Get notified when Mark publishes

Receive a notification each time a new blog post is published. You will receive a confirmation email to approve your email. Unsubscribe anytime.

Mark Smith

Mark Smith

· 3 min read

Security by Obscurity in the Age of AI

In the digital age, data is the new currency, and how we manage, protect, and leverage it can determine the success or failure of organisations. But what if I told...

Security by Obscurity in the Age of AI
Share

This post was originally published in 2024. Some details may have changed since then.

Security by Obscurity in the Age of AI

My headline is borrowed from my colleague Andrew Welch, the master of words.

In the digital age, data is the new currency, and how we manage, protect, and leverage it can determine the success or failure of organisations. But what if I told you that a long-standing practice in data protection, known as 'Security by Obscurity,' is more like hiding a spare key under a doormat than installing a lock? Let's delve into this concept and its implications.

1. The Era of Obscurity
For years, companies have amassed vast amounts of data, much of it stored away in seldom-accessed databases or formats not readily usable or queriable for the average person. This practice of keeping data out of sight has historically been considered a form of security. After all, if critical information is not where you expect to find it or in a state not immediately usable, it is less likely to be seen by people it was not intended for.

2. The Paradigm Shift with AI
Artificial intelligence (AI) and large language models (LLMs) have dramatically shifted the landscape. These technologies can sift through large, unstructured datasets, interpret them, and make the information accessible and useful. What was once obscured by obscurity can suddenly become transparent, searchable, and analysable. This capability exposes a significant flaw in the security-by-obscurity strategy: once obscure data becomes easily accessible, it can also become a liability.

3. The Double-Edged Sword
This newfound accessibility is a double-edged sword. On one hand, businesses can leverage AI to gain insights into old datasets, potentially driving innovation and improving decision-making. On the other, if sensitive information is merely obscured rather than adequately secured, it becomes low-hanging fruit for people using AI tools to find and exploit knowledge.

4. AI as the Great Revealer
AI doesn’t just use data; it reveals connections and patterns that are not obvious to human analysts. This means that information previously thought to be safely obscured might now be connected with other data points, leading to unintended disclosures. For example, AI can link disparate pieces of anonymised data to de-anonymize individuals, leading to privacy breaches. There is a massive difference between PI data and PII data (but that is for another post)

5. Moving Beyond Obscurity
The lesson here is clear: security by obscurity is insufficient in the age of AI. Organisations must adopt robust security measures that rely not solely on data obscurity. This includes employing encryption, rigorous access controls, and ongoing data integrity checks. Moreover, transparent data governance policies are needed to protect data and regulate how AI interacts with it..👇

Get in touch to find out how I can help.

Mark Smith

Mark Smith

Principal AI Strategist · Microsoft MVP

Helping people build practical AI skill in the Intelligence Age.

Discussion

Comments

Loading the discussion for this post.

Loading

Leave a comment

Your email stays private. If it matches a Gravatar account, your public avatar can appear after the comment is approved.

Used only for reply notifications and optional Gravatar matching. Never displayed publicly.

Max 2000 characters0/2000

More from nz365guy

Artificial Intelligence

We made four websites agent-ready with WebMCP

AI agents already visit our websites and interpret pages built for human eyes. This weekend, we gave all four sites a structured interface they can use safely.

· 7 min read
Artificial Intelligence

Why My AI DevOps Team Runs on a Ralph Loop

My AI DevOps board looked frozen for twelve hours. The fix was not smarter orchestration, but a Ralph loop with real hard stops.

· 11 min read