How and Why to Vet Vendor AI Software Use for Security Risks - Episode 214

How and Why to Vet Vendor AI Software Use for Security Risks - Episode 214

On this week's Compliance Unfiltered, unlock the hidden risks driving AI security nightmares, and learn how proactive vendor vetting can save your organization from irreversible breaches. As AI integration accelerates across industries, many organizations are blindly rushing in, unaware of the lurking dangers that could compromise sensitive data and even their reputation. The CU Guys expose the critical gaps in vendor vetting practices and offers a clear roadmap to protect your business in the age of AI.


Episode Transcript:

Now, everybody's looking for a better, more efficient way to do everything.

And in 2026, that usually includes AI. How is this kind of a topic that should be on the forefront of everybody's mind?

Well, I mean, the, the, the advent of AI has, you know, fairly quickly, um, may have taken a front row seat in a lot of organizations in, in just about every industry. Um, you know, there's third party, you know, third parties that are integrating, you know, AI engines, chatbots into basic subscription packages, whether you're wanted or not. And, you know, AI is getting packaged into, you know, office products, search engines, employees are using them without even, you know, a consideration for any of the potential security implications. So, you know, as, as AI permeates the workspace, uh, it's not going away anytime soon, so, um, and that, that poses an issue for organizations.

They, they, AI presents some unique security challenges that, you know, most organizations aren't fully prepared to address, um, let alone that, you know, depending on the organization security stance, you need to be able to consider, you know, locking down software so that, you know, your folks can't inadvertently share inappropriate data with, you know, with third parties. So, um, you know, you need, you need a couple of different, you know, elements, um, to, to be able to, to be able to, to bring into play, um, you know, kind of a framework, if you will. So, um, you know, including your, you know, kind of your AI policy or approved software lists, your, you know, vendor vetting, you know, we already did, did a fair amount with, uh, you know, kind of AI, AI policies and approved software lists. So, you know, today we'll, we'll focus in on, uh, you know, on the, you know, kind of the vendor vetting, you know, leg of the stool, if you will, and, you know, how to, how to go about, you know, going through vetting vendors, et cetera.

So good times.

Good times indeed. Now, where should an organization start?

Well, as you're, as you're going in, first and foremost, just to kind of gloss over it, certainly every organization needs to have policies that are, you know, kind of governing the use of their, of their artificial intelligence. If you don't, if you don't have a standard for your organization, then people, people are, they're just going to paint whatever they want to paint. And that typically means outside the line. So that's not good for anybody.

But, you know, it's, it's going to introduce security risks for the organization that they, you know, they, they aren't even prepared for. So, you know, before you can go through deciding to vet any vendors, you need to make sure internally you've kind of done the, the, the forethought and thought leadership around, you know, how is our organization going to approach the, the advent of AI. You know, defining, you know, acceptable uses for AI, what constitutes sensitive data within the organization, you know, these are, these are kind of critical first steps where, you know, you want a well communicated standard. So that you can, you know, have a, have a shot at ensuring that your proprietary or protected data, you know, you know, doesn't end up in the, in the hands of an AI, AI system DB. So it's, it's kind of a good first step for organizations as they're starting to, you know, starting to pin things together.


Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(223)

Building AI Agents Securely - Episode 223

Building AI Agents Securely - Episode 223

AI agents are driving efficiency, but also introducing serious, often unseen security risks. As adoption accelerates, unvetted access, prompt injection, and poorly controlled environments can expose s...

2 Jul 24min

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

AI-Powered Attacks: Is Your Compliance Program Already Obsolete? - Episode 222

In an era of evolving AI-driven cyberattacks, traditional compliance programs are falling dangerously behind. Static controls create a false sense of security while attackers leverage AI to move faste...

25 Jun 18min

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Compliance Theater: Are You Actually Secure or Just Checking Boxes? - Episode 221

Most organizations are just performing compliance – ticking boxes, not building real security. What happens when the curtain is pulled back on these check-the-box programs? You might be under the illu...

18 Jun 20min

Audit Fatigue and How to Effectively Navigate It - Episode 220

Audit Fatigue and How to Effectively Navigate It - Episode 220

Caught in a cycle of audit requests, evidence chaos, and burnout? Discover a way out in this episode. Compliance Expert Adam Goslin joins Todd Coshow to reveal the hidden causes of audit fatigue and s...

11 Jun 21min

Identity is the New Perimeter (Zero Trust) - Episode 219

Identity is the New Perimeter (Zero Trust) - Episode 219

On this week's Compliance Unfiltered, discover why identity is the new perimeter in cybersecurity. This episode reveals how zero trust principles can protect your systems by continuously verifying use...

4 Jun 28min

Regulatory Explosion & Board-Level Accountability - Episode 218

Regulatory Explosion & Board-Level Accountability - Episode 218

Discover why compliance is now a boardroom priority, not just an IT task. In this episode, Todd Coshow and Adam Goslin reveal how outdated practices put organizations at risk. Learn about the shift to...

29 Mai 22min

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Will Your Compliance Software Vendor Protect Your Data? - Episode 217

Most companies overlook vendor vulnerabilities in compliance. On this episode, the CU Guys reveal hidden risks in vendor relationships, from breaches to vetting gaps. Discover tactics for evaluating v...

21 Mai 21min

Data Has Borders: The New Rules of Compliance - Episode 216

Data Has Borders: The New Rules of Compliance - Episode 216

Data compliance isn't just about protecting information anymore — it's about understanding where your data lives, how it moves, and how to stay compliant across borders. On this Episode of Compliance ...

14 Mai 20min

Populært innen Teknologi

lydartikler-fra-aftenposten
romkapsel
teknisk-sett
tomprat-med-gunnar-tjomlid
shifter
rss-kunstig-intelligens-med-elisabeth-maren-og-morten
teknologi-og-mennesker
smart-forklart
rss-ai-forklart
rss-ki-praten
energi-og-klima
elektropodden
rss-alt-som-gar-pa-strom
hans-petter-og-co
kortslutning
fornybaren
rss-heis
rss-digitaliseringspadden
rss-vippserne
rss-bitcoinpolitisk-institutt-norge