版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
Don’tLetYourAIControl
You:ManageAITrust,RiskandSecurity
MarkHorvath
©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.Thispublicationmaynotbereproducedordistributedinanyform
withoutGartner'spriorwrittenpermission.ItconsistsoftheopinionsofGartner'sresearchorganization,whichshouldnotbeconstruedasstatementsoffact.Whiletheinformationcontainedinthispublicationhasbeenobtainedfromsourcesbelievedtobereliable,Gartnerdisclaimsallwarrantiesastotheaccuracy,completenessoradequacyofsuchinformation.AlthoughGartnerresearchmayaddresslegalandfinancialissues,Gartnerdoesnotprovidelegalorinvestmentadviceanditsresearchshouldnotbeconstruedorusedassuch.YouraccessanduseofthispublicationaregovernedbyGartner’sUsagePolicy.Gartnerpridesitselfonitsreputationforindependenceandobjectivity.Itsresearchisproducedindependentlybyitsresearchorganizationwithoutinputor
influencefromanythirdparty.Forfurtherinformation,see"GuidingPrinciplesonIndependenceandObjectivity."
AI‘Misperformance’
CanThreatenHumanLife
HowAbout:
•Examproctoring
•Uncorroboratedinformation
•Failingself-drivingcars
•Deepfake-infusedfraud
•Employmentopportunity
•Imprisonment?
•Worse?
Source:FacialRecognitionLeadstoWeek-LongWrongfulImprisonment,TechSpot
2©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
KeyIssues
2
WhatYouNeed
toDoAboutNewAIRisks?
1
Where,WhenandHowCanAIBeCompromised?
3©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
KeyIssues
2
WhatYouNeed
toDoAboutNewAIRisks?
1
Where,WhenandHowCanAIBeCompromised?
4©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
PlentyofModelsto
CompromiseandAttack
NumberofAIModelsDeployedtoDate
73%
ofOrganizationsHave
HundredsorThousandsofModelsDeployed
n=324;Base:UsingAI(S08),excludesunsure
Q13A.HowmanyAImodelshasyourorganizationdeployedtodate?Source:2021GartnerP-21023AIinOrganizationsSurvey
5©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Dozens
Hundreds
Thousands
HundredsofThousands
AISolutionsAretheTopEmergingTechnology
EmergingTechnologiesDeployedorPlannedtoDeployinNext12Months
48%
Artifical
Intelligence
DistributedSASE
Cloud
n=2,186;CIOsandtechnologyexecutives
Source:2023GartnerCIOandTechnologyExecutiveSurvey
6©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Edge
Computing
Multiexperience
Development
Platform
MostRespondentsHaveAlreadyDeployedCloud
andAIorPlantoDeployintheNearTerm
StateofDeploymentforEmergingTechnologies
PercentageofRespondents
DistributedcloudArtificialintelligence/machinelearning
Edgecomputing Secureaccessserviceedge(SASE)MultiexperiencedevelopmentplatformDigitaltwin
ResponsibleAI
MLOps 5GBlockchain
nNointerestaWilldeployin2-3yearsaWilldeploybetween12to24monthsaWilldeploywithinnext12monthsaHavealreadydeployed
14%
21%
16%
15%
33%
6%
23%
21%
17%
32%
31%
25%
16%
11%
18%
20%
23%
23%
17%
18%
22%
31%
22%
13%
11%
41%
27%
13%
8%
10%
21%
37%
21%
12%
8%
24%
34%
20%
13%
10%
31%
28%
20%
11%
11%
46%
29%
11%
6%
8%
0%50%100%
n=2,186;CIOsandtechnologyexecutivesanswering
Q.Whatareyourenterprise'splansintermsofthefollowingdigitaltechnologiesandtrends?
Source:2023GartnerCIOandTechnologyExecutiveSurvey
7©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
RegulatoryCompliance
IsTopReasonWhy
Privacy,Securityand/orRiskAreBarriersto
AIImplementation
n=218;Base:AIprivacy,securityandriskmanagement(Q18)
Q19.Whatarethetop3reasonswhyprivacy,securityand/orriskarebarrierstotheimplementationofAItechniqueswithinyourorganization?
Source:2021GartnerP-21023AIinOrganizationsSurvey
8©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
Top3BarrierstothePrivacy,SecurityImplementation
SumofTop3FirstChoice
20%
15%
15%
22%
11%
38%
37%
9%
9%
AIdatabreachesormaliciouscompromises
Datacompromisebyinternalstafforconsultants
Modeltheftormaliciousmanipulation
Regulatorycompliance
WorriesaboutbiasinAImodels
Benignmistakesinmodelprogrammingortrainingdata
Unpredictablemodelperformance
50%
44%
43%
42%
39%
0%30%60%
Compromisesand
AttacksSpanAllStagesofAIOps
Compromises&Attacks:
•Datapoisoningorcompromises
(anystage)andprivacyconcerns.
•Modeloutcomemanipulationordeteriorationatruntime.
•Modelordatamisuse,compromiseortheft.
9©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
AILifeCycle
01
02
03
DevelopDeployRun
ManyAIBreachesAreCausedbyInsiders
ActualTypesofBreaches
Multipleresponsesallowed
Datacompromisebyinternalparty
Datacompromisebyexternalparty
MaliciousattackonourAIinfrastructure(otherthandatacompromise)
60%
56%
27%
0%50%100%
n=131;Base:TeamofAIprivacybreachorsecurity
Q26.WhattypesofAIprivacybreachesand/orsecurityincidentswerethose?Source:2021GartnerP-21023AIinOrganizationsSurvey
10©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
GreaterConcernsAboutOutsidersAreMisplaced
PerceptionsofBreaches:MostWorriedAboutOutsiders
Multipleresponsesallowed
WhichpartiesisyourorganizationmostworriedaboutwhenitcomestoAIprivacy,securityand/orrisk?
Competitors,partnersorotherthirdparties
outsideourorganizationthatweshareAImodelsorlearningwith
MalicioushackersandentitieswhoseektoharmourorganizationbyhackingourAI
Insiderssuchasdatascientists,AIdevelopers,ITstaff
50%
49%
39%
0%
50%
100%
n=218;Base:AIprivacy,securityandriskmanagement(Q18)
Q20.WhichpartiesisyourorganizationmostworriedaboutwhenitcomestoAIprivacy,securityand/orrisk?Source:2021GartnerP-21023AIinOrganizationsSurvey
11©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
DeepfakeSocial
Engineering
SeriousNationalSecurityImplications:
DeepfakeofUkrainianPresidentZelenskycalls
oncitizenstosurrendertoRussiaand“laydowntheirarms”is
sharedonline.
Source:DeepfakeZelenskyySurrenderVideoIsthe"FirstIntentionallyUsed"inUkraineWar,Euronews.
12©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
In2024,
Predicts:
DeepfakesforSocial
Engineering
15%ofsuccessfulaccounttakeoverattackswilluse
deepfakestosociallyengineeruserstoturnoversensitivedata
ormovemoneyintocriminalaccounts.
13©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisargisidtrtmakofGatr,r,InIc..aanditisafifliialis..
Video
Text
Image
Voice
DigitalMediaTypes
PhysicalObject
Sensors
Camera
DataFeed
PhysicalVector
MaliciousInputstoAIModels;DigitalandPhysical
ManipulatedDigitalImages
CriminaladdsperturbationstodigitalimagetofoolAImodel
ManipulatedPhysicalSigns
Stickerchanges
signfrom
“speedlimit”to“noovertaking;”foolsself-drivingAImodel
Sources:iProov;DARTS:DeceivingAutonomousCarsWithToxicSigns,arXiv
14©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
QueryAttackAgainstAIModel:BlackBox
BlackBoxAttackDeterminesWhichInputstoUseforDesiredOutput
Attacker
•AttackGoal:
TrialInput
A,B,C
A,B,D
A,C,D
DesiredOutput?
No
No
Yes
Finduncommon,perturbatedinputexamplesthatresultinadesired
outcome,e.g.,forfinancialgainortoavoiddetection.
•AttackMethod:
Model
Repeatmodelqueriesuntilfeasibleinputanddesirableoutputpairshavebeenidentified.
BlackBoxAttack
15©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
QueryAttackAgainstAIModel:WhiteBox
WhiteBoxAttackRegeneratesTrainingDatasettoReproduceaSimilarModel
Attacker
•AttackGoal:
Generated
TrainingDataset
A,B,C
A,B,D
A,C,D
N
N
Y
Complete“reverseengineering”ofthemodel,e.g.,tostealIPorobtainsensitive/valuabletrainingdata.
•AttackMethod:
Model
WhiteBoxAttack
Manymodelqueriesto(re)generateatrainingdataset(input+label/target
rows),whichisthenusedtoreproduceasimilarmodel.
16©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
KeyIssues
2
WhatYouNeed
toDoAboutNewAIRisks?
1
Where,WhenandHowCanAIBeCompromised?
17©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
AITrustRisk&SecurityManagement(TRiSM)
UnmanagedRisks
AITRiSM
ManagedRisks
Explainability/
ModelMonitoring
AIApplicationSecurity
Privacy
ModelOps
TheAITRiSMMarketIncludesSolutionsforTheseFunctions
SupportsAI
•Governance
•Trustworthiness
•Fairness
•Reliability
•Privacy
•Security
•Compliance
18©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
FirstGetOrganized:AITRiSMIsaTeamSport
EnterpriseAIArchitects
InformationTechnology
Risk
Management
Privacy
Data
Analytics
LOB&
Operations
Compliance
Security
Legal
Ethics
19©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
CISOsNeedtoSpeakWithTheirAITeams
ThinkAIRiskIsConcerned
LikelytoMaterializeAboutAIRisk
CISO26%36%
AITeam53%51%
n=64;Base:CISOsinenterprisesatleastpilotingAIsolutionsn=49;Base:AIworkers
Q:WhatisthelikelihoodthatinformationriskstemmingfromAIsolutionswillmaterializeinthenext12-18monthsinyourenterprise?
Q:HowconcernedareyouaboutinformationriskinyourenterpriseassociatedwithAIsolutions?
Source:2021GartnerStateofAICyberRiskManagementStudy
20©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
OnceOrganized:SetYourPriorities
SuggestedTop5PrioritiesforAITRiSM
2
3
PrivacyandDataProtection
4
5
AISecurity
andResilience
AIRisk
Awareness
Robust
ModelOps
1
AIInventory:Explainability&Interpretability
21©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
FourReasonsWhyYouNeedAITRiSM
•Typicallyrequiresabest-of-breedtoolportfolioapproach
•Modelsanddatacandriftformanydifferentreasons,whichcancauseadverseconsequences
•AIposesconsiderabledatarisksassensitivedatasetsareoftenusedtotrainAImodels
•RegulatorsareissuinglawstoregulateAIindepth
22©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
ContinuousUseofAITRiSMSolutions
SafeguardsAIDelivery
UnmanagedRisks
AITRiSM
ManagedRisks
Explainability/
ModelMonitoring
Privacy
ModelOps
AIApplicationSecurity
23©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
By2026,
organizationsthatoperationalize
Predicts:
AITRiSM
ImprovesAIResults
AItransparency,trustand
securitywillseetheirAImodelsachievea50%result
improvementinterms
ofadoption,businessgoalsanduseracceptance.
Source:Gartner
registeredtrademarkofGartner,Inc.anditsaffiliates.
24©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
ExampleCaseStudy:TheDanishCancerSociety
•ThesocietyusesanAIproductthat
enablesitsresearcherstomoreeasilydiscoverinsightsintodata.
•Theproductusesmathematically
explainablemodelstoidentifygene
combinationsthatleadtohigher
incidenceofdeathfrombreastcancer.
•Thesediscoveriesareenabling
thesocietytodevelopmorepreciseandeffectivedrugs.
Explainability
25©2023Gartner,Inc.and/oritsaffiliates.Allrightsreserved.GartnerisaregisteredtrademarkofGartner,Inc.anditsaffiliates.
ExampleCaseStudy:UnityHealthToronto
•UnityHealthTorontousedAITRiSM
conceptsandtoolsinafour-stepprocesstomakeitsmodels
moretrustworthy.
•ThisimprovedtheresultsitachievedfromAI.
•UnityHealthTorontodrastically
reducedmortalityinitshigh-risk
patients,duringtheCOVID-19
pandemic,byfollowingahuman-
centric,credibility-focusedapproach.
TrustedAI
26©2023Gartner,Inc.and/oritsaf
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 分析育婴师职业形象的2024年试题及答案
- 前沿解读:人力资源管理师试题及答案
- Unit 6 Rain or Shine Section A 1a-1d教案 2024-2025学年人教版(2024)七年级英语下册
- 2024广东湛江开发区水务有限公司招聘技术人员16人笔试参考题库附带答案详解-1
- 八年级地理上册 第三章 中国的自然资源 第一节 自然资源的基本特征教学实录 (新版)新人教版
- 2025年吉林省松原市宁江区中考一模化学试题(原卷版+解析版)
- 企业国际化战略与实施
- 倒闭酒店转让合同范例
- 关于分红合同标准文本
- 人工智能技术在工业4.0的推动力
- 2024年江苏省苏州市保安员资格考试模拟练习题及答案
- 2024年高速数据传输线项目可行性研究报告
- 医疗机构医疗废物管理规范考试试题及答案
- 阀门行业数字化转型
- 旅游车司机服务质量培训
- 宾馆装修明细合同模板
- 北京工业大学《软件工程(双语)》2023-2024学年期末试卷
- 2024版义务教育小学科学课程标准
- 八年级学生学情分析-20211031092110
- 2024年继续教育公需课考试题目及答案
- 林下经济项目方案
评论
0/150
提交评论