Why quantum-encrypted document protection is your best bet against AI threats

Artificial Intelligence is on a hyperspeed path to ubiquity. With all of the benefits this rapidly evolving technology will bring, it is also accompanied by well-documented risks and unforeseen consequences, particularly as they relate to our most valuable information assets. This article will highlight some of the ways AI magnifies traditional exploit vectors and explore how AI’s non-linear approaches can circumvent established defenses. This unprecedented risk underscores the importance of a vigilant security posture – the type of posture that a quantum-resistant document security approach delivers.

Phishing, malware, social engineering, device theft and insider appropriation are not new threats to your most confidential information. Advances in AI bring some new risks to the table but, more importantly, supercharge those existing risks by consuming and extracting information from documents across the organization that were not built to withstand the interrogation techniques of AI systems. Every flaw and opening in the best defense architectures can now be exposed faster and more effectively by autonomous systems with access to your documents, and the ability to attack a problem in a non-linear fashion. For your most sensitive information, the consequences of intended or unintended actions take on catastrophic potential.

17 million: the number of files that Varonis reports a new employee has access to on their first day at work*. Through an insider threat lens, securing this access is a daunting consideration. Fortunately, the human mind can only work so fast, and traditional access limits can deal with this threat vector. But what happens when that employee is empowered by AI? They now have the ability to digest all of those documents and pull from them through a simple query, on a moment’s notice. Furthermore, those documents, through innocent or nefarious means, are placed into a public data set that is accessible by AI and absorbed into the training data of a large language model.

The result is confidential data disclosure that is incredibly difficult, if not impossible, to undo.  If, for example, trade secrets lose their value when they are disseminated widely–it is staggering to think of the impact to our most prized intellectual capital.  Protection of those critical documents takes on a paramount concern in the context of AI adoption journeys.

AI systems are amazing at helping a user to interrogate massive data sets to find underlying gems. In large part, that is what they are built to do. By design, generative AI can coach and encourage a user to get more and more accurate answers and to home in on key pieces of information that, left to their own devices, a user would have struggled to find through hours or even days or weeks of traditional search. With simple prompts and a little refinement, trade secrets inadvertently identified in documents or sensitive information left in appendices become a simple puzzle for AI to crack, retrieve and assemble into easily digestible forms in moments.

We put in place access control and other defense systems to set rules that prevent users from misusing or mishandling critical data. What happens when the rules don’t apply?

You may have read about when OpenAI’s 01-preview model took on master chess program Stockfish. This epic battle was over before it began. With the instruction to beat its opponent, 01-preview took the unexpected approach of rewriting the system that records moves on the board. 01-preview didn’t need to win through strategy. It was more efficient and effective to change the game so that it could not lose.

“According to OpenAI researchers, the AI wasn’t explicitly programmed to cheat. Rather, it identified the path of least resistance—rewriting the board state—to secure a win. This indicates that goal-driven AI optimization has been taken to an extreme.” (OpenAI’s 01-preview broke chess).

The moral of this story? With simple prompts and even the best intentions of programmers, AI systems may complete the tasks we ask in ways we would never expect. With sensitive data in documents accessible on company servers, can we truly anticipate potential, unforeseen uses?

Trying to outsmart AI, even with AI, is playing a chess match every nanosecond. While it is important to keep up that battle, we can take a page out of the AI playbook and change the rules of the game. We can take our most prized documents out of the equation entirely.

*2019 Global data risk report from the Varonis Data Lab