Organizations are rapidly working on AI deployments for a host of benefits, however in a rush to roll-out AI projects, they often overlook the need to implement proper data security and AI security controls.  A case in point is the recent data leak with DeepSeek, an organization that develops open source LLMs. The breach exposed their database - which included user information, log streams and more sensitive information. The database, fed by the AI application, stored user prompts, which was used for training purposes. This incident could have been a RAG database connected to the model, or a database used for authentication or other purposes.

This incident is an example of a larger industry challenge: properly securing AI deployments.  According to a survey of C-suite executives from the IBM Institute for Business Value, 82% of respondents say secure and trustworthy AI is essential to the success of their business, yet only 24% of current generative AI projects are being secured. This leaves a staggering gap in the security of AI projects. Add to this ”shadow AI” - or unsanctioned AI models -present within organizations and the security gap for AI grows even more sizable.

Secure the Data, Secure the Model, Secure the Usage

IBM has been advocating a framework for securing AI that revolves around securing the key tenets of an AI deployment—securing the data, securing the model and securing the usage. In addition, organizations need to secure the infrastructure on which the AI models are being built and run. And they need to establish AI governance and monitor for fairness, bias and drift over time—all in a continuous manner to keep track of any changes or model drift.

Figure 1 IBM Framework for Securing Generative AI.

The DeepSeek incident emphasizes the importance of understanding the critical connections between data, models, and applications. It is essential to identify potential security issues or misconfiguration in each component. In this case, a misconfiguration of a publicly exposed database could be detected with proper security measures.

Spotlight: Securing the data and managing AI vulnerabilities

Generative models are often trained on large datasets, including potentially sensitive or proprietary data. Improper handling of training data or outputs could lead to data leaks, unintended sensitive data exposure, or compliance breaches.

Figure 2: Possible attacks on AI

Some of the best practices that organizations need to follow to secure their AI deployment include:

1.    Secure Model Training and Deployment Environments: Ensure secure infrastructure for model training and deployment. Use encrypted storage for sensitive data and secure access protocols. Leverage virtual private clouds, firewalls, and network isolation to reduce exposure.

2.    Establish Data Governance Policies: Discover and classify sensitive data to understand what data sources may be used for your AI use cases and who can access those data sources. Define clear policies on what data should be used for training and grounding into generative AI systems. Adopt anonymization techniques for sensitive data and apply protection to policies that are violated. 

3.    Utilize Security Monitoring and Logging: Deploy monitoring and logging tools to track model activity, flag unusual behavior, and ensure models operate as expected. Anomaly detection and logging also provide an audit trail, which can be crucial for troubleshooting and compliance.

4.    Mitigate Security Vulnerabilities: Use tools to identify and detect security vulnerabilities throughout the interactions of applications, models, and data sources. Apply remediation tactics such as enforcing least-privilege access to prevent unauthorized model training or usage.

IBM Guardium can help

IBM Guardium is a market leader in data security and has been used by clients for over a decade to protect their data. The following Guardium solutions can specifically help with securing data and AI models.

- IBM Guardium DSPM allows you to automatically discover, classify and protect sensitive data across cloud environments and SaaS applications. In this case, the solution could help detect a publicly exposed database, along with sensitive data, and raise the relevant vulnerabilities and remediation actions automatically.

- IBM Guardium AI Security allows you to manage the risk of sensitive data being used in AI models. You can discover unknown AI deployments (shadow AI), mitigate vulnerabilities in AI models and protect sensitive data, while meeting regulatory requirements. For example, Guardium AI Security can detecting the connection between the model, data, and application, and ultimately alerting the security team when a database is publicly exposed.

- IBM Guardium Data Security Center protects your data from current and emerging risks, including AI abuse and cryptographic attacks, all through a unified experience. It provides organizations the ability to manage the full data security lifecycle, from discovery to remediation and across all data environments. The solution allows you to break down silos and empowers security teams to collaborate across the organization through integrated workflows, a common view of data assets, centralized compliance policies and an open ecosystem. In this case, Guardium Data Security Center could have reported the vulnerabilities, sending events to SOAR, and visualizing dashboards.

To learn more about how you can secure and govern your AI deployments, join us for a webinar on Wednesday, February 26 at 11:00 AM EST. In the webinar, IBM experts will share insights on why security and governance are critical for generative AI and offer practical tips for securely deploying and governing these tools in your organization. 

[Webinar] Govern, secure, and monitor AI in one unified experience