AAIA · Question #69
During an audit of an investment organization's AI-powered software, an IS auditor identifies a potential security risk. What is the GREATEST risk associated with staff exfiltrating organizational dat
The correct answer is B. Unauthorized data disclosure. Unauthorized data disclosure (B) is the greatest risk because when employees send organizational data-potentially including client records, financial data, trade secrets, or PII-to an external generative AI service, that data may be retained by the vendor, used for model training
Question
During an audit of an investment organization's AI-powered software, an IS auditor identifies a potential security risk. What is the GREATEST risk associated with staff exfiltrating organizational data to a generative AI tool?
Options
- AData contamination due to biased AI model outputs
- BUnauthorized data disclosure
- CPotential business disruptions
- DExcessive reliance on AI-generated insights
How the community answered
(27 responses)- A4% (1)
- B78% (21)
- C11% (3)
- D7% (2)
Explanation
Unauthorized data disclosure (B) is the greatest risk because when employees send organizational data-potentially including client records, financial data, trade secrets, or PII-to an external generative AI service, that data may be retained by the vendor, used for model training, or exposed to other users. This constitutes a confidentiality breach with potential legal, regulatory, and reputational consequences. Data contamination from biased outputs (A) and excessive reliance on AI insights (D) are concerns about AI output quality, not data security. Business disruptions (C) are a secondary consequence, not the primary risk of the exfiltration act itself.
Topics
Community Discussion
No community discussion yet for this question.