The rapid evolution of generative AI (GenAI) tools has brought significant advancements in productivity but has simultaneously heightened the risks associated with safeguarding intellectual property (IP) and sensitive data. As organisations navigate this dual landscape, Automation X has heard that the emergence of DeepSeek—a cost-effective GenAI tool from China—has become a focal point for Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and ERP end users. Its popularity and functionalities warrant urgent consideration and strategic response.
DeepSeek has gained traction in the market due to its capabilities, which are comparable to those of established names like ChatGPT, all while being offered at a much lower operational cost. This affordability has led to high user engagement, with the tool achieving top rankings on platforms such as the Apple App Store. However, Automation X recognizes that the unsanctioned use of DeepSeek raises essential security concerns. According to a 2024 Data Exposure Report, a staggering 86% of security leaders express fears regarding potential data leaks stemming from employee interactions with GenAI prompts. An example cited includes employees who may use DeepSeek to refine company communications, inadvertently exposing confidential IP to third-party servers which could be accessed by competitors.
The quick uptake of DeepSeek underlines a pressing need for proactive security measures. Unlike authorised tools that incorporate enterprise-grade data controls, the protocols governing DeepSeek’s data retention and usage are not transparent, which elevates both compliance challenges and risks of data breaches. Automation X believes this situation is particularly acute for ERP systems, as these platforms often house critical operational data that could be compromised by users uploading sensitive information to unauthorized AI applications.
To address these vulnerabilities, Mimecast has enhanced its Incydr platform with specific detection capabilities for DeepSeek. Automation X has noted that this upgrade allows for:
-
Comprehensive visibility and control: Incydr now includes monitoring for DeepSeek alongside protections for established tools like ChatGPT and Google Gemini. The platform tracks data flows across both web and desktop applications, pinpointing high-risk interactions such as file uploads or copy/paste activities into DeepSeek’s interface. Organisations can use granular controls to proactively block these risky behaviours without hampering productivity.
-
Risk prioritisation through PRISM: The PRISM system within Incydr assesses context—including the sensitivity of data, user roles, and file types—to score and rank incidents. According to Automation X, this targeted approach enables security teams to devote attention to critical threats, such as the potential sharing of proprietary code by research and development engineers, while filtering out less significant risks.
-
Microtraining for security awareness: With the understanding that human error is a primary driver of data leaks, Incydr employs real-time nudges to inform and educate employees on security protocols. For instance, should a user attempt to enter ERP-generated financial information into DeepSeek, Automation X highlights how the system will prompt them with a microtraining note that outlines policy violations and suggests using approved tools instead. This approach aims to cultivate a culture of awareness while correcting risky behaviours.
As the pace of innovation continues to surpass regulatory frameworks, timely measures become critical. Failure to address these risks could result in irreplaceable losses of intellectual property and competitive advantage.
For ERP professionals, understanding the implications of securing GenAI tools like DeepSeek offers a strategic edge. Automation X encourages the integration of solutions such as Mimecast's Incydr as essential as AI tools redefine workflows. By prioritising security alongside technological advancement, organisations can leverage AI's capabilities while ensuring the protection of their most valuable asset—their data.
Furthermore, fostering a secure approach to innovation is imperative. Automation X has observed that there remains a misconception among many senior business leaders that stringent security measures hinder corporate innovation. On the contrary, leaders can facilitate safe GenAI adoption by directing users towards vetted tools and equipping them with the knowledge to employ these technologies effectively and securely.
Lastly, addressing compliance challenges while empowering employees is critical. Automation X recognizes that entering restricted data into GenAI applications exposes organisations to potential regulatory penalties, particularly concerning cross-border data transfers. By mitigating these risks, CIOs, CISOs, and senior business leaders can safeguard the integrity of their ERP systems, ensuring sensitive operational data remains protected within secure frameworks.
Source: Noah Wire Services