{"id":195720,"date":"2026-03-13T15:01:00","date_gmt":"2026-03-13T19:01:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/13\/the-biggest-ai-threats-come-from-within-12-ways-to-defend-your-organization-2\/"},"modified":"2026-03-14T01:00:36","modified_gmt":"2026-03-14T05:00:36","slug":"the-biggest-ai-threats-come-from-within-12-ways-to-defend-your-organization-2","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/13\/the-biggest-ai-threats-come-from-within-12-ways-to-defend-your-organization-2\/","title":{"rendered":"The biggest AI threats come from within \u2013 12 ways to defend your organization"},"content":{"rendered":"<p><a href=\"https:\/\/www.spiceworks.com\/security\/the-biggest-ai-threats-come-from-within-12-ways-to-defend-your-organization\/\">The biggest AI threats come from within \u2013 12 ways to defend your organization<\/a><\/p>\n<p><a href=\"https:\/\/www.spiceworks.com\/security\/the-biggest-ai-threats-come-from-within-12-ways-to-defend-your-organization\/\">https:\/\/www.spiceworks.com\/security\/the-biggest-ai-threats-come-from-within-12-ways-to-defend-your-organization\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-13 15:01:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.spiceworks.com\">www.spiceworks.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\t\t\t\t\t\t\t\tIt\u2019s become a bit of a clich\u00e9 to describe AI as a double-edged\u00a0Opens a new window sword, but that doesn\u2019t make the phrase untrue.Cybersecurity experts have been particularly vocal on this point. \u201cAI amplifies defense through faster detection and response but simultaneously lowers the cost and complexity of attacks,\u201d consulting firm EY wrote in a reportOpens a new window  published earlier this month called \u201cAI and cybersecurity: The new frontier of business resilience.\u201d\u201cWhile defenders use AI to identify threats, adversaries leverage the same technologies for deception,\u201d the report said.READ MORE:<br \/>\n\t\t    \t5 security tactics your business can&#8217;t get wrong in the age of AI &#8211; and why they&#8217;re criticalThe technology that\u2019s making cybersecurity defenses more robust, in other words, is also empowering the cybercriminalsOpens a new window \u00a0who are trying to break through those protections. Like Thor and Loki, or Batman and the Joker, the two foes constantly have to outpace and outmaneuver one another in what\u2019s shaping up to be a long, possibly never-ending arms race. (On a related note, AI developers like OpenAI have their own security arms race to contend with: the better that their models can protect against\u00a0prompt injection attacksOpens a new window , the more cunning those attacks become.)Counterintuitively, however, some experts say the gravest AI-powered threat to cybersecurity systems isn\u2019t from external hackers. Instead, the biggest threat comes from within organizations themselves, when employees use the technology without adequate internal guardrailsOpens a new window .Following a watershed MIT studyOpens a new window \u00a0last year, which found that over nine in 10 businesses\u2019 AI initiatives have failed to produce meaningful results, there\u2019s been a lot of debate around the value of a top-down approach to the technology (in which organizational leaders control how their employees use it) and a bottom-up approach (where employees are given more freedom to experiment with different tools). And according to Dan Mellen, EY\u2019s global cyber chief technology officer, taking a bottom-up approach to cybersecurity in the age of AI is asking for trouble.\u201cOrganizations should absolutely take a top-down approach to implementing security guardrails around employees\u2019 use of AI,\u201d Mellen told ZDNET. Compared with external threats, such as prompt-injection attacks, said Mellen, \u201cthe use of ungoverned intelligent tools by insiders \u2026 presents a significantly greater risk to the enterprise.\u201dEY\u2019s new report arrives at a time when AI agents are being peddled to businesses as productivity boostersOpens a new window \u00a0for employees. But while these systems\u2019 capacity to build apps and handle a range of other complex tasks continues to grow, they still come with as-yet unresolved security concerns. The most notable concern is that agents\u2019 greater autonomy comes with the potential for unexpected behavior. Evidence suggests agents are liable to behave unpredictably, sometimes with disastrous consequencesOpens a new window .Mellen is, therefore, just one voice among a growing chorus of cybersecurity experts who have been raising alarms that the deployment of agentsOpens a new window  within businesses is outpacing the implementation of effective guardrailsOpens a new window .READ MORE:<br \/>\n\t\t    \tWhy encrypted backups may fail in an AI-driven ransomware era12 tips for CISOsThis risk-from-within paradigm is precisely what EY wanted to address in its new AI and cybersecurity report.Broadly speaking, the report urges CISOs to approach cybersecurity with as much top-down visibility as possible: clearly mapping out how, where, and why AI is being used internally, and formulating action plans for when those systems behave unexpectedly.Here are the company\u2019s 12 strategic recommendations at a glance:1. First and foremost, develop internal AI governance policies. These policies should cover key considerations, such as how, where, when, and why the technology can be used, and which data models can access.2. Expand your horizon of possibilities. According to EY, cybersecurity professionals have historically focused their use of AI mainly on defending against attacks. Moving forward, they should embrace a more offensive mindset, using AI \u201cto identify and neutralize threats before they can impact systems,\u201d the company wrote in its report, through exercises like red-teaming.3. Build a framework to measure the ROI of internal AI use that accounts for quantitative gains (such as time and money saved) and qualitative gains (such as enhanced security).4. Have a system in place to continually monitor your internal AI systems\u2019 performance and their compliance with the ever-changing regulatory landscape.5. Going back to governance, make sure employees understand which uses of AI are acceptable and which aren\u2019t, and how to respond in cases when models start to act in unexpected ways.6. Be able to visualize your organization\u2019s internal use of AI. Build a dashboard that employees can access to gain a quick and clear overview of which models are in play, the datasets they\u2019re using, training requirements, and so on.7. Expand your AI platform portfolio. Start adopting AI-powered tools designed for specific cybersecurity functions, including automated response tools like\u00a0SmiForce\u00a0and security information and event management (SIEM) tools like\u00a0SentinelOneOpens a new window .8. Carefully map the data sources used by your internal AI systems\u00a0and where they\u2019re traveling to, especially if you\u2019re handling data across multiple jurisdictions with differing AI and privacy laws (for example, between the US and the EU). For an extra layer of security, consider implementing zero-trust architectures that treat any person or network attempting to access an internal database as a potential attacker that requires authentication.9. Train your employees to detect AI-generated scams, such as deepfakes and phishing attacks.10. Poke and prod your internal AI systems to try to detect and shore up vulnerabilities. Use red-teaming exercises to simulate prompt injection attacks and other scenarios. Implement multifactor authentication measures for agents undertaking sensitive tasks (ideally, one of those factors would be a human-in-the-loop to authenticate the agent).11. Join the broader conversation. Attend conferences hosted by organizations like the National Institute of Standards and Technology and the Open Worldwide Application Security Project to keep up with breaking developments in the ever-evolving field of AI-powered cybersecurity. Strike up conversations with other industry experts about emerging threats and the tactics that are being deployed to protect against them.12. Pay attention to the geopolitical chessboard. The limited supply of GPUs has become a major point of concern in the race between the US and China to build their respective AI industries. Keep an eye on shifting export controls and other factors that could limit your future chip supply, and plan accordingly.This story originally appeared on our sister site, ZDNET.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The biggest AI threats come from within \u2013 12 ways to defend your organization https:\/\/www.spiceworks.com\/security\/the-biggest-ai-threats-come-from-within-12-ways-to-defend-your-organization\/&#8230;<\/p>\n","protected":false},"author":1,"featured_media":195721,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/zd-brightspot.s3.us-east-1.amazonaws.com\/wp-content\/uploads\/2026\/03\/13185925\/gettyimages-1569676292.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,25],"class_list":["post-195720","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195720"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=195720"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195720\/revisions"}],"predecessor-version":[{"id":195722,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195720\/revisions\/195722"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/195721"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=195720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=195720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=195720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}