Don’t roll the dice on cybersecurity for AI

By Patrice Caine

The debate surrounding AI is intensifying, and so is the skepticism. But AI is here to stay. While some headlines criticise tech giants for AI-driven social media or questionable consumer tools, AI itself is becoming indispensable. Its efficiency is unmatched, promising gains that no business or government can ignore.

In India, forecasts indicate that generative AI could add between $359 billion and $438 billion to the GDP by 2029-30 as recently cited by Michael Debabrata Patra, Deputy Governor of Reserve Bank of India.

This means, very soon, AI will be as integral to our lives as electricity – powering our cars, shaping our healthcare, securing our banks, and keeping the lights on. The big question is, are we ready for what comes next?

The public conversation around AI has largely focused on ethics, misinformation, and the future of work. But one vital issue is flying under the radar: the security of AI itself. With AI embedded in nearly every part of society, we’re creating massive, interconnected systems with the power to shape – or, in the wrong hands, shatter – our daily lives. Are we prepared for the risks?

As we give AI more control over tasks – from diagnosing diseases to managing physical access to sensitive locations – the fallout from a cyberattack grows exponentially. Disturbingly, some AIs are as fragile as they are powerful.

Recognising the threat to AI assets, India’s Ministry of Electronics & Information Technology recently hosted consultations for the establishment of the India AI Safety Institute to ensure the safe and ethical deployment of AI technologies across India. This will not only advance India’s domestic capabilities in AI safety but also encourage greater collaboration and global engagement. These steps augur well for the future as the government and private organisations must work in concert to secure AI assets.

It is also interesting to note India’s Chief of Defence Staff Gen Anil Chauhan’s comments on trustworthy AI systems while launching ‘Evaluating Trustworthy Artificial Intelligence (ETAI)’ Framework and Guidelines for the Armed Forces in October this year. He stressed that it is essential to ensure these systems not only work as intended but are also resilient to attacks from adversaries. This statement is as true for defence as for civilian applications.

What could be the possible ways to attack AI? There are two primary ways to attack AI systems. The first is to steal data, compromising everything from personal health records to sensitive corporate secrets. Hackers can trick models into spitting out secure information, whether by exploiting medical databases or by fooling chatbots into bypassing their own safety nets.  

The second is to sabotage the models themselves, skewing results in dangerous ways. An AI-powered car tricked into misreading a “Stop” sign as “70 mph” illustrates just how real the threat can be. And as AI expands, the list of possible attacks will only grow.

Yet abandoning AI due to these risks would be the biggest mistake of all. Sacrificing competitiveness for security would leave organisations dependent on third parties, lacking experience and control over a technology that’s rapidly becoming essential.

So how do we reap AI’s benefits without gambling on its risks?

Here are three critical steps:

Choose AI wisely. Not all AI is equally vulnerable to attacks. Large language models, for example, are highly susceptible because they rely on vast datasets and statistical methods. But other types of AI, such as symbolic or hybrid models, are less data-intensive and operate on explicit rules, making them harder to crack.

Deploy proven defences. Tools like digital watermarking, cryptography, and customised training can fortify AI models against emerging threats. For instance, Thales’s “Battle Box” lets cybersecurity teams stress-test AI models to find and fix vulnerabilities before hackers can exploit them.

Level-up organisational cybersecurity. AI doesn’t operate in isolation – it’s part of a larger information ecosystem. Traditional cybersecurity measures must be strengthened and tailored for the AI era. This starts with training employees; human error, after all, remains the Achilles’ heel of any cybersecurity system.

Some might think the battle over AI is just another chapter in the ongoing clash between bad actors and unwitting victims. But this time, the stakes are higher than ever. If AI’s security isn’t prioritised, we risk ceding control to those who would use its power for harm.

The author is CEO of Thales Group.

Disclaimer: Views expressed are personal and do not reflect the official position or policy of Financial Express Online. Reproducing this content without permission is prohibited.