There’s no doubt about it – artificial intelligence has revolutionized almost every aspect of modern life. Healthcare, finance, and manufacturing are just some of the sectors that have been virtually turned upside down by this powerful new force. Cybersecurity also ranks high on this list.

But as much as AI can benefit cybersecurity, it also presents new challenges. Or – to be more direct –new threats.

To understand just how serious these threats are, we’ve enlisted the help of two prominent figures in the cybersecurity world – Tom Vazdar and Venicia Solomons. Tom is the chair of the Master’s Degree in Enterprise Cybersecurity program at the Open Institute of Technology (OPIT). Venicia, better known as the “Cyber Queen,” runs a widely successful cybersecurity community looking to empower women to succeed in the industry.

Together, they held a master class titled “Cyber Threat Landscape 2024: Navigating New Risks.” In this article, you get the chance to hear all about the double-edged sword that is AI in cybersecurity.

How Can Organizations Benefit From Using AI in Cybersecurity?

As with any new invention, AI has primarily been developed to benefit people. In the case of AI, this mainly refers to enhancing efficiency, accuracy, and automation in tasks that would be challenging or impossible for people to perform alone.

However, as AI technology evolves, its potential for both positive and negative impacts becomes more apparent.

But just because the ugly side of AI has started to rear its head more dramatically, it doesn’t mean we should abandon the technology altogether. The key, according to Venicia, is in finding a balance. And according to Tom, this balance lies in treating AI the same way you would cybersecurity in general.

Keep reading to learn what this means.

Top of Form

Implement a Governance Framework

In cybersecurity, there is a governance framework called ISO/IEC 27000, whose goal is to provide a systematic approach to managing sensitive company information, ensuring it remains secure. A similar framework has recently been created for AI— ISO/IEC 42001.

Now, the trouble lies in the fact that many organizations “don’t even have cybersecurity, not to speak artificial intelligence,” as Tom puts it. But the truth is that they need both if they want to have a chance at managing the risks and complexities associated with AI technology, thus only reaping its benefits.

Implement an Oversight Mechanism

Fearing the risks of AI in cybersecurity, many organizations chose to forbid the usage of this technology outright within their operations. But by doing so, they also miss out on the significant benefits AI can offer in enhancing cybersecurity defenses.

So, an all-out ban on AI isn’t a solution. A well-thought-out oversight mechanism is.

According to Tom, this control framework should dictate how and when an organization uses cybersecurity and AI and when these two fields are to come in contact. It should also answer the questions of how an organization governs AI and ensures transparency.

With both of these frameworks (governance and oversight), it’s not enough to simply implement new mechanisms. Employees should also be educated and regularly trained to uphold the principles outlined in these frameworks.

Control the AI (Not the Other Way Around!)

When it comes to relying on AI, one principle should be every organization’s guiding light. Control the AI; don’t let the AI control you.

Of course, this includes controlling how the company’s employees use AI when interacting with client data, business secrets, and other sensitive information.

Now, the thing is – people don’t like to be controlled.

But without control, things can go off the rails pretty quickly.

Tom gives just one example of this. In 2022, an improperly trained (and controlled) chatbot gave an Air Canada customer inaccurate information and a non-existing discount. As a result, the customer bought a full-price ticket. A lawsuit ensued, and in 2024, the court ruled in the customer’s favor, ordering Air Canada to pay compensation.

This case alone illustrates one thing perfectly – you must have your AI systems under control. Tom hypothesizes that the system was probably affordable and easy to implement, but it eventually cost Air Canada dearly in terms of financial and reputational damage.

How Can Organizations Protect Themselves Against AI-Driven Cyberthreats?

With well-thought-out measures in place, organizations can reap the full benefits of AI in cybersecurity without worrying about the threats. But this doesn’t make the threats disappear. Even worse, these threats are only going to get better at outsmarting the organization’s defenses.

So, what can the organizations do about these threats?

Here’s what Tom and Venicia suggest.

Fight Fire With Fire

So, AI is potentially attacking your organization’s security systems? If so, use AI to defend them. Implement your own AI-enhanced threat detection systems.

But beware – this isn’t a one-and-done solution. Tom emphasizes the importance of staying current with the latest cybersecurity threats. More importantly – make sure your systems are up to date with them.

Also, never rely on a single control system. According to our experts, “layered security measures” are the way to go.

Never Stop Learning (and Training)

When it comes to AI in cybersecurity, continuous learning and training are of utmost importance – learning for your employees and training for the AI models. It’s the only way to ensure all system aspects function properly and your employees know how to use each and every one of them.

This approach should also alleviate one of the biggest concerns regarding an increasing AI implementation. Namely, employees fear that they will lose their jobs due to AI. But the truth is, the AI systems need them just as much as they need those systems.

As Tom puts it, “You need to train the AI system so it can protect you.”

That’s why studying to be a cybersecurity professional is a smart career move.

However, you’ll want to find a program that understands the importance of AI in cybersecurity and equips you to handle it properly. Get a master’s degree in Enterprise Security from OPIT, and that’s exactly what you’ll get.

Join the Bigger Fight

When it comes to cybersecurity, transparency is key. If organizations fail to report cybersecurity incidents promptly and accurately, they not only jeopardize their own security but also that of other organizations and individuals. Transparency builds trust and allows for collaboration in addressing cybersecurity threats collectively.

So, our experts urge you to engage in information sharing and collaborative efforts with other organizations, industry groups, and governmental bodies to stay ahead of threats.

How Has AI Impacted Data Protection and Privacy?

Among the challenges presented by AI, one stands out the most – the potential impact on data privacy and protection. Why? Because there’s a growing fear that personal data might be used to train large AI models.

That’s why European policymakers sprang into action and introduced the Artificial Intelligence Act in March 2024.

This regulation, implemented by the European Parliament, aims to protect fundamental rights, democracy, the rule of law, and environmental sustainability from high-risk AI. The act is akin to the well-known General Data Protection Regulation (GDPR) passed in 2016 but exclusively targets the use of AI. The good news for those fearful of AI’s potential negative impact is that every requirement imposed by this act is backed up with heavy penalties.

But how can organizations ensure customers, clients, and partners that their data is fully protected?

According to our experts, the answer is simple – transparency, transparency, and some more transparency!

Any employed AI system must be designed in a way that doesn’t jeopardize anyone’s privacy and freedom. However, it’s not enough to just design the system in such a way. You must also ensure all the stakeholders understand this design and the system’s operation. This includes providing clear information about the data being collected, how it’s being used, and the measures in place to protect it.

Beyond their immediate group of stakeholders, organizations also must ensure that their data isn’t manipulated or used against people. Tom gives an example of what must be avoided at all costs. Let’s say a client applies for a loan in a financial institution. Under no circumstances should that institution use AI to track the client’s personal data and use it against them, resulting in a loan ban. This hypothetical scenario is a clear violation of privacy and trust.

And according to Tom, “privacy is more important than ever.” The same goes for internal ethical standards organizations must develop.

Keeping Up With Cybersecurity

Like most revolutions, AI has come in fast and left many people (and organizations) scrambling to keep up. However, those who recognize that AI isn’t going anywhere have taken steps to embrace it and fully benefit from it. They see AI for what it truly is – a fundamental shift in how we approach technology and cybersecurity.

Those individuals have also chosen to advance their knowledge in the field by completing highly specialized and comprehensive programs like OPIT’s Enterprise Cybersecurity Master’s program. Coincidentally, this is also the program where you get to hear more valuable insights from Tom Vazdar, as he has essentially developed this course.

Related posts

CCN: Australia Tightens Crypto Oversight as Exchanges Expand, Testing Industry’s Appetite for Regulation
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 3 min read

Source:

  • CCN, published on March 29th, 2025

By Kurt Robson

Over the past few months, Australia’s crypto industry has undergone a rapid transformation following the government’s proposal to establish a stricter set of digital asset regulations.

A series of recent enforcement measures and exchange launches highlight the growing maturation of Australia’s crypto landscape.

Experts remain divided on how the new rules will impact the country’s burgeoning digital asset industry.

New Crypto Regulation

On March 21, the Treasury Department said that crypto exchanges and custody services will now be classified under similar rules as other financial services in the country.

“Our legislative reforms will extend existing financial services laws to key digital asset platforms, but not to all of the digital asset ecosystem,” the Treasury said in a statement.

The rules impose similar regulations as other financial services in the country, such as obtaining a financial license, meeting minimum capital requirements, and safeguarding customer assets.

The proposal comes as Australian Prime Minister Anthony Albanese’s center-left Labor government prepares for a federal election on May 17.

Australia’s opposition party, led by Peter Dutton, has also vowed to make crypto regulation a top priority of the government’s agenda if it wins.

Australia’s Crypto Growth

Triple-A data shows that 9.6% of Australians already own digital assets, with some experts believing new rules will push further adoption.

Europe’s largest crypto exchange, WhiteBIT, announced it was entering the Australian market on Wednesday, March 26.

The company said that Australia was “an attractive landscape for crypto businesses” despite its complexity.

In March, Australia’s Swyftx announced it was acquiring New Zealand’s largest cryptocurrency exchange for an undisclosed sum.

According to the parties, the merger will create the second-largest platform in Australia by trading volume.

“Australia’s new regulatory framework is akin to rolling out the welcome mat for cryptocurrency exchanges,” Alexander Jader, professor of Digital Business at the Open Institute of Technology, told CCN.

“The clarity provided by these regulations is set to attract a wave of new entrants,” he added.

Jader said regulatory clarity was “the lifeblood of innovation.” He added that the new laws can expect an uptick “in both local and international exchanges looking to establish a foothold in the market.”

However, Zoe Wyatt, partner and head of Web3 and Disruptive Technology at Andersen LLP, believes that while the new rules will benefit more extensive exchanges looking for more precise guidelines, they will not “suddenly turn Australia into a global crypto hub.”

“The Web3 community is still largely looking to the U.S. in anticipation of a more crypto-friendly stance from the Trump administration,” Wyatt added.

Read the full article below:

Read the article
Agenda Digitale: Generative AI in the Enterprise – A Guide to Conscious and Strategic Use
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 6 min read

Source:


By Zorina Alliata, Professor of Responsible Artificial Intelligence e Digital Business & Innovation at OPIT – Open Institute of Technology

Integrating generative AI into your business means innovating, but also managing risks. Here’s how to choose the right approach to get value

The adoption of generative AI in the enterprise is growing rapidly, bringing innovation to decision-making, creativity and operations. However, to fully exploit its potential, it is essential to define clear objectives and adopt strategies that balance benefits and risks.

Over the course of my career, I have been fortunate to experience firsthand some major technological revolutions – from the internet boom to the “renaissance” of artificial intelligence a decade ago with machine learning.

However, I have never seen such a rapid rate of adoption as the one we are experiencing now, thanks to generative AI. Although this type of AI is not yet perfect and presents significant risks – such as so-called “hallucinations” or the possibility of generating toxic content – ​​it fills a real need, both for people and for companies, generating a concrete impact on communication, creativity and decision-making processes.

Defining the Goals of Generative AI in the Enterprise

When we talk about AI, we must first ask ourselves what problems we really want to solve. As a teacher and consultant, I have always supported the importance of starting from the specific context of a company and its concrete objectives, without inventing solutions that are as “smart” as they are useless.

AI is a formidable tool to support different processes: from decision-making to optimizing operations or developing more accurate predictive analyses. But to have a significant impact on the business, you need to choose carefully which task to entrust it with, making sure that the solution also respects the security and privacy needs of your customers .

Understanding Generative AI to Adopt It Effectively

A widespread risk, in fact, is that of being guided by enthusiasm and deploying sophisticated technology where it is not really needed. For example, designing a system of reviews and recommendations for films requires a certain level of attention and consumer protection, but it is very different from an X-ray reading service to diagnose the presence of a tumor. In the second case, there is a huge ethical and medical risk at stake: it is necessary to adapt the design, control measures and governance of the AI ​​to the sensitivity of the context in which it will be used.

The fact that generative AI is spreading so rapidly is a sign of its potential and, at the same time, a call for caution. This technology manages to amaze anyone who tries it: it drafts documents in a few seconds, summarizes or explains complex concepts, manages the processing of extremely complex data. It turns into a trusted assistant that, on the one hand, saves hours of work and, on the other, fosters creativity with unexpected suggestions or solutions.

Yet, it should not be forgotten that these systems can generate “hallucinated” content (i.e., completely incorrect), or show bias or linguistic toxicity where the starting data is not sufficient or adequately “clean”. Furthermore, working with AI models at scale is not at all trivial: many start-ups and entrepreneurs initially try a successful idea, but struggle to implement it on an infrastructure capable of supporting real workloads, with adequate governance measures and risk management strategies. It is crucial to adopt consolidated best practices, structure competent teams, define a solid operating model and a continuous maintenance plan for the system.

The Role of Generative AI in Supporting Business Decisions

One aspect that I find particularly interesting is the support that AI offers to business decisions. Algorithms can analyze a huge amount of data, simulating multiple scenarios and identifying patterns that are elusive to the human eye. This allows to mitigate biases and distortions – typical of exclusively human decision-making processes – and to predict risks and opportunities with greater objectivity.

At the same time, I believe that human intuition must remain key: data and numerical projections offer a starting point, but context, ethics and sensitivity towards collaborators and society remain elements of human relevance. The right balance between algorithmic analysis and strategic vision is the cornerstone of a responsible adoption of AI.

Industries Where Generative AI Is Transforming Business

As a professor of Responsible Artificial Intelligence and Digital Business & Innovation, I often see how some sectors are adopting AI extremely quickly. Many industries are already transforming rapidly. The financial sector, for example, has always been a pioneer in adopting new technologies: risk analysis, fraud prevention, algorithmic trading, and complex document management are areas where generative AI is proving to be very effective.

Healthcare and life sciences are taking advantage of AI advances in drug discovery, advanced diagnostics, and the analysis of large amounts of clinical data. Sectors such as retail, logistics, and education are also adopting AI to improve their processes and offer more personalized experiences. In light of this, I would say that no industry will be completely excluded from the changes: even “humanistic” professions, such as those related to medical care or psychological counseling, will be able to benefit from it as support, without AI completely replacing the relational and care component.

Integrating Generative AI into the Enterprise: Best Practices and Risk Management

A growing trend is the creation of specialized AI services AI-as-a-Service. These are based on large language models but are tailored to specific functionalities (writing, code checking, multimedia content production, research support, etc.). I personally use various AI-as-a-Service tools every day, deriving benefits from them for both teaching and research. I find this model particularly advantageous for small and medium-sized businesses, which can thus adopt AI solutions without having to invest heavily in infrastructure and specialized talent that are difficult to find.

Of course, adopting AI technologies requires companies to adopt a well-structured risk management strategy, covering key areas such as data protection, fairness and lack of bias in algorithms, transparency towards customers, protection of workers, definition of clear responsibilities regarding automated decisions and, last but not least, attention to environmental impact. Each AI model, especially if trained on huge amounts of data, can require significant energy consumption.

Furthermore, when we talk about generative AI and conversational models , we add concerns about possible inappropriate or harmful responses (so-called “hallucinations”), which must be managed by implementing filters, quality control and continuous monitoring processes. In other words, although AI can have disruptive and positive effects, the ultimate responsibility remains with humans and the companies that use it.

Read the full article below (in Italian):

Read the article