Securing First-Party and Third-Party AI Systems

Presented by Cisco & Carahsoft

George Kaminski, Manager of Securing Solutions Engineering at Cisco, examined the differences between securing externally sourced AI tools and internally developed AI systems.

Kaminski explained that organizations face two distinct AI security challenges. Third-party AI tools such as ChatGPT and other external platforms create data leakage and governance risks because organizations cannot fully control the underlying infrastructure or data handling practices. Agencies must establish guardrails governing which tools employees can access and what information users can share through external AI systems.

Internally developed first-party AI systems introduce a different set of risks, including prompt injection attacks, poisoned datasets, compromised plugins, and hallucinated outputs. Organizations must secure every stage of the AI lifecycle, including training data, runtime execution, integrations, and outputs.

Kaminski emphasized that organizations need tools capable of inspecting prompts, monitoring AI behavior, validating outputs, and scanning integrations before deployment. AI governance must include logging, auditing, rollback capabilities, and strict policy enforcement.

He also discussed the growing importance of agentic AI systems, which can autonomously take actions on behalf of users or organizations. While these systems offer operational advantages, they also require stronger guardrails and oversight mechanisms to prevent unintended actions or security failures.

Key Takeaways

• Organizations must separately secure third-party AI tools and internally developed AI systems.
• Prompt injection, poisoned datasets, and hallucinated outputs create major AI security risks.
• Agentic AI requires strong governance, auditing, and operational guardrails.