Artificial Intelligence & Machine Learning , Finance & Banking , Industry Specific

CyberEdBoard Insights: Bradley Schaufenbuel

Paychex CISO on AI Data Leakage, Prompt Injection and Access Control
Bradley Schaufenbuel, vice president and CISO, Paychex, and CyberEdBoard member

The risk of improperly classifying or controlling training data for AI models is significant, and data leakage is the biggest threat, said Bradley Schaufenbuel, vice president and CISO at Paychex. It occurs when a model is trained on data that should not be accessible to users of the AI application, and sensitive data is disclosed to unauthorized parties.

See Also: Safeguarding Election Integrity in the Digital Age

Schaufenbuel recommends implementing "good old-fashioned access controls" and entitlement management to secure data from unauthorized access and misuse - as well as using strong data governance and access controls to mitigate such risks. Without proper data classification and controls, proprietary and sensitive data could be ingested into AI models, leading to potential data breaches.

"If sensitive data shouldn't end up in a model, it should be entitled and should be set so that it can't be viewed by whichever mechanism is used to ingest that data into the model," he said. "That's why it's better to address the problem at the source, which is the data itself, rather than trying to go back and see what data has already been ingested into that model."

In this video interview with Information Security Media Group at ISMG's North America Midwest Summit, Schaufenbuel also discussed:

  • The risks of data leakage and prompt injection in generative AI;
  • The importance of strong data governance and access controls;
  • Strategies for maintaining data hygiene and quality in AI training datasets.

Schaufenbuel has more than 25 years of experience in information security, risk management, penetration testing, and security and IT audits. At Paychex, he leads a team of information security professionals that focuses on cyber crisis management, security training and awareness, and application security. He is a member of the CyberEdBoard.

CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.

Join the Community -

Apply for membership

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.