Enterprises aren’t aligning AI governance and AI security. That’s a real problem | usagoldmines.com

2025 is a watershed moment for AI in the enterprise, especially generative AI. Businesses across industries are integrating the technology at scale and with their critical systems and objectives. By the end of the year, more than three-quarters of enterprises will have deployed the technology, according to Gartner – up from just five percent in 2023.

This is the year that AI truly becomes entwined with business’ most coveted data, influencing their strategic decisions and interfacing directly with their customers. Meanwhile, AI regulations are proliferating: The EU AI Act is rolling out across Europe and several U.S. states have introduced AI bills.    

More than ever, enterprises must ensure their AI systems are trustworthy: explainable, fair, robust, transparent, and privacy-respecting. Only then can AI be a net positive for business. But how do they do so?

Trustworthy AI requires a framework with two important perspectives: AI governance, which sets and enforces rules to ensure AI systems are safe and ethical. And AI security, which monitors AI behavior, securing AI models, data, and applications.   

When approached together, AI governance and AI security provide a 1 + 1 = 3 effect, bridging business imperatives with compliance requirements, enterprise risk, and CISO mandates. Safe, ethical systems are easier to secure; and secure systems are easier to govern. But enterprises are often overwhelmed and underprepared, and their governance and security efforts are frequently siloed – which can seriously undermine AI initiatives and investments.

Without governance + security, trust falls apart

Here is an analogy: Imagine a food manufacturer with a meticulous governance process. They carefully oversee how ingredients are grown, procured, stored, and mixed. Yet that same company keeps their factory doors unlocked and does not place tamper-proof seals on their products. Do you trust them?

On the flipside: Imagine a food manufacturer that carefully secures its factories and products – but does little to govern how food is grown, procured, stored, and mixed. Do you trust them? 

This same logic apples to AI. You cannot govern a system that is not secure. And you cannot secure a system without proper oversight.

A mix of fragmented tooling, poor communication, and skills gaps are driving this problem. There are a dearth of integrated, end-to-end tools and processes for AI security and AI governance. In many businesses, data scientists and model validators are using ad-hoc security and governance point solutions, sometimes not even formally supported by the organization. Recent IBM research revealed that fewer than half of companies surveyed are taking key steps towards trustworthy AI like reducing bias (27%), tracking data provenance (37%), making sure they can explain the decisions of their AI models (41%), or developing ethical AI policies (44%).

There is also a major skills gap: The people who create and maintain AI models are not cybersecurity experts. And security experts generally are not versed in AI. That may be why only 24% of current generative AI projects have a component to secure the initiatives, according to the IBM Institute for Business Value.

These shortcomings carry steep costs. Enterprises not only miss the full potential of AI, but also invite a range of risks and threats. Improper AI governance and security can result in incorrect outputs, including hallucinations, bias, hate, and profanity. Data breaches can become more common – costing businesses millions of dollars and violating compliance mandates. And vulnerabilities can proliferate, creating attractive targets for bad actors.

 Bridging the gap

AI governance and AI security are shared responsibilities. The two disciplines have common objectives: heightening visibility and mitigating risk. Both are also closely tied to data: Properly governing AI requires data governance. And properly securing AI requires data security.

To properly entwine the two, collaboration must happen both at the table and in the tech. Security experts need a seat at the governance table, and vice versa; CISOs, CROs, CCOs, and CSOs should be in regular communication. Their respective frameworks and strategies should be interoperable, and their investments should complement each other to avoid gaps and redundancies.

Meanwhile, the underlying technology for security and governance must be one unified, cross-functional experience. This allows employees working on day-to-day model governance and cybersecurity to stay in constant contact with shared visibility. The problem of shadow AI – unauthorized models running within an organization – provides a clear example. If just one AI model eludes governance, it undermines the whole governance strategy. AI security products can help eliminate this risk, pinpointing shadow AI models and automatically feeding them into the requisite AI governance tool. This interplay can also apply to misconfigurations and vulnerabilities.

As businesses race toward generative AI adoption, it is not enough to have individual approaches to AI governance and AI security. Businesses should have one shared approach, from the executive level down to their tactical tools. This collaboration enables businesses to unlock the power of AI – safely and securely.

We’ve featured the best AI website builder.

This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro