News

AI Security Report: AI/ML Tool Usage Skyrockets, Here Are Top 5 (& Most Blocked)

• By David Ramel
• 03/28/2024

Cloud security specialist Zscaler published a report on the state of AI security that finds the use of enterprise AI/ML tools has skyrocketed, led of course by ChatGPT, which also happens to be responsible for the most blocked.

Published yesterday, the "Zscaler ThreatLabz 2024 AI Security Report" is based on more than 18 billion transactions from April 2023 to January 2024 in the Zscaler Zero Trust Exchange cloud-based security services offering.

The report investigates how enterprises are using AI and ML tools today while listing key trends across business sectors and geographies in how enterprises are adapting to the ever-changing AI landscape and securing their AI tools.

An accompanying blog post listed key ThreatLabz AI findings:

• Explosive AI growth: Enterprise AI/ML transactions surged by 595 percent between April 2023 and January 2024.
• Concurrent rise in blocked AI traffic: Even as enterprise AI usage accelerates, enterprises block 18.5 percent of all AI transactions, a 577 percent increase signaling rising security concerns.
• Primary industries driving AI traffic: manufacturing accounts for 21 percent of all AI transactions in the Zscaler security cloud, followed by Finance and Insurance (20 percent) and Services (17 percent).
• Global AI adoption: the top five countries generating the most enterprise AI transactions are the US, India, the UK, Australia, and Japan.
• A new AI threat landscape: AI is empowering threat actors in unprecedented ways, including for AI-driven phishing campaigns, deepfakes and social engineering attacks, polymorphic ransomware, enterprise attack surface discovery, exploit generation, and more.

As mentioned above, another highlight revealed the most popular applications for enterprises as revealed by collected transaction data, listing:

• ChatGPT: You should already know all about this famous chatbot that started the whole gen AI craze, officially described as "a free-to-use AI system. Use it for engaging conversations, gain insights, automate tasks, and witness the future of AI, all in one place."
• Drift: Conversational AI.
• OpenAI: The company that created ChatGPT, as the Zscaler Zero Trust Exchange tracks ChatGPT transactions independently from other OpenAI transactions at large, perhaps including API calls.
• Writer: A full-stack generative AI platform.
• LivePerson: A conversational AI platform for business.

Perhaps surprisingly, ChatGPT and OpenAI are among the top three tools that are blocked the most, along with fraud detection platform Fraud.net.

The blocking of AI transactions has increased along with the usage of AI transactions, as could probably be expected. So countering that 595 percent uptick in enterprise AI/ML transactions is a 577 percent increase in blocked transactions, amounting to 18 percent of all transactions.

"This indicates that despite -- or even because of -- the popularity of these tools, enterprises are working actively to secure their use against data loss and privacy concerns," Zscaler said.

Another chart shows adds the top blocked AI domains.

Zscaler said its new report offer key guidance including:

• How to securely enable ChatGPT: a best practice case study for securing generative AI tools, in five steps.
• AI best practices and AI policy guidelines: AI frameworks and best practices that any enterprise can adopt.
• How Zscaler use AI to stop cyber threats and also enable secure AI transformation, the former by leveraging AI detections across each stage of the attack chain with holistic visibility into enterprise cyber risk, and the latter by various capabilities.

As far as item No. 2 in that list, the company said, "In general, enterprises can adopt a few key best practices when it comes to integrating AI tools into the business:

• Continually assess and mitigate the risks that come with AI-powered tools to protect intellectual property, personal data, and customer information.
• Ensure that the use of AI tools complies with relevant laws and ethical standards, including data protection regulations and privacy laws.
• Establish clear accountability for AI tool development and deployment, including defined roles and responsibilities for overseeing AI projects.
• Maintain transparency when using AI tools -- justify their use and communicate their purpose clearly to stakeholders.

"Enterprises are rapidly adopting AI and ML tools across departments like engineering, IT marketing, finance, customer success, and more," said the report's summary. "Yet, they must balance the numerous risks that come with AI tools to reap their fullest rewards. Indeed, to unlock the transformative potential of AI, enterprises must enable secure controls to protect their data, prevent the leakage of sensitive information, mitigate 'Shadow AI sprawl,' and ensure the quality of AI data."