版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
Don’tLetYourAIControl
You:ManageAITrust,RiskandSecurity
MarkHorvath
©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.Thispublicationmaynotbereproducedordistributedinanyform
withoutGartner'spriorwrittenpermission.ItconsistsoftheopinionsofGartner'sresearchorganization,whichshouldnotbeconstruedasstatementsoffact.Whiletheinformationcontainedinthispublicationhasbeenobtainedfromsourcesbelievedtobereliable,Gartnerdisclaimsallwarrantiesastotheaccuracy,completenessoradequacyofsuchinformation.AlthoughGartnerresearchmayaddresslegalandfinancialissues,Gartnerdoesnotprovidelegalorinvestmentadviceanditsresearchshouldnotbeconstruedorusedassuch.YouraccessanduseofthispublicationaregovernedbyGartner’sUsagePolicy.Gartnerpridesitselfonitsreputationforindependenceandobjectivity.Itsresearchisproducedindependentlybyitsresearchorganizationwithoutinputor
influencefromanythirdparty.Forfurtherinformation,see"GuidingPrinciplesonIndependenceandObjectivity."
AI‘Misperformance’
CanThreatenHumanLife
HowAbout:
•Examproctoring
•Uncorroboratedinformation
•Failingself-drivingcars
•Deepfake-infusedfraud
•Employmentopportunity
•Imprisonment?
•Worse?
Source:FacialRecognitionLeadstoWeek-LongWrongfulImprisonment,TechSpot
2©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
KeyIssues
2
WhatYouNeed
toDoAboutNewAIRisks?
1
Where,WhenandHowCanAIBeCompromised?
3©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
KeyIssues
2
WhatYouNeed
toDoAboutNewAIRisks?
1
Where,WhenandHowCanAIBeCompromised?
4©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlentyofModelsto
CompromiseandAttack
NumberofAIModelsDeployedtoDate
73%
ofOrganizationsHave
HundredsorThousandsofModelsDeployed
n=324;Base:UsingAI(S08),excludesunsure
Q13A.HowmanyAImodelshasyourorganizationdeployedtodate?Source:2021GartnerP-21023AIinOrganizationsSurvey
5©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Dozens
Hundreds
Thousands
HundredsofThousands
AISolutionsAretheTopEmergingTechnology
EmergingTechnologiesDeployedorPlannedtoDeployinNext12Months
48%
Artifical
Intelligence
DistributedSASE
Cloud
n=2,186;CIOsandtechnologyexecutives
Source:2023GartnerCIOandTechnologyExecutiveSurvey
6©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Edge
Computing
Multiexperience
Development
Platform
MostRespondentsHaveAlreadyDeployedCloud
andAIorPlantoDeployintheNearTerm
StateofDeploymentforEmergingTechnologies
PercentageofRespondents
DistributedcloudArtificialintelligence/machinelearning
Edgecomputing Secureaccessserviceedge(SASE)MultiexperiencedevelopmentplatformDigitaltwin
ResponsibleAI
MLOps 5GBlockchain
nNointerestaWilldeployin2-3yearsaWilldeploybetween12to24monthsaWilldeploywithinnext12monthsaHavealreadydeployed
14%
21%
16%
15%
33%
6%
23%
21%
17%
32%
31%
25%
16%
11%
18%
20%
23%
23%
17%
18%
22%
31%
22%
13%
11%
41%
27%
13%
8%
10%
21%
37%
21%
12%
8%
24%
34%
20%
13%
10%
31%
28%
20%
11%
11%
46%
29%
11%
6%
8%
0%50%100%
n=2,186;CIOsandtechnologyexecutivesanswering
Q.Whatareyourenterprise'splansintermsofthefollowingdigitaltechnologiesandtrends?
Source:2023GartnerCIOandTechnologyExecutiveSurvey
7©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
RegulatoryCompliance
IsTopReasonWhy
Privacy,Securityand/orRiskAreBarriersto
AIImplementation
n=218;Base:AIprivacy,securityandriskmanagement(Q18)
Q19.Whatarethetop3reasonswhyprivacy,securityand/orriskarebarrierstotheimplementationofAItechniqueswithinyourorganization?
Source:2021GartnerP-21023AIinOrganizationsSurvey
8©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Top3BarrierstothePrivacy,SecurityImplementation
SumofTop3FirstChoice
20%
15%
15%
22%
11%
38%
37%
9%
9%
AIdatabreachesormaliciouscompromises
Datacompromisebyinternalstafforconsultants
Modeltheftormaliciousmanipulation
Regulatorycompliance
WorriesaboutbiasinAImodels
Benignmistakesinmodelprogrammingortrainingdata
Unpredictablemodelperformance
50%
44%
43%
42%
39%
0%30%60%
Compromisesand
AttacksSpanAllStagesofAIOps
Compromises&Attacks:
•Datapoisoningorcompromises
(anystage)andprivacyconcerns.
•Modeloutcomemanipulationordeteriorationatruntime.
•Modelordatamisuse,compromiseortheft.
9©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
AILifeCycle
01
02
03
DevelopDeployRun
ManyAIBreachesAreCausedbyInsiders
ActualTypesofBreaches
Multipleresponsesallowed
Datacompromisebyinternalparty
Datacompromisebyexternalparty
MaliciousattackonourAIinfrastructure(otherthandatacompromise)
60%
56%
27%
0%50%100%
n=131;Base:TeamofAIprivacybreachorsecurity
Q26.WhattypesofAIprivacybreachesand/orsecurityincidentswerethose?Source:2021GartnerP-21023AIinOrganizationsSurvey
10©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
GreaterConcernsAboutOutsidersAreMisplaced
PerceptionsofBreaches:MostWorriedAboutOutsiders
Multipleresponsesallowed
WhichpartiesisyourorganizationmostworriedaboutwhenitcomestoAIprivacy,securityand/orrisk?
Competitors,partnersorotherthirdparties
outsideourorganizationthatweshareAImodelsorlearningwith
MalicioushackersandentitieswhoseektoharmourorganizationbyhackingourAI
Insiderssuchasdatascientists,AIdevelopers,ITstaff
50%
49%
39%
0%
50%
100%
n=218;Base:AIprivacy,securityandriskmanagement(Q18)
Q20.WhichpartiesisyourorganizationmostworriedaboutwhenitcomestoAIprivacy,securityand/orrisk?Source:2021GartnerP-21023AIinOrganizationsSurvey
11©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
DeepfakeSocial
Engineering
SeriousNationalSecurityImplications:
DeepfakeofUkrainianPresidentZelenskycalls
oncitizenstosurrendertoRussiaand“laydowntheirarms”is
sharedonline.
Source:DeepfakeZelenskyySurrenderVideoIsthe"FirstIntentionallyUsed"inUkraineWar,Euronews.
12©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
In2024,
Predicts:
DeepfakesforSocial
Engineering
15%ofsuccessfulaccounttakeoverattackswilluse
deepfakestosociallyengineeruserstoturnoversensitivedata
ormovemoneyintocriminalaccounts.
13©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisargisidtrtmakofGatr,r,InIc..aanditisafifliialis..
Video
Text
Image
Voice
DigitalMediaTypes
PhysicalObject
Sensors
Camera
DataFeed
PhysicalVector
MaliciousInputstoAIModels;DigitalandPhysical
ManipulatedDigitalImages
CriminaladdsperturbationstodigitalimagetofoolAImodel
ManipulatedPhysicalSigns
Stickerchanges
signfrom
“speedlimit”to“noovertaking;”foolsself-drivingAImodel
Sources:iProov;DARTS:DeceivingAutonomousCarsWithToxicSigns,arXiv
14©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
QueryAttackAgainstAIModel:BlackBox
BlackBoxAttackDeterminesWhichInputstoUseforDesiredOutput
Attacker
•AttackGoal:
TrialInput
A,B,C
A,B,D
A,C,D
DesiredOutput?
No
No
Yes
Finduncommon,perturbatedinputexamplesthatresultinadesired
outcome,e.g.,forfinancialgainortoavoiddetection.
•AttackMethod:
Model
Repeatmodelqueriesuntilfeasibleinputanddesirableoutputpairshavebeenidentified.
BlackBoxAttack
15©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
QueryAttackAgainstAIModel:WhiteBox
WhiteBoxAttackRegeneratesTrainingDatasettoReproduceaSimilarModel
Attacker
•AttackGoal:
Generated
TrainingDataset
A,B,C
A,B,D
A,C,D
N
N
Y
Complete“reverseengineering”ofthemodel,e.g.,tostealIPorobtainsensitive/valuabletrainingdata.
•AttackMethod:
Model
WhiteBoxAttack
Manymodelqueriesto(re)generateatrainingdataset(input+label/target
rows),whichisthenusedtoreproduceasimilarmodel.
16©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
KeyIssues
2
WhatYouNeed
toDoAboutNewAIRisks?
1
Where,WhenandHowCanAIBeCompromised?
17©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
AITrustRisk&SecurityManagement(TRiSM)
UnmanagedRisks
AITRiSM
ManagedRisks
Explainability/
ModelMonitoring
AIApplicationSecurity
Privacy
ModelOps
TheAITRiSMMarketIncludesSolutionsforTheseFunctions
SupportsAI
•Governance
•Trustworthiness
•Fairness
•Reliability
•Privacy
•Security
•Compliance
18©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
FirstGetOrganized:AITRiSMIsaTeamSport
EnterpriseAIArchitects
InformationTechnology
Risk
Management
Privacy
Data
Analytics
LOB&
Operations
Compliance
Security
Legal
Ethics
19©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
CISOsNeedtoSpeakWithTheirAITeams
ThinkAIRiskIsConcerned
LikelytoMaterializeAboutAIRisk
CISO26%36%
AITeam53%51%
n=64;Base:CISOsinenterprisesatleastpilotingAIsolutionsn=49;Base:AIworkers
Q:WhatisthelikelihoodthatinformationriskstemmingfromAIsolutionswillmaterializeinthenext12-18monthsinyourenterprise?
Q:HowconcernedareyouaboutinformationriskinyourenterpriseassociatedwithAIsolutions?
Source:2021GartnerStateofAICyberRiskManagementStudy
20©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
OnceOrganized:SetYourPriorities
SuggestedTop5PrioritiesforAITRiSM
2
3
PrivacyandDataProtection
4
5
AISecurity
andResilience
AIRisk
Awareness
Robust
ModelOps
1
AIInventory:Explainability&Interpretability
21©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
FourReasonsWhyYouNeedAITRiSM
•Typicallyrequiresabest-of-breedtoolportfolioapproach
•Modelsanddatacandriftformanydifferentreasons,whichcancauseadverseconsequences
•AIposesconsiderabledatarisksassensitivedatasetsareoftenusedtotrainAImodels
•RegulatorsareissuinglawstoregulateAIindepth
22©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
ContinuousUseofAITRiSMSolutions
SafeguardsAIDelivery
UnmanagedRisks
AITRiSM
ManagedRisks
Explainability/
ModelMonitoring
Privacy
ModelOps
AIApplicationSecurity
23©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
By2026,
organizationsthatoperationalize
Predicts:
AITRiSM
ImprovesAIResults
AItransparency,trustand
securitywillseetheirAImodelsachievea50%result
improvementinterms
ofadoption,businessgoalsanduseracceptance.
Source:Gartner
registeredtrademarkofGartner,Inc.anditsaffiliates.
24©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
ExampleCaseStudy:TheDanishCancerSociety
•ThesocietyusesanAIproductthat
enablesitsresearcherstomoreeasilydiscoverinsightsintodata.
•Theproductusesmathematically
explainablemodelstoidentifygene
combinationsthatleadtohigher
incidenceofdeathfrombreastcancer.
•Thesediscoveriesareenabling
thesocietytodevelopmorepreciseandeffectivedrugs.
Explainability
25©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
ExampleCaseStudy:UnityHealthToronto
•UnityHealthTorontousedAITRiSM
conceptsandtoolsinafour-stepprocesstomakeitsmodels
moretrustworthy.
•ThisimprovedtheresultsitachievedfromAI.
•UnityHealthTorontodrastically
reducedmortalityinitshigh-risk
patients,duringtheCOVID-19
pandemic,byfollowingahuman-
centric,credibility-focusedapproach.
TrustedAI
26©2023Gartner,Inc.and/oritsaf
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 离婚协议书美国
- 医药研发合同2024年
- 个人私家车租赁合同
- 二手合法房屋买卖合同
- 电子身份认证系统开发授权协议
- 手房买卖学区房补充协议
- 电影拍摄聘用合同
- 企业年度庆典活动方案
- 单元主题二“沧海桑田”-地表形态的形成与演变-高中地理单元教学设计
- 买卖合同-油脂油料省间调拨合同8篇
- 大学学院学生奖助资金及相关经费发放管理暂行办法
- 神木市孙家岔镇神能乾安煤矿矿山地质环境保护与土地复垦方案
- 那些活了很久很久的树
- 2023年R2移动式压力容器充装操作证考试题及答案(完整版)
- 无为市人民医院城东医院建设项目环境影响报告书
- 九年级物理实验记录单
- 非煤矿山安全应急预案
- 高一英语阅读理解专练20篇
- 2022年湖北省高中学业水平考试真题-音乐学科
- 博朗IRT6520中文说明书家用版
- 旅行社运营实务电子课件 1.1 初识旅行社
评论
0/150
提交评论