New attack vectors, employees using public AI tools with sensitive data, intellectual property exposure, AI-generated misinformation and deepfakes, and third-party vendor risk are converging faster than most security functions can adapt their existing frameworks.

Where this gets hard

Where to start

The consulting document includes an AI-specific security risk checklist and a vendor risk assessment addendum you can add to existing procurement processes.

Does your vendor risk assessment ask any AI-specific questions, or does it treat every vendor the same?