Help manage security risks when using AI
Artificial intelligence (AI) is used widely by businesses to improve or streamline operations and processes. Like any digital product or service, it comes with online security risks.
It’s important to know what protections you need to put in place to ensure your business is using AI as securely as possible.
What are the AI security risks for my business?
AI tools and systems can be targeted by cybercriminals to disrupt or mislead them into giving sensitive, wrong or unsafe information.
Prompt injections
Attackers can use ‘prompt injections’ which are malicious inputs disguised as legitimate requests designed to confuse or mislead the AI into giving sensitive, wrong or unsafe answers.
Hallucinations
AI systems can also make up information, called hallucinations, where the response sounds correct but isn’t true. These risks can compromise decision-making, customer interactions, and operational integrity. Whether caused by hackers or inadvertently, due to technological limitations in the AI system, unreliable outputs pose significant cyber security and business risks.
Example: In 2025, a lawyer used AI to prepare a court document, but it generated false legal cases that the lawyer didn’t verify before submitting to the court. After the court discovered this, the lawyer was barred from operating and owning a law practice.
Cloud-base AI software
If your business is using cloud-based AI software applications such as chatbots or customer relationship management systems there are additional risks as the underlying infrastructure of these systems are often managed by third-party providers.
Example: In April 2024, an education business discovered a data breach affecting tens of thousands of students, parents, guardians and staff. A hacker exploited a vulnerability to access their system. A security patch was available but wasn’t installed. The exposed system contained highly sensitive information. It included fee records, childhood education and care details, children’s status, welfare requests and medical certificates.
How to manage AI security risks
-
Make sure your staff are trained to verify AI outputs for inaccurate information, biases, unethical or irrelevant responses.
-
Use trusted and regularly updated AI models that prioritise security.
-
Regularly monitor the AI systems behaviour for unusual patterns or anything out of the ordinary.
-
Regularly review any AI-integrated processes (either in real time for critical tasks or during scheduled checks).
-
Ensure the AI tool you’re using has a commitment to security, including its use of third-party tools or services.
-
Understand the AI vendor’s cyber security incident notification process.
AI technology is rapidly developing which continues to have implications for your online security. For example, Frontier AI which can find exploitable vulnerabilities in software a lot faster and at greater scale than current models which can then be used for cyber attacks. Making sure your business is doing the basics like installing software updates as soon as they are available can help better protect your business.
AI security checklist
We have created a short, downloadable checklist for you to go through to help you manage your AI security.