Wing Security recently revealed that it now provides automatic control over thousands of AI and AI-powered SaaS apps through free discovery and a premium tier. This will enable businesses to better safeguard their data and intellectual property (IP) from the ever-increasing and changing hazards associated with the use of AI.
The number of SaaS applications that integrate AI features seems to be growing daily. Wing Security, a SaaS security firm that studied over 320 businesses, reports that an astounding 83.2% of them employ GenAI products. Even though 99.7% of businesses employ SaaS solutions that use AI capabilities to deliver their services, this data may not surprise you. Neither security teams nor consumers are usually aware of this use of GenAI in SaaS services that are not ‘pure’ AI.
Your data may be used by 70% of the most widely used GenAI applications to train their models, and in many cases, you have total control over how it is configured.
After looking over hundreds of SaaS apps that used AI, Wing Security was able to classify the many ways that these apps used organizational data and provide a countermeasure for this emerging threat:
Data Storing
In certain scenarios, the AI can keep data for extended periods of time; in other scenarios, it can only keep information for brief periods of time. Data storing enables ongoing training of AI learning models and other models. Having said that, the primary cause for concern arises from the variety of threats that target SaaS systems. The data that an application stores may also be compromised when the application is compromised.
Model Training
AI systems are able to recognize patterns, trends, and insights that may be difficult for humans to analyze by analyzing enormous volumes of data. AI models learn from data and adjust over time, improving their accuracy and performance to provide better services to its end customers. This is made possible by machine learning algorithms. On the down side, giving these models access to your code, patents, sales, and marketing expertise gives AI-using applications the ability to potentially commoditize the competitive advantage of your company. Some people view these knowledge breaches as being more serious than data spills.
The Human Element
In order to guarantee the precision and dependability of the data they collect, certain AI systems make use of human validation. Often called person-in-the-loop or human-assisted AI, this cooperative method entails incorporating human expertise into the algorithmic decision-making process. As a result, the AI model performs more accurately, but a human working on the GenAI program is also exposed to potentially sensitive information.
Leveraging automation to combat AI-SaaS risks
With Wing’s latest AI solution, security teams can be assured that they will be able to better manage and adjust to the rapidly expanding and nearly unstoppable use of AI within their businesses. Three fundamental steps make up their solution: Know, Assess, Control.
Know
Finding them all is the first step, much like with many security risks. Simply flagging the “usual suspects” or pure GenAI apps like ChatGPT or Bard is insufficient when it comes to AI. Since AI is currently being used by thousands of SaaS apps to enhance their offerings, every application that uses customer data to enhance its models must be included in the discovery process. Wing is providing this initial, crucial step as a free self-service solution, just like with their prior solutions, to enable users to self-onboard and begin learning about the scope of AI-powered apps utilized by their staff.
Evaluate
Wing automatically generates a security score and describes how firm data is used by the AI once AI-using SaaS has been discovered. For what duration is it stored? Exists a human component? Lastly, and maybe most crucially, is it adjustable? giving a thorough overview of the users, permissions, and security details of the program. Security teams can make wiser choices thanks to this computerized analysis.
Control
Security teams may quickly assess the degree of danger and the kinds of activities required by using Wing’s discovery and analysis, which highlights the most important issues to resolve. For instance, choosing whether to approve the use of a specific application or just setting up the AI components to better adhere to their security guidelines.
The Secret: Automating All Of The Above
Security teams can save time by automating Discovery, Assessment, and Control rather than overstretching themselves to address a vast and constantly changing attack surface. This greatly lowers danger as a result.
Wing’s automated workflows also enable a novel cross-organizational solution: rather than relying solely on black or white listing, Wing encourages more informed security solutions by enabling direct communication between users and the application’s admin or other users.
SaaS apps are widely used in this day and age, but integrating them with AI presents a different kind of difficulty. On the one hand, employees should be able to take use of AI’s numerous advantages as it has emerged as a fantastic tool for increasing productivity. Conversely, the growing dependence of SaaS apps on AI raises concerns about the possible hazards linked to data utilization.
In response to this difficulty, Wing Security has developed a novel strategy designed to enable enterprises to manage the increasing integration of AI into their operations, while also keeping end users informed and guaranteeing their safe usage of the AI-SaaS they require. Their automated control platform addresses challenges like data storage, model training, and the human element in the AI loop, offering a thorough grasp of how AI applications use organizational data and expertise. User involvement and clear risk prioritization help security teams save valuable time.
