Cyber Risks Associated with Adoption of Generative AI Tools

As artificial intelligence (AI) continues to revolutionize the business landscape, midsized organizations find themselves at a crossroads, balancing the transformative potential of AI against the heightened risks it introduces. While forward-thinking companies leverage generative and agentic AI to enhance operational efficiency, they must remain vigilant against the growing sophistication of AI-driven cyber threats.

In this piece, we will explore the vulnerabilities associated with AI, offer frameworks for assessing AI-related risks, and detail best practices for safeguarding organizational data. As a finalist for SC Awards 2025 Best Managed Detection and Response (MDR) Service, Pondurance is dedicated to equipping organizations with the tools they need to eliminate breach risks in this ever-evolving threat landscape.

Understanding the Vulnerabilities of Generative AI in Cybersecurity

AI serves as a double-edged sword for midsized organizations, empowering them to innovate while simultaneously exposing them to new vulnerabilities. Key risks arising from generative AI include:

1. Enhanced Cyberattacks: Cybercriminals are leveraging AI to execute more effective and challenging-to-detect attacks. AI algorithms streamline the gathering of open-source intelligence, enabling attackers to craft highly personalized phishing attempts that mimic legitimate business communications.
2. Internal Data Risks: As organizations incorporate AI tools into their workflows, the handling of sensitive information becomes a critical concern. Using open-source AI applications can expose confidential data if not carefully managed.

The Impact of Smarter Cyberattacks

AI increases the effectiveness of cyberattacks by facilitating sophisticated phishing techniques that produce messages indistinguishable from authentic communications. The rise of business email compromise (BEC) scams exemplifies this threat, where attackers, utilizing generative AI capabilities, can create convincing correspondence that evades detection.

Additionally, emerging technologies like deepfake voice and video complicate the verification process, rendering traditional methods, such as phone calls, less reliable and creating new opportunities for deception.

Assessing AI Risks: A Framework for Organizations

To address the risks presented by AI adoption, organizations must implement a structured approach to risk management. The World Economic Forum’s recent report outlines essential questions for business leaders to consider:

• Is there a clear understanding of risk tolerance among stakeholders?
• How are the risks of AI weighed against potential rewards?
• Are effective governance policies established for the deployment of AI projects?
• Are organizations aware of their unique vulnerabilities associated with AI technologies?

At Pondurance, we encourage adherence to established standards such as the NIST Cybersecurity Framework (CSF) 2.0 and NIST SP 800-53. These frameworks provide essential governance structures for AI security, ensuring comprehensive protection measures.

A Risk-Based Approach: The Foundation of Our MDR Services

In the current threat landscape, organizations must adopt a risk-based methodology for cybersecurity. Our managed detection and rResponse (MDR) service is tailored to tackle the unique challenges posed by AI-driven cyber threats. By employing a risk-based strategy, Pondurance enables organizations to:

• Prioritize Cybersecurity Investments: Identify and assess vulnerabilities, allowing organizations to allocate resources effectively where they are needed most.
• Foster Continuous Monitoring: Provide ongoing surveillance of your environment, ensuring real-time identification and response to potential threats.
• Enhance Incident Response: Equip organizations with robust incident response plans that adapt to emerging threats, including AI-driven attacks.

By integrating risk management into our MDR architecture, we empower organizations to respond proactively to the evolving landscape of cyber threats while minimizing risks associated with their adoption of generative AI technologies.

Best Practices for Secure AI Implementation

As organizations deploy AI technologies, adhering to these best practices can significantly reduce breach risks:

• Integrate AI Governance: Align AI governance policies with acceptable use policies to strengthen data protection initiatives.
• Enhance Cybersecurity Training: Implement ongoing training programs that address emerging threats, particularly those posed by AI advancements.
• Conduct Regular Vendor Assessments: Establish robust vendor risk assessment practices for third-party AI access, ensuring continuous evaluation.
• Strengthen User Access Controls: Limit access to sensitive data and improve identity management practices to mitigate risks associated with AI-generated attacks.
• Adopt a Zero Trust Approach: Ensure that all access points, including third-party applications, adhere to zero trust principles.

Embrace AI Responsibly

AI is now an integral aspect of business operations, and midsized organizations must adopt its capabilities with a strategic focus on security and compliance. As a finalist for Best MDR Services, Pondurance is committed to guiding organizations on their cybersecurity journey. Our innovative platform offers tailored managed detection and response solutions designed specifically to protect sensitive data against AI-fueled threats.

By establishing a proactive cybersecurity posture today, organizations can reap the benefits of AI while effectively managing the associated risks of tomorrow.

About the Author

Dustin Hutchison is the Vice President of Services and Chief Information Security Officer at Pondurance. Dustin has over 20 years of experience in information security, risk management, and regulatory compliance. Prior to joining Pondurance, Dustin was a risk and compliance professional focusing on HIPAA, Payment Card Industry Data Security Standard, and risk assessments for new technology acquisitions ranging from infrastructure solutions to patient care devices. Dustin is also currently an adjunct professor at Ivy Tech Community College, Sullivan University, Embry-Riddle Aeronautical University, and University of the Cumberlands, teaching undergraduate through doctoral level technology and cybersecurity courses. Dustin’s Ph.D. dissertation topic focused on the adoption of cloud computing in healthcare. Dustin Hutchison can be reached at our company website https://www.pondurance.com/