Striking A Balance Between AI-Driven Innovation And Cybersecurity Risk

Shane Buckley is President and Chief Executive Officer of Gigamon, a leader in deep observability.

In my most recent Forbes Technology Council article, I emphasized how organizations should budget for AI in 2025 with a security-first mindset. As annual budgets are finalized, it’s crucial to double down on this approach: Cybersecurity must remain front and center in your business strategy, decisions and investments in AI.

We are in the midst of a perfect storm. The exuberance around AI continues while C-suite leaders feel the pressure to prove to their key stakeholders that AI investments were well spent. Simultaneously, interest rates remain high, budgets remain constrained, and everyone from employees, customers, partners and investors wants to achieve the transformational promise of AI for improved productivity.

However, until recently, the biggest obstacle hindering the democratization of AI was its exorbitant cost.

This has since come into question with the release of DeepSeek—a Chinese-owned and operated large language model (LLM) that rocked the AI/technology industry—claiming they were able to reach the same caliber LLM of its U.S. competitors, like Open AI’s ChatGPT, at a fraction of the cost. Its release sent shockwaves across the industry.

We’ve since seen another Chinese tech company, Alibaba, release its comparable AI model, Qwen, and can anticipate many more innovative entries coming to market as the AI race continues at full force.

While innovation is exciting and holds great potential for much-needed advances across industries—from lifesaving drug discoveries to predictive capabilities that assess climate risk—it can also have devastating consequences if not approached with caution.

Before organizations can securely implement AI into their infrastructure and technological offerings, there are several landmines to watch out for. As with any new technology, there’s always a risk of misuse—whether it’s inadvertently exposing your organization to legal risk by divulging customer data within LLMs, the potential for adversaries to retrain LLMs and poison data to influence business decisions or unintentionally giving intellectual property to competitors.

Everything that is glistening isn’t gold and requires organizations to approach it with caution. This especially holds true with the average global cost of a data breach reaching nearly $5 million, not to mention the reputational damage that inevitably follows.

Here are three tips to help organizations responsibly and securely adopt AI without exposing you, your organization, customers or shareholders to risk:

A Balance Of Power

CEOs are under immense pressure to implement AI to stay ahead of the curve, resulting in additional pressure on CISOs to make it work. However, CISOs don’t feel the level of support needed to ensure AI is implemented securely.

To address these concerns, six in 10 CISOs reported in a Gigamon survey that the most empowering factor in their work would be for cyber risk to be a true boardroom priority. This means creating checks and balances where all C-suite leaders are closely aligned, and CISOs are granted a seat in the boardroom.

This also includes ensuring that someone on the board—if not the CISO, then someone else—has a deep level of AI expertise to weigh the pros and cons of implementation and how to move forward safely.

Optimize For Defense-In-Depth

Once the C-suite is aligned, it’s essential to assess your organization’s tech stack. CISOs are responsible for implementing a defense-in-depth strategy—a layered cybersecurity approach that ensures protection from both front-end and back-end threats—which is required in today’s continuously evolving threat landscape.

However, it too can lead to tool bloat. Not surprisingly, tool bloat, which increases costs, creates redundancies and results in siloed solutions, was identified as a top five CISO concern in 2024, according to the study cited above. This overabundance of poorly integrated security tools often undermines the initial intentions of a defense-in-depth strategy and can lead to security breaches.

To counter this, organizations must prioritize end-to-end visibility, monitor east-west (lateral) movement and enhance telemetry. Only then can they ensure their tool stack is optimized to reinforce their security posture.

Consider Alternate AI Solutions

While open-source LLM platforms like DeepSeek are an attractive entry point for smaller organizations, they do come with significant risks. That’s why alternative options like retrieval-augmented generation (RAG) models are gaining popularity.

While still susceptible to data poisoning and leakage if trained internally, they tend to present fewer risks overall due to their architecture. Organizations can use their own real-time, proprietary data to train RAG models, resulting in more accurate and relevant outputs while simultaneously reducing the potential for AI hallucinations—when AI returns incorrect or misleading information.

Because RAGs retrieve data from internal, secure databases or knowledge repositories, it limits the technology’s access points and ensures sensitive information doesn’t leave the organization and isn’t manipulated by outside sources. However, when implementing any new technology, organizations leave themselves exposed if the technology is left unchecked.

Observability—such as the integration of network-derived telemetry with log-based security tools—can help to ensure threats aren’t lurking in your environment. This can serve as a last line of defense with the visibility to see what is happening as data moves between internal and external systems in the cloud, in containers and on-prem.

There is no doubt that the current wave of AI innovation is exciting, but just as we learned with the cloud, security must always be at the forefront. As the AI race accelerates, it’s easy to be dazzled by its potential. However, it’s crucial to approach these advancements with caution.

As we continue to push boundaries, let’s ensure we’re doing so responsibly, with a “security first” mindset supported by the boardroom, the C-suite and every employee. We can’t afford to lock the barn door after the horse has bolted.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?