Introduction to AI Cybersecurity Risks

Cyber security attacks have more than tripled in the past few years and the numbers will continue to … More increase

NurPhoto via Getty Images
As artificial intelligence (AI) accelerates transformation across industries, it simultaneously exposes enterprises to unprecedented cybersecurity risks. Business leaders can no longer afford a reactive posture, businesses need to safeguard their assets as aggressively as they are investing in AI.

## Navigating the Rising Tide of AI Cyber Attacks
Recently, Jason Clinton, CISO for Anthropic, underscored the emerging risks tied to non-human identities—as machine-to-machine communication proliferates, safeguarding these “identities” becomes paramount and current regulations are lagging. Without a clear framework, machine identities can be hijacked, impersonated, or manipulated at scale, allowing attackers to bypass traditional security systems unnoticed. According to Gartner’s 2024 report, by 2026, 80% of organizations will struggle to manage non-human identities, creating fertile ground for breaches and compliance failures.

Joshua Saxe, CISO of OpenAI, spotlighted autonomous AI vulnerabilities, such as prompt injection attacks. In simple terms, prompt injection is a tactic where attackers embed malicious instructions into inputs that AI models process—tricking them into executing unauthorized actions. For instance, imagine a chatbot programmed to help customers. An attacker could embed hidden commands within an innocent-looking question, prompting the AI to reveal sensitive backend data or override operational settings. A 2024 MIT study found that 70% of large language models are susceptible to prompt injection, posing significant risks for AI-driven operations from customer service to automated decision-making.

Furthermore, despite the gold rush to deploy AI, it is still well understood that poor AI Governance Frameworks remain the stubborn obstacle for enterprises. A 2024 Deloitte survey found that 62% of enterprises cite governance as the top barrier to scaling AI initiatives.

## Building Trust in AI Systems
Regardless of the threat, its evident that our surface area of exposure increases as AI adoption scales and trust, will become the new currency of AI adoption. With AI technologies advancing faster than regulatory bodies can legislate, businesses must proactively champion transparency and ethical practices. That’s why the next two years will be pivotal for establishing the best practices in cyber security. Businesses that succeed will be those that act today to secure their AI infrastructures while fostering trust among customers and regulators, and ensure the following are in place:

• Auditing and protecting non-human AI identities.
• Conducting frequent adversarial testing of AI models.
• Establishing strong data governance before scaling deployments.
• Prioritizing transparency and ethical leadership in AI initiatives.

The AI-driven future will reward enterprises that balance innovation with security, scale with governance, and speed with trust. As next steps, every business leader should consider the following recommendations:

• Audit your AI ecosystem for non-human identities—including chatbots and autonomous workflows. Strengthen authentication protocols and proactively collaborate with legal teams to stay ahead of emerging frameworks like the EU’s AI Act, anticipated to close regulatory gaps by 2026.
• Implement regular vulnerability audits for AI models, particularly those interfacing with customers or handling sensitive data. Invest in adversarial testing tools to proactively detect and mitigate model weaknesses before adversaries can exploit them.
• Be transparent about your AI applications. Publicly share policies on data usage, model training processes, and system limitations. Engage actively with industry coalitions and regulatory bodies to influence pragmatic, innovation-friendly policies.

## Conclusion
In conclusion, as AI continues to transform industries, cybersecurity risks will continue to rise. It is essential for business leaders to take a proactive approach to securing their AI infrastructures, protecting non-human identities, and establishing strong data governance. By prioritizing transparency and ethical leadership, businesses can build trust with customers and regulators, ensuring a secure and successful AI-driven future.

## FAQs
Q: What are non-human identities in AI?
A: Non-human identities refer to machine-to-machine communication, such as chatbots and autonomous workflows, that need to be safeguarded to prevent hijacking, impersonation, or manipulation.
Q: What is prompt injection?
A: Prompt injection is a tactic where attackers embed malicious instructions into inputs that AI models process, tricking them into executing unauthorized actions.
Q: Why is AI governance important?
A: AI governance is crucial for scaling AI initiatives, as poor governance frameworks can create significant risks for breaches and compliance failures.
Q: How can businesses build trust in AI systems?
A: Businesses can build trust by auditing and protecting non-human AI identities, conducting frequent adversarial testing, establishing strong data governance, and prioritizing transparency and ethical leadership.

With the help of software and platforms for DEIA (Diversity, Equity, Inclusion, and Accessibility), organizations can make informed decisions that promote inclusivity and drive business success. By leveraging data and analytics, companies can identify areas of improvement and create a more equitable work environment. In this guide, we will explore the importance of using data to drive inclusive decision-making and provide strategies for implementation.

Understanding the Importance of Inclusive Decision-Making

Inclusive decision-making is critical for driving business success and promoting social responsibility. By considering diverse perspectives and experiences, organizations can make more informed decisions that benefit everyone. Moreover, inclusive decision-making can help to identify and address biases, leading to more equitable outcomes.

The Benefits of Inclusive Decision-Making

The benefits of inclusive decision-making are numerous, including improved employee engagement, increased innovation, and enhanced reputation. When employees feel included and valued, they are more likely to be motivated and productive, leading to better business outcomes. Additionally, inclusive decision-making can help to attract and retain top talent, as employees are more likely to want to work for an organization that values diversity and inclusion.

The Role of Data in Inclusive Decision-Making

Data plays a critical role in inclusive decision-making, as it provides insights into the experiences and perspectives of diverse groups. By analyzing data, organizations can identify areas of improvement and develop targeted strategies to address them. Moreover, data can help to measure the effectiveness of inclusive initiatives and track progress over time.

Collecting and Analyzing Data for Inclusive Decision-Making

To use data to drive inclusive decision-making, organizations must first collect and analyze relevant data. This can include data on employee demographics, engagement, and experiences, as well as data on customer demographics and experiences. Additionally, organizations can use data from external sources, such as social media and online reviews, to gain insights into the perceptions and experiences of diverse groups.

Types of Data to Collect

There are several types of data that organizations can collect to inform inclusive decision-making, including demographic data, engagement data, and experience data. Demographic data can provide insights into the diversity of the workforce and customer base, while engagement data can provide insights into employee motivation and productivity. Experience data can provide insights into the experiences of diverse groups, including feedback and concerns.

Tools and Software for Data Collection and Analysis

There are several tools and software available to help organizations collect and analyze data for inclusive decision-making. These include survey software, such as SurveyMonkey and Qualtrics, as well as data analytics platforms, such as Tableau and Power BI. Additionally, organizations can use social media listening tools, such as Hootsuite and Sprout Social, to gain insights into the perceptions and experiences of diverse groups.

Strategies for Using Data to Drive Inclusive Decision-Making

Once organizations have collected and analyzed data, they can use it to inform inclusive decision-making. This can involve using data to identify areas of improvement, develop targeted strategies, and measure the effectiveness of inclusive initiatives.

Identifying Areas of Improvement

Data can help organizations identify areas of improvement, such as gaps in diversity and inclusion, biases in hiring and promotion, and disparities in employee experiences. By analyzing data, organizations can pinpoint specific areas that require attention and develop targeted strategies to address them.

Developing Targeted Strategies

Data can help organizations develop targeted strategies to address areas of improvement. For example, if data shows that a particular group is underrepresented in leadership positions, an organization can develop a strategy to increase diversity in hiring and promotion. Additionally, data can help organizations develop strategies to address biases and disparities in employee experiences.

Measuring the Effectiveness of Inclusive Initiatives

Data can help organizations measure the effectiveness of inclusive initiatives, such as diversity and inclusion training, mentorship programs, and employee resource groups. By tracking key metrics, such as employee engagement and retention, organizations can determine whether their initiatives are having a positive impact and make adjustments as needed.

Best Practices for Using Data to Drive Inclusive Decision-Making

To get the most out of data-driven inclusive decision-making, organizations should follow best practices, such as ensuring data quality, using diverse and representative data sets, and involving diverse stakeholders in the decision-making process.

Ensuring Data Quality

Data quality is critical for accurate and reliable insights. Organizations should ensure that their data is accurate, complete, and up-to-date, and that it is collected and analyzed in a way that is free from bias.

Using Diverse and Representative Data Sets

Organizations should use diverse and representative data sets to ensure that their insights are comprehensive and accurate. This can involve collecting data from a variety of sources, including employee surveys, customer feedback, and social media.

Involving Diverse Stakeholders in the Decision-Making Process

Involving diverse stakeholders in the decision-making process can help ensure that perspectives and experiences are considered. This can involve including diverse employees, customers, and community members in the decision-making process, as well as seeking input from external experts and organizations.

Conclusion

In conclusion, using data to drive inclusive decision-making is critical for driving business success and promoting social responsibility. By collecting and analyzing data, organizations can identify areas of improvement, develop targeted strategies, and measure the effectiveness of inclusive initiatives. By following best practices, such as ensuring data quality and involving diverse stakeholders in the decision-making process, organizations can get the most out of data-driven inclusive decision-making.

Frequently Asked Questions

What is inclusive decision-making?

Inclusive decision-making is the process of considering diverse perspectives and experiences when making decisions. It involves involving diverse stakeholders in the decision-making process and using data and analytics to inform decisions.

Why is inclusive decision-making important?

Inclusive decision-making is important because it can help organizations make more informed decisions that benefit everyone. It can also help to identify and address biases, leading to more equitable outcomes.

How can organizations collect and analyze data for inclusive decision-making?

Organizations can collect and analyze data for inclusive decision-making by using survey software, data analytics platforms, and social media listening tools. They can also collect data from external sources, such as customer feedback and social media.

What are some best practices for using data to drive inclusive decision-making?

Some best practices for using data to drive inclusive decision-making include ensuring data quality, using diverse and representative data sets, and involving diverse stakeholders in the decision-making process.

How can organizations measure the effectiveness of inclusive initiatives?

Organizations can measure the effectiveness of inclusive initiatives by tracking key metrics, such as employee engagement and retention. They can also use data to evaluate the impact of initiatives on diverse groups and make adjustments as needed.

With a billion stolen passwords up for sale on dark web criminal marketplaces, and infostealer malware attacks continuing to add to that number, it’s no wonder that cybercriminals are turning to automatic password hacking machines in their nefarious campaigns. Microsoft has issued a warning of a new password spraying attack by a hacking group identified only as Storm-1977 that is targeting cloud tenants.

Beware This Password Spraying Attack, Microsoft Warns

The Microsoft Threat Intelligence team has published a new warning after observing hackers taking particular advantage of unsecured workload identities in order to gain access to containerized environments. With Microsoft research showing that 51% of such workload identities being completely inactive over the past year, it’s no wonder that threat actors are exploiting this attack surface. The password spraying attack exploited a command line interface tool called AzureChecker to “download AES-encrypted data that when decrypted reveals the list of password spray targets,” the report said.

How the Attack Works

The password spraying attack specifically targeting cloud tenants in the education sector, has now been pinned on the Storm-1977 threat group. The attack enabled the Storm-1977 hackers to then leverage a guest account in order to create a compromised subscription resource group and, ultimately, more than 200 containers that were used for cryptomining. The successful attack was made possible by the use of a command line interface tool called AzureChecker, which was used to download AES-encrypted data that contained the list of password spray targets.

How to Mitigate Password Spraying Attacks in General

Talk to just about any cybersecurity professional, and the solution to the problem of password spraying attacks is simple: eliminate passwords. Passwords are no longer enough to keep us safe online. The move towards a passwordless future has already begun for many as they start on the passkey journey. Chris Burton, head of professional services at Pentest People, says that “where possible, we should be using passkeys, they’re far more secure, even if adoption is still patchy.” Lorri Janssen-Anessi, director of external cyber assessments at BlueVoyant, agrees that businesses should consider passwordless solutions, such as authentication methods using biometrics and secure tokens.

Mitigating the AzureChecker Password Spraying Container Attack Threat

Microsoft recommends the following mitigations to prevent password spraying attacks:

• Use strong authentication when exposing sensitive interfaces to the internet.
• Use strong authentication methods for the Kubernetes API to help prevent attackers from gaining access to the cluster even if valid credentials such as kubeconfig are obtained.
• Avoid using the read-only endpoint of Kubelet on port 10255, which doesn’t require authentication.
• Configure the Kubernetes role-based access controls for each user and service account to have only those permissions that are absolutely necessary.

Conclusion

The Microsoft password spraying attack warning should tell us that password reuse is bad, and compromised passwords can be used to facilitate further hacking activity. Credential stuffing is something that isn’t going to go away, and newer threats are only accelerating this risk. It’s time to consider passwordless solutions, such as passkeys, biometrics, and secure tokens, to keep our online accounts secure.

FAQs

• What is a password spraying attack?
  A password spraying attack is a type of cyber attack where hackers use automated tools to try a large number of passwords against a targeted system or account.
• How can I prevent password spraying attacks?
  To prevent password spraying attacks, use strong authentication methods, such as passkeys, biometrics, and secure tokens, and avoid using weak passwords or reusing passwords across multiple accounts.
• What is the risk of password spraying attacks?
  The risk of password spraying attacks is that they can lead to unauthorized access to sensitive systems and data, and can be used to facilitate further hacking activity, such as cryptomining or data theft.
• How can I protect my cloud tenants from password spraying attacks?
  To protect your cloud tenants from password spraying attacks, use strong authentication methods, such as Azure Active Directory, and configure role-based access controls to limit access to sensitive resources.
• What is the future of password security?
  The future of password security is likely to involve a move towards passwordless solutions, such as passkeys, biometrics, and secure tokens, which can provide stronger and more convenient authentication methods.