6 security items that should be in every AI acceptable use policy

“The key implication of an AI AUP policy for security boils down to protecting a company’s information and services,” he says.

Jeff Pollard, principal analyst at Forrester, agrees that when it comes to security without an AI AUP policy an organization is leaving employees to explore and use various AI technologies and company data in whatever ways they see fit.

An AI AUP helps reduce the risk of breaches or misuse of information

“The AI AUP policy is designed to give clarity as to the guardrails, as to the permitted situations, and as to the unpermitted or impermissible uses of the AI technologies,” he says. “But once you have the policy then you give them specifics on what they can and can’t do. But it also guides part of your strategy and controls that you’re going to implement to give you the right levels of visibility into the environment to police it.”

And without clear guidelines around AI use, businesses expose themselves to risks of unintentional as well as malicious breaches and misuse of confidential information, according to JB Baker, vice president of product at ScaleFlux.

“Coming at this from ScaleFlux, which develops semiconductor components and firmware for servers and storage, protecting our intellectual property is crucial to our success,” he says. “Hence, having strict policies to control what data and documents may be used in training AI is critical, particularly considering that AI-training hardware may be hosted elsewhere.”

David Lee, founder and CEO of The Identity Jedi, adds that an AI AUP policy is critical for security because AI is everywhere and moving so fast that it’s hard to keep up with what data is being used where.