COMMENTARY: Trust and transparency in AI aren't optional anymore—they are critical to long-term business success. With AI threats on the rise, security leaders face mounting pressure from two sides: to secure their perimeters from incoming attacks, and to ensure responsible internal use of AI technology.
According to our recent research, security leaders cited AI malware attacks and AI identity fraud significantly increased in prevalence. Yet, only two in five organizations surveyed currently conduct regular AI risk assessments and audits, while a mere 36% have a company AI policy in place.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
This lack of proactive measures creates a significant gap between awareness and action, leaving organizations vulnerable. As companies increasingly rely on AI, the need for transparency becomes more urgent—not just for security, but for building trust with customers and partners. Companies that prioritize transparency and accountability in their AI systems are better positioned for success.
Gartner reports that by 2026, AI models from organizations that operationalize AI transparency, trust and security will achieve a 50% improvement in terms of adoption, business goals and user acceptance. Similarly, a study by the MIT Sloan Management Review also found that organizations with high AI transparency scores outperformed their peers in customer satisfaction by 32%.
To address these growing concerns, both governments and regulatory bodies are stepping in to enforce stricter guidelines and accountability measures for AI usage.
Governments worldwide respond to the potential AI threats
The rapid advancement of AI has prompted an unprecedented global response from governments and regulatory bodies, underscoring its real and immediate risks.
In the United States, the Biden administration made a significant move with Executive Order 14110 in October 2023. This EO marked a turning point in AI governance, mandating thorough risk assessments and setting ambitious goals for responsible AI deployment across federal agencies.
Federal organizations like the National Institute of Standards and Technology (NIST) have introduced AI Risk Management guidance to help organizations navigate AI-related threats. Similarly, The Open Worldwide Application Security Project (OWASP) has created frameworks to educate the industry on the security risks tied to deploying and managing large language models (LLMs).
Meanwhile, the European Union has lead the charge with the AI Act, which took effect this year. This legislation applies to all 27 member states and introduces a groundbreaking approach by classifying AI systems based on their risk levels.
The coordinated global response emphasizes the urgency for organizations to adopt responsible AI practices and comply with evolving regulations. The message from governments worldwide is clear: AI development and deployment must prioritize safety, transparency, and ethical considerations to harness its full potential while mitigating risks.
A framework for compliance and innovation
As AI evolves, companies need to adapt their strategies to stay compliant and build trust with stakeholders. By following a clear framework of best practices, organizations can meet regulatory standards, and also foster innovation and drive business value. Here’s what organizations can do now to ensure responsible AI development and deployment:
Organizations that prioritize transparency, security, and proactive risk management in their AI strategies are positioned to navigate an evolving landscape of threats and regulations. By committing to responsible AI development, companies can safeguard their operations, and also build enduring trust with customers, partners, and regulators—ensuring sustainable success in an AI-driven future.
Iccha Sethi, vice president of engineering, Vanta
SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.