<p>The global AI regulatory landscape is fragmented and volatile. As a result, cybersecurity leaders must reconcile competing compliance requirements and safeguard organizational AI without creating roadblocks to the overall AI strategy’s success.</p>
<p>While the EU AI Act imposes a comprehensive, risk-based approach with severe penalties, China has implemented laws to balance AI advancements with control over societal behaviors. Other major markets, such as the U.S., have yet to produce unified guidance. In the absence of unified federal guardrails, states are creating a <a href=”https://www.techtarget.com/searchenterpriseai/feature/A-state-by-state-guide-to-AI-laws-in-the-US”>patchwork of requirements</a> with both common and conflicting demands.</p>
<p>Cybersecurity leaders are confronting the reality of fulfilling these emerging, competing regulatory mandates even as AI adoption stretches the resources of their security programs. Most leaders report struggling to maintain visibility into embedded AI features deployed by vendors. Given the volume of AI tools and the speed of deployment, there is a significant degree of urgency to define appropriate cybersecurity controls for AI. Otherwise, organizations risk magnifying enterprise regulatory exposure and eroding any competitive advantage gained from AI adoption.</p>
<p>To establish future-proof cybersecurity controls capable of satisfying diverse, nonstandardized regulatory mandates, cybersecurity leaders must take a thoughtful, strategic approach grounded in collaboration, <a target=”_blank” href=”https://www.gartner.com/en/cybersecurity/topics/cybersecurity-and-ai” rel=”noopener”>risk-based principles and resilience</a>.</p>
<section class=”section main-article-chapter” data-menu-title=”Filter regulatory noise through internal partnerships”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Filter regulatory noise through internal partnerships</h2>
<p>Cybersecurity leaders must move beyond reliance on static global policy trackers to determine their exposure to emerging AI regulations and policies. They must also work with internal groups that represent assurance, governance and legal functions to determine the applicability of specific mandates.</p>
<p>Cybersecurity leaders should also consider relevant cybersecurity AI risk and the feasibility, cost and impact of potential controls. This requires aligning regulations with <a href=”https://www.techtarget.com/searchcio/tip/How-compliance-provides-stakeholders-evidence-of-success”>key stakeholders</a> to ensure cybersecurity-relevant components are embedded into the organization’s AI governance structure.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Ground AI strategy with risk-based principles”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Ground AI strategy with risk-based principles</h2>
<p><a href=”https://www.gartner.com/en/insights/generative-ai-for-business”></a>Traditional cybersecurity controls focus on mitigating harm to systems and data. With the rise of <a target=”_blank” href=”https://www.gartner.com/en/insights/generative-ai-for-business” rel=”noopener”>GenAI</a> and AI agents, cybersecurity leaders must guard against conventional confidentiality threats for enterprise AI, such as data breaches, data leakage, malware and insider threats, as well as new threats to the integrity of enterprise data that interacts with AI, such as hallucinations, inaccuracies and biases.</p>
<p>Emerging AI regulations go beyond threats to organizational data and intellectual property. They also explicitly target threats to people’s health, safety and liberty, demanding controls within the purview of the CISO. This is why cybersecurity leaders must build their compliance strategy on risk-based principles that lay the foundation for emerging laws and standards: safety, transparency, accountability, privacy and security.</p>
<p>For example, a baseline focus on data transparency and integrity might require cybersecurity leaders to prioritize controls that not only protect the data ingested by AI systems, but also extend <a href=”https://www.techtarget.com/searchsecurity/definition/identity-access-management-IAM-system”>identity and access management</a> controls from the human workforce to machine identities. This ensures strong authentication and authorization for both the employee interacting with AI and any AI agent.</p>
<p>Additionally, attempting to comply with every emerging regulation individually is a resource-intensive trap. Cybersecurity leaders must instead build a baseline compliance posture by aligning the principles underlying emerging AI regulations with efforts to clo
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: