The Right Yes To AI
By Jeremy Ventura, Field CISO, Myriad360
AI is no longer a distant promise—it’s here, embedded in every facet of our work and personal lives. Tools like ChatGPT and Copilot are now everyday fixtures, adopted for everything from automating workflows to enhancing creativity. Their accessibility means employees across industries are already using them, often without waiting for approval.
The implications are clear: as organizations, we can’t simply say no to AI. Employees will find ways to use these tools, sanctioned or not. A recent survey revealed that 38% of AI-using employees admit to inputting sensitive work data into these platforms. Instead, we owe our teams the right kind of yes—a framework that allows them to reap the benefits of AI while keeping our businesses secure.
Before Talking to the Team: Organizational Preparation
Addressing Ownership Challenges
AI adoption can feel chaotic, especially when no one knows who’s responsible for securing it. Is it IT? Security? Leadership? Without clear ownership, critical gaps appear, leaving sensitive data exposed. During a presentation, a developer told me he regularly raises concerns about API vulnerabilities with his team, only to face resistance. The issue? A lack of clarity on who owns responsibility for securing these tools.
Establishing well-defined accountability ensures AI policies and tools are implemented consistently and effectively across the organization. This is especially crucial as we enter an era where regulatory scrutiny around AI will only intensify.
Balancing AI Productivity and Security
AI’s productivity benefits are undeniable. I’ve seen employees turn multi-day manual tasks into automated processes that take just minutes. Yet this efficiency comes with risks. A report showed that while 74% of executives are optimistic about AI’s potential, 55% cite data privacy and security as their top concerns. Striking the right balance between productivity and protection starts with understanding how AI tools interact with your organization’s sensitive data and processes.
Understanding the Continuum of AI Ownership
Not all AI tools are created equal, and organizations need to decide where they stand on the spectrum of ownership. At one end are off-the-shelf tools like ChatGPT, which offer quick wins but minimal control. At the other are proprietary large language models (LLMs), which demand significant investment but come with tailored security measures. While the investment is steep, the benefits could outweigh the risks, especially for organizations dealing with sensitive data.
Emerging Best Practices
Companies leading in AI adoption are already taking action. Some are building internal LLMs with integrated security controls, while others are negotiating stricter contracts with AI vendors to ensure compliance. Open-source AI tools, while appealing, come with unique risks. A 2024 study highlighted that 60% of open-source AI tools lacked robust security documentation, making them a risky choice for enterprise use.
Engaging the Team Once the Framework Is in Place
Change the Security Culture
Security should never feel like a roadblock to innovation. Instead, it must be a trusted partner. This starts with active engagement. Hosting workshops or forums where employees can explore AI in a guided, secure environment demonstrates that security is there to support—not hinder—their work. One developer at a recent conference told me my talk on API security changed the way he approaches coding, emphasizing the importance of proactive testing during development. This is the kind of culture shift we should aim for.
Education on Responsible Use
AI’s biggest strength is also its greatest vulnerability: its adaptability. Employees must be trained to think critically about the tools they use. Are they verifying inputs and outputs? Avoiding the entry of sensitive data into external systems? At Myriad360, we realized we needed to enhance our AI policy after seeing how technical staff used external AI platforms during their daily workflows. Education, paired with clear policies, ensures these tools are leveraged responsibly.
The Speed of AI Innovation
AI is evolving faster than ever, and so are the regulations surrounding it. By 2025, sweeping AI regulations will require organizations to ensure transparency in how algorithms make decisions, protect consumer data, and document AI development processes. Compliance won’t be optional—it will be a competitive necessity.
Organizations that embrace these changes proactively will position themselves not only to mitigate risks but also to unlock AI’s full potential. The future belongs to those who can say yes to AI the right way.
.avif)
