The AI threat facing IT professionals in 2024 was less evil, autonomous robot and more curious, human employee accidentally leaking data, according to Verizon’s annual Data Breach Investigations report, released on Apr. 23. In addition to discovered increases in vulnerability exploits and third-party compromises, the report also noted GenAI threats are coming from inside the house, as companies build their own AI infrastructures and experiment with outside services. A questionnaire of 2,850 global executives, conducted by employee-experience org G-P and fielded in Jan. 2025, found that 91% of respondents are “scaling up” GenAI initiatives. (And 35% of business leaders reported they would just “use the tools anyway, even if they were not authorized.”) Verizon, in its look at more than 12,195 breaches between Nov. 1, 2023 and Oct. 31, 2024, noted that 15% of employees were accessing GenAI platforms, and of that group, 72% were using non-corporate emails as accounts identifiers. The findings suggest use outside of corporate policy, according to the report’s writers. “The biggest challenge a lot of organizations face are really often self-inflicted at this point. Now that’s not to say that threat actors won’t continue to evolve the weaponization of AI, but for a lot of organizations, it’s their internal use that gets them in trouble,” Chris Novak, VP of global cybersecurity solutions at Verizon, told IT Brew. We spoke with Novak about all that trouble, and how IT pros can stay out of it. Keep reading here.—BH |