AI and Cybersecurity [Part 3]: Using AI-as-a-Service Safely in the Age of AI

Digitalisation continues to drive innovation and growth. But wherever there is progress, risks are never far away and require constant vigilance. The threat of cyber attacks in particular is forcing companies to scrutinise their security solutions on a regular basis. At the same time, companies that rely on AI-supported threat detection and modern cybersecurity can secure a decisive edge. The new ISO/IEC 42001:2023 standard provides a comprehensive framework for ensuring protections and the ethical use of artificial intelligence. In the second part of our blog series, we’ll show you which technologies you can use to leverage this transformative potential securely and ethically.

Best practices for integrated AIaaS

We often use AI-as-a-Service (AIaaS) without realising it in many applications. These include:

• Integrated translation and writing services
• Navigation systems with calculation of optimal or customised route suggestions
• Personalised recommendations (from Amazon to Netflix)
• Spam filter in emails
• Virtual assistants from Alexa to Siri

Later on in this article, we’ll organise them into the various categories – all calling for appropriately different and safety-relevant considerations: Security aspects, data protection, technical and operational challenges as well as ethical and legal issues.

Protecting information is at the centre of all security considerations. If AI is used unknowingly, personal or sensitive data entered into AI services can be intercepted or misused (data leaks). Support your employees with suitable training and guidelines to recognise and appropriately manage the risks. This can counteract the lack of transparency (black box problem) – especially in conjunction with intellectual property, customer data and copyrights.

Protect your company and your employees by raising awareness of confidentiality. This will prevent sensitive information from being entered into AI services and potentially misused. Make sure that your trusted translation and writing service is aware of all uploads and requests from different departments and can interpret them in a broad context.

Another aspect involves the use of personal licences by employees in a corporate context – and the lack of understanding regarding the need to critically question the quality of the results of AI tools. These challenges require measures and best practices to ensure the secure, efficient and responsible use of AIaaS.

Applied solution utilising integrated Microsoft CoPilot & Co

The use of embedded and licensable AI-as-a-Service (AIaaS) – such as Microsoft CoPilot – is on the rise.
The main advantage of modern AIaaS lies in its seamless integration and the way it helps create content. For instance, you can easily summarise minutes, make suggestions for high-quality communication, search through collections of information with prompts and much more.

Similar to the use of integrated AIaaS, Microsoft CoPilot is integrated into the service – certain framework conditions and restrictions can be configured and there’s a contractual relationship.

Let’s look at the above risk categories and the applicable solutions in detail:

Safety aspects

• Data integrity and security: Ensuring that the data fed into the AIaaS platform is known and protected and cannot be manipulated by unauthorised parties.
• Attacks on AI models: Protection against “adversarial attacks”, in which input data is deliberately manipulated in order to deceive the model and generate false results.
• API security: Protection of the APIs used to integrate with the AIaaS platform to prevent misuse and security vulnerabilities.

Data protection

• Compliance with data protection laws: Ensuring that the use of AIaaS services is compliant with data protection laws such as the Swiss Data Protection Act and the GDPR (General Data Protection Regulation).
• Data anonymisation: Anonymisation of data to protect the privacy of users and ensure that personal data is not unintentionally disclosed.
• Data sovereignty: Ensuring that control over the data remains with the organisation and that it’s clear who has access to the data and how it is used.

Technical challenges

• Scalability: Ensuring that AIaaS services are able to handle large volumes of data and high user numbers efficiently.
• Performance monitoring and optimisation: Continuously monitoring the performance of services to ensure they’re working efficiently and reliably.
• Integration into existing systems: Ensuring seamless integration of AIaaS services into the organisation’s existing IT infrastructure and workflows.

Operational challenges

• Cost control: Monitoring and managing the costs of using AIaaS services to ensure they remain within budget.
• Maintenance and updates: Ensuring that AIaaS services are regularly updated and maintained to close security gaps and improve performance.
• Availability management: Ensuring the continuous availability of AIaaS services in order to minimise interruptions to operations.

Ethical and legal challenges

• Prejudice and justice: Avoidance and correction of distortions in the models that could lead to unfair or discriminatory results.
• Transparency with clear explanation: Ensuring that the functioning of AIaaS services is transparent and that the decisions made are comprehensible and explainable.
• Responsibility and liability: Clarification of who bears responsibility and liability for the decisions and actions of AIaaS services – especially in cases where these decisions could lead to negative consequences.

Further challenges

• Quality of the generated content: Ensuring that the content generated by AIaaS is accurate, relevant and of high quality.
• Copyright and intellectual property: Dealing with copyright and intellectual property issues – especially when AIaaS generates content that could be based on copyrighted material.
• User customisation and feedback: Implementation of mechanisms to customise services to the individual needs and preferences of users – while taking user feedback into account for continuous improvement.

An in-depth look at these challenges and the necessary security measures shows that the successful use of AI-as-a-Service requires careful management as well as suitable strategies, guidelines and technical measures.

Optimised integration of AIaaS into the business process?

Let our team of experts show you the gaps and risks in your security system – so you can take that all important step into the AI age with confidence and peace of mind. As a core component of our AI Gap Analysis or as part of our Microsoft 365 Security Assessment, we’ll carry out a Microsoft 365 CoPilot Readiness Assessment for you. This will provide you with valuable information on quick wins and recommended actions for using Microsoft CoPilot functionality safely. AI and cybersecurity, the three-part blog series

Expand your expertise in the safe and secure use of AI technologies as part of your digital risk management. We’ll accompany you on this journey with our “AI and cybersecurity” blog series. 

• AI and cybersecurity part 1: Fine-tuning between potential and risk
• AI and cybersecurity part 2: Digitalisation and testing
• AI and Cybersecurity Part 3: Challenges of AI-as-a-Service 

Caption: AI generated image