To this end, we've recently released a set of capabilities designed to make the management of GenAI usage in the organization incredibly simple and effective. Our new GenAI app management offers a unique blend of dynamic detection of Shadow AI, easy onboarding and deployment, and advanced integration with leading Identity Access Management vendors.

  1. Our proprietary dynamic detection of GenAI applications offers the broadest and most comprehensive detection of Shadow AI in the market, including more than 8,000 different GenAI applications (yes, there’s more than just ChatGPT out there…), so that you may rest assured that whichever policy you define, it catches all employee usage of emerging GenAI tools.
  2. Easy integration with both Okta and Entra (Active Directory) allows organizations to gain detailed visibility into GenAI usage at both user and user-group levels. This also enables the definition of specific GenAI security controls tailored to different employee groups (e.g., defining which GenAI apps Finance or Sales departments should be allowed to use.)
  3. Lastly, we've placed tremendous emphasis on ease of use, ensuring that onboarding takes only minutes, regardless of whether you're more conservative or quick to adopt GenAI in your organization. The streamlined and easy to use interface allows for efficient and secure management of GenAI usage in the organization, enabling the unparalleled productivity gains brought by GenAI, while maintaining strong security measures.

So how does the new onboarding work?

  1. Open the Prompt Security portal
  2. Choose if you want to ‘Approve all apps’ or ‘Block all apps’. With our dynamic detection, this means that not only the existing, known list of 8,000+ GenAI apps will be approved or blocked, but also that as new apps appear, the platform will act according to the set guidelines
  3. Choose exceptions and add any custom GenAI Apps you have
  4. Start getting insights

Want to learn more about our approach to GenAI Security? Talk to us.

Share this post