DOGE inputs federal data to AI, cyber leaders discuss implications

  ICT, Rassegna Stampa, Security
image_pdfimage_print

Elon Musk’s Department of Government Efficiency (DOGE) has been feeding sensitive federal information into artificial intelligence (AI), according to a new report. The information in question is sensitive data from the United States Department of Education, including internal financial data and personally identifiable information (PII) for individuals managing grants. The data is being input into AI in order to investigate the agency’s programs and spending. 

According to the report, the DOGE team is leveraging AI software within Azure, Microsoft’s cloud computing platform, to probe the information. 

Below, cybersecurity leaders discuss the implications of DOGE inputting federal data to AI. 

Security leaders weigh in

Casey Ellis, Founder at Bugcrowd:

On one hand, it’s a pretty logical use of AI: Using AI to interrogate raw, disparate, and presumably vast datasets to speed up “time to opinion” makes a lot of sense on a purely technical and solution level. 

On the other hand, of course, it raises some serious questions around privacy and the transit of sensitive data, and the governance being applied to how data privacy is being managed, especially for personnel files, project/program plans, and anything impacting intelligence or defense.

Satyam Sinha, CEO and Co-Founder at Acuvity:

Given the extensive use of GenAI services by countless enterprises, the use by government agencies does not come as a surprise. However, it’s important to note that GenAI services represent a completely new risk profile due to its ongoing rapid evolution. The risk of data exfiltration across GenAI services is very real, especially given the value of such sensitive government agencies’ financial data to our adversaries and bad actors. While many providers adhere to requirements such as GovCloud and Fedramp, not all providers do. We have to exercise an abundance of caution and an additional layer of security.

J Stephen Kowski, Field CTO at SlashNext Email Security+:

The processing of sensitive government or any organization’s data through AI tools raises important cybersecurity considerations, particularly since this data includes personally identifiable information and financial records from the Department of Education. Modern AI-powered security controls and real-time threat detection should be standard practices when handling such sensitive information, especially given the potential for data exposure to foreign adversaries or cybercriminals. Organizations working with government systems should implement comprehensive security measures that combine AI safeguards with human oversight to protect sensitive information while maintaining operational efficiency.

https://www.securitymagazine.com/articles/101372-doge-inputs-federal-data-to-ai-cyber-leaders-discuss-implications

Lascia un commento