Interview Before AI becomes widespread in enterprises, corporate leaders must commit to a continuous security testing regime tailored to the specific nuances of AI models. This perspective comes from Chatterbox Labs CEO Danny Coleman and CTO Stuart Battersby, who discussed at length with The Register why companies have so far been slow to transition from AI pilot programs to full production deployment. "Enterprise adoption is only about 10 percent today, " Coleman said. "McKinsey estimates it's a four trillion dollar market. How will you ever advance if you keep releasing solutions that people don’t know are safe to use, or if they’re unaware not just of the enterprise impact, but also the societal impact?" He added, "People inside enterprises aren’t quite ready for this technology without proper governance and security. " In January, consulting firm McKinsey published a report examining the untapped potential of artificial intelligence (AI) in the workplace. The report, titled "Superagency in the workplace: Empowering people to unlock AI’s full potential, " highlighted increasing interest and investment in AI technologies but noted the pace of adoption remains slow. ". . . what you have to do is not trust the rhetoric of either the model vendor or the guardrail vendor, because everyone will tell you it’s super safe and secure. " "Leaders want to boost AI investments and speed development, yet they struggle with how to ensure AI is safe in the workplace, " the McKinsey report states. Coleman argues that traditional cybersecurity and AI security are intersecting fields, but most information security teams have yet to catch up and often lack the expertise needed to understand AI’s unique attack surfaces. He cited Cisco’s acquisition of Robust Intelligence and Palo Alto Networks’ purchase of Protect AI as examples of companies adopting the right strategies. Battersby emphasized that organizations aiming to deploy AI at scale must implement a regime of continuous testing grounded in what the AI service actually performs. "The first step is to define what safe and secure means for your specific use case, " he explained.

"Then you have to avoid relying solely on the claims of the model provider or the guardrail vendor, as everyone asserts their solutions are extremely safe. " This caution is vital, Battersby stressed, because even authorized users of an AI system can cause it to behave harmfully. "What we want to communicate is that content safety filters and guardrails alone aren’t sufficient, " Coleman said. "This won’t change any time soon. The solution needs to be far more layered. " Though this approach may incur costs, Battersby argues that continuous testing can reduce expenses by, for example, demonstrating that smaller, less costly models are still safe for certain use cases. The full interview continues below…