By: Christoph Bausewein, member of the General Council for Data Protection Policies at Crowdstrike

Data protection is, again, at a critical point, due to the massive use of artificial intelligence, which now plays a central role in both cybersecurity and privacy.

Today, organizations must protect not only the data and workloads, but also the AI ​​systems that depend on them. And as the AI ​​transforms the way in which security equipment protects assets against cyber threats, also redefines what means guaranteeing privacy in a digital world.

New ways to perceive security and privacy of the data

Privacy and security no longer involve independent concerns as before. IA security measures are demonstrating that effective cybersecurity is essential for the necessary protection of privacy. However, it is often presented to AI as a risk to privacy, but it is key to protecting sensitive data against cyber threats.

Organizations need a “design and design by design” approach, ensuring that IA systems are built with security as a central pillar. This applies to each stage of the adoption of AI. That is, on the one hand, the data that train the models of AI must be protected against adversary manipulations; But the security systems themselves promoted by AI must also be designed to safeguard user data. Finally, the consultations and results generated by AI must be protected against leaks or improper uses.

The new era in data protection: AI, security and privacy

As we are seeing, cybersecurity driven by AI demonstrates that security and privacy are hand in hand. The detection of threats based on AI allows organizations to identify malicious behaviors in real time, strengthening defense against increasingly sophisticated cyber attacks. This is especially critical of the so -called dark AI, where criminals use AI to launch advanced attacks at high speed that can avoid traditional defenses.

To protect both the data and the AI ​​systems, the organizations must adopt an integral security approach promoted by AI that, on the one hand, prioritizes the detection of threats (by means of attack indicators based on AI that are able to identify potential threats before they become real attacks) and that, on the other, it is able to give a response for mitigation (significantly reducing the reaction time They can spread in seconds) and vulnerabilities management (with a continuous analysis and automated scanning of security weaknesses).

In addition, it is essential to take advantage of AI for the cancellation of threats, thus complementing the work of human analysts with the data processing and AI; and optimize the analyst experience through generative assistants of cybersecurity based on AI with natural language consultations

The key: protect your own AI

Sometimes we forget that although AI is essential for data protection, AI systems are also vulnerable. As the attackers point more and more to AI models, organizations must take proactive measures to ensure the pipelines, models and Operations of AI.

An effective approach to protect AI systems must include operations to guarantee the integrity of AI models through carefully selected training data and rigorous processes to prevent adversaries attacks made by automatic learning; But it is also necessary to incorporate a process of continuous improvement (to constantly refine the models and adapt to new threats) and privacy by design (to ensure respect for user privacy) and transparency and responsibility (making clear the capacities and limitations of the systems).

The human element in cybersecurity driven by AI

Despite some narratives, human experience is still fundamental in cybersecurity based on AI. The collaboration between humans and machines must be used to face the speed, volume and increasing sophistication of the attackers.

On the one hand, human experts provide fundamental data to train and evaluate AI systems, ensuring precision and reliability. On the other, the AI ​​identifies incidents where the human review provides the greatest value, ensuring that attention is focused on the most critical. This approach, known as “fast loop” and “long loop”, allows AI to continually improve expert feedback.

In addition, human experts analyze the results of AI and provide comments that improve models constantly. This iterative process guarantees that AI remains at the forefront of emerging threats.

Modern AI systems usually use a combination of regulated data and not regulated in infrastructure that may be subject to sector regulations. However, there are common requirements to implement appropriate safety safeguards according to the level of risk. For example, the General Data Protection Regulation establishes many technologically neutral safety provisions, which means that personal data must be protected under the law, regardless of whether or not it is used.

As new regulations on AI arise, such as EU’s law, it is essential to address compliance with a mentality that integrates both privacy and security.

Looking towards the future, AI will be a key element for the fulfillment of data protection requirements and for the mitigation of safety and privacy risks in the digital future.

Author: Christoph Bausewein, member of the General Council for Data Protection Policies at Crowdstrike
Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.