Why every organization using generative AI needs cyber controls before risk becomes exposure

EXECUTIVE SUMMARY

Generative AI has become one of the most adopted business technologies of the decade — and every new capability creates a new attack surface. Confidential data may be entered into public tools, prompts may be manipulated, outputs may be relied on without verification, integrations may expose enterprise systems, and attackers now write in perfect, personalized prose. This article — the eighth in Dawgen Global’s AI Governance & Assurance Series and the technical deep-dive companion to article one — walks the generative AI attack surface risk by risk: data leakage, prompt injection, model abuse, insecure integrations, shadow AI, vendor exposure, and AI-enabled social engineering. It then sets out eight control priorities for securing generative AI by design, the internal audit scope that tests them, and the board questions that convert AI enthusiasm into AI accountability.

Every new capability creates a new attack surface

Generative AI has quickly become one of the most adopted business technologies of the decade. Employees use it to draft reports, summarize documents, prepare emails, analyze data, write code, create marketing content, review contracts, support customer service, and accelerate research. Business leaders see the productivity potential, and many organizations are now embedding generative AI into workflows, applications, enterprise platforms, and decision-support processes.

But every new capability also creates a new attack surface. Generative AI does not only create innovation risk. It creates cybersecurity risk.

The risks are practical and immediate: confidential data may be entered into public tools, prompts may be manipulated, AI outputs may be used without verification, employees may rely on unsafe content, attackers may exploit AI integrations, and vendors may process sensitive information through systems the organization does not fully understand.

In article one of this series, we argued that cybersecurity and AI governance are becoming one control narrative. This article — the eighth in the series — is that argument made concrete: a walk through the generative AI attack surface, threat by threat, and the control response each demands.

Generative AI expands the cyber risk surface

Traditional cybersecurity programs focus on systems, networks, endpoints, identities, cloud environments, applications, data, and third-party platforms. Generative AI adds another layer of complexity because it changes how employees interact with information.

Employees may upload documents into AI tools. They may copy customer data into prompts. They may ask AI to review contracts, summarize board papers, analyze employee information, generate code, or interpret regulatory requirements. In some cases, AI tools are integrated directly with email, document repositories, customer relationship systems, cloud drives, accounting platforms, and collaboration tools.

This creates several risk questions:

  • What data is being entered into AI systems, and where is it processed and stored?
  • Can the AI tool reuse the data, and who can access the prompts and outputs?
  • Can an attacker manipulate the AI’s behavior?
  • Are users relying on inaccurate outputs, and are AI-generated code, documents, or recommendations being reviewed?
  • Is the organization monitoring AI-related cyber incidents?

Without clear answers, generative AI adoption may create invisible exposure.

Risk one: confidential data leakage

One of the most immediate generative AI risks is data leakage. Employees may unintentionally enter sensitive information into AI tools without understanding where the data goes, how it is stored, whether it is retained, or whether it may be used to improve the underlying model.

Sensitive data may include customer information, employee records, financial data, board papers, legal documents, audit working papers, tax information, contracts, trade secrets, business plans, source code, passwords or credentials, and regulated personal data. As an audit firm, we would note one category with particular concern: audit working papers pasted into public AI tools expose not only the firm’s work but the client’s confidential records.

Even where employees act in good faith, the organization may lose control over information if approved usage rules are not in place. For organizations processing personal data in Jamaica, the stakes are statutory: leakage of regulated personal data through an unapproved AI tool is potential Data Protection Act breach exposure, with the security, accountability, and notification obligations that follow.

The issue is not merely whether an AI tool is useful. The issue is whether the organization has governed the data boundary.

Risk two: prompt injection

Prompt injection is a form of manipulation where an attacker or unsafe input attempts to override, alter, or exploit the AI system’s instructions. This can occur when an AI tool processes untrusted text, webpages, documents, emails, tickets, or third-party content.

For example, an AI assistant that summarizes documents may be exposed to hidden instructions embedded in a document. An AI agent that reads emails may be tricked by malicious content that tells it to ignore prior instructions, disclose sensitive information, or perform an unauthorized action. A customer-facing chatbot may be manipulated into producing restricted information or bypassing policy rules.

Prompt injection is especially dangerous where AI tools are connected to enterprise systems, APIs, databases, email, file storage, or workflow automation. The more tools an AI system can access, the greater the potential damage from manipulated instructions. This is the unauthorized-action risk of article two amplified: an injected instruction turns a governed agent into an ungoverned one, which is why the guardrail disciplines of Dawgen Global’s D-AGENTICA™ methodology — restricted permissions, approval gates, activity logging, kill-switch capability — are also prompt-injection defenses.

Risk three: model abuse and unsafe outputs

Generative AI may be abused to create phishing emails, social engineering scripts, malicious code, fake documents, deepfake-style content, fraudulent communications, or misinformation. But model abuse also occurs inside organizations when AI outputs are accepted without proper validation.

An AI system may generate incorrect financial analysis, misleading legal summaries, flawed regulatory interpretations, insecure software code, biased HR recommendations, false customer responses, incomplete audit conclusions, unsupported tax positions, or unsafe cybersecurity recommendations.

The cyber risk is not limited to malicious actors. It includes operational misuse, overreliance, and weak review practices. AI-generated output can look confident even when it is wrong. That makes human validation essential.

Risk four: insecure AI integrations

Many organizations are moving from standalone generative AI tools to integrated AI solutions. These may connect to cloud platforms, enterprise systems, document repositories, customer platforms, workflow tools, and application programming interfaces.

This creates integration risk. Weak API controls, excessive permissions, poor authentication, unmanaged plugins, insecure connectors, and poorly configured access rights can allow AI tools to retrieve, process, or expose more information than intended.

Organizations must treat AI integrations with the same discipline applied to critical technology architecture. Security-by-design is essential. Key controls include role-based access, least privilege, secure API management, logging, network controls, encryption, vendor due diligence, and change management.

Risk five: shadow AI

Shadow AI occurs when employees or departments use AI tools without formal approval, oversight, or monitoring. It is the AI equivalent of shadow IT.

Shadow AI is particularly difficult because it often begins with productivity. Employees use public AI tools to work faster. Departments test AI vendors without involving cybersecurity or legal teams. Teams create informal workflows around tools that were never reviewed. Over time, these practices may become embedded in business processes.

The organization may then face several weaknesses:

  • No approved AI inventory and no data classification rules
  • No vendor risk assessment and no logging or monitoring
  • No user training and no incident response process
  • No audit trail and no board visibility

Shadow AI is not solved by banning AI. It is solved by providing safe, approved, governed pathways for AI adoption. Its procurement twin — departments contracting AI-enabled vendors without central review — is the shadow AI procurement risk we examined in article six.

Risk six: third-party AI vendor exposure

Many organizations consume AI through third-party platforms. These may include productivity tools, customer service platforms, HR systems, finance applications, cybersecurity tools, marketing platforms, analytics solutions, legal technology, and cloud services. Vendor risk management must therefore expand to include AI-specific considerations.

Organizations should ask:

  • What AI capabilities are embedded in the vendor’s service, and what data does the vendor process?
  • Where is the data stored, and is customer data used to train models?
  • What security certifications exist, and what access does the vendor have?
  • How are model updates communicated, and what incident notification obligations exist?
  • Can the organization audit AI-related controls, and are subcontractors involved?
  • What happens when the contract ends?

A vendor may appear low risk under traditional procurement review but high risk once its AI functionality is understood. These questions are the entry point to the ten-dimension third-party AI risk framework we set out in article six of this series.

Risk seven: AI-enabled phishing and social engineering

Generative AI allows attackers to create more convincing phishing messages, impersonation attempts, fake invoices, fraudulent instructions, voice-based scams, and targeted social engineering content. AI can improve grammar, tone, personalization, speed, and scale.

This makes traditional awareness training less sufficient. Employees may face attacks that appear more credible, more localized, more professional, and more context-aware. Senior executives, finance teams, HR departments, procurement officers, and customer-facing staff may be especially exposed.

The regional implication is direct. Invoice fraud and business email compromise already rank among the most damaging attacks facing Caribbean businesses — and generative AI strips away the broken grammar and generic phrasing that staff were trained to spot. A fraudulent payment instruction can now arrive in flawless, context-aware language that mirrors a real supplier’s tone.

Cybersecurity programs must therefore evolve to include AI-enabled threat scenarios, updated training, stronger payment controls, identity verification protocols, and incident simulations.

The control response: secure generative AI by design

 

Generative AI should not be deployed through informal enthusiasm alone. It requires a clear control framework that aligns cybersecurity, data governance, privacy, legal, compliance, internal audit, and business ownership. Dawgen Global recommends the following eight control priorities.

1. Create an AI acceptable use policy

Organizations should define what AI tools employees may use, what data may be entered, what use cases are prohibited, what approval is required, and what review standards apply to AI outputs. The policy should be practical, business-friendly, and supported by training.

2. Maintain an AI inventory

Management should maintain a register of approved AI tools, vendors, use cases, owners, data categories, risk ratings, and control requirements. You cannot secure what you do not know exists.

3. Apply data classification rules

Sensitive data should not be entered into AI systems unless the tool, contract, security architecture, and controls have been approved for that data type. Data classification is one of the most important foundations of AI cybersecurity.

4. Implement access and permission controls

AI tools and AI agents should operate under least privilege. Users and agents should have only the access required for approved tasks. Privileged access should be monitored, reviewed, and limited — for autonomous agents, under the identity and guardrail disciplines of D-AGENTICA™.

5. Monitor AI activity and exceptions

Organizations should monitor AI usage, detect unapproved tools, review high-risk prompts, track data exposure, and escalate exceptions. Monitoring should be proportionate to the risk level and privacy obligations — and continuous, in keeping with Dawgen Global’s TRUST360™ approach, because prompt patterns, tools, and threats change weekly, not annually.

6. Validate AI outputs

AI-generated content should be reviewed before it is used in high-impact decisions, customer communications, financial reporting, legal matters, regulatory submissions, cybersecurity actions, or board materials. AI should assist judgment, not replace accountability — and the review itself should leave the evidence trail we described in article five.

7. Strengthen vendor due diligence

AI vendors should be assessed for cybersecurity, privacy, data retention, model training, transparency, subcontractors, incident response, service continuity, audit rights, and regulatory compliance. Vendor contracts should reflect AI-specific risks.

8. Build AI incident response procedures

Organizations should define what constitutes an AI incident, how it is reported, who investigates, how systems are contained, how evidence is preserved, and how the organization communicates with stakeholders. AI incidents may involve data leakage, harmful outputs, unauthorized actions, compromised integrations, vendor failures, or regulatory exposure.

The role of internal audit and assurance

Internal audit and assurance teams should evaluate whether generative AI controls are properly designed and operating effectively. This includes reviewing AI governance, cybersecurity, vendor management, data protection, user training, monitoring, evidence trails, and incident response.

Assurance should not wait until AI is deeply embedded. Early review helps prevent weak controls from becoming institutionalized.

A practical internal audit scope may include AI policy compliance, approved versus unapproved AI tools, data leakage controls, prompt governance, vendor risk management, access controls, output validation, incident response readiness, audit logging, and management reporting. This creates a clear bridge between cybersecurity and AI assurance — and for many Caribbean organizations, a co-sourced arrangement pairing the in-house team with specialist AI and cyber skills is the fastest route to that capability.

Board and executive questions

Boards, audit committees, and executive teams should ask:

  1. Do we know where generative AI is being used, and which tools are approved?
  2. What data can employees enter into AI systems?
  3. How are AI vendors assessed?
  4. Are AI outputs validated before use?
  5. Do we monitor prompt injection and data leakage risks?
  6. Do we have an AI incident response plan?
  7. Is internal audit reviewing AI controls?
  8. Are AI risks included in enterprise risk reporting?

These questions help management move from AI enthusiasm to AI accountability.

A Dawgen Global perspective

Generative AI can create significant value, but uncontrolled adoption can expose organizations to cybersecurity, privacy, operational, legal, and reputational risks. The right response is not fear; it is disciplined governance.

“Generative AI creates value when it is governed. Without cyber controls, data boundaries, validation, and assurance, organizations may unknowingly convert productivity into exposure.”

— Dr. Dawkins Brown, Executive Chairman, Dawgen Global

How Dawgen Global can help

Dawgen Global supports organizations across the Caribbean and globally in designing secure, governed, and assurance-ready generative AI environments. Our integrated multidisciplinary approach brings together cybersecurity, IT audit, internal audit, risk advisory, data protection, technology, compliance, and board advisory expertise — big firm capabilities, Caribbean understanding.

A practical engagement pathway:

  • Assess — Generative AI Cyber Risk Assessment; AI Governance & Cyber Risk Readiness Assessment; Prompt Injection Risk Assessment; Shadow AI Discovery and Risk Assessment; AI Vendor and Platform Risk Assessment; AI Access and Permission Review
  • Design — AI Acceptable Use Policy Development; AI Data Leakage and Privacy Control Review; AI Output Validation and Review Framework; AI Incident Response Framework Design; Board and Executive AI Risk Briefings
  • Assure continuously — Independent AI Assurance Review; Continuous AI Control Monitoring under TRUST360™; Internal Audit Co-Sourcing for AI Controls

Take the first step

Is your organization using generative AI without clear cybersecurity controls, data boundaries, monitoring, and assurance? Dawgen Global can help you identify exposure, strengthen controls, and build a secure AI operating model.

Secure the AI. Govern the Agent. Assure the Outcome.

Contact Dawgen Global today to request a Generative AI Cyber Risk Assessment.

Email: [email protected]  |  Web: dawgen.global

About Dawgen Global

Dawgen Global is an independent, integrated multidisciplinary professional services firm headquartered at 47 Trinidad Terrace, New Kingston, Jamaica, serving more than 15 territories across the Caribbean. Founded and led by Dr. Dawkins Brown, Executive Chairman, the firm is independent and not affiliated with any international network. It delivers a full suite of professional services under one roof: audit and assurance; tax advisory; IT and digital transformation; risk management; cybersecurity; actuarial and insurance regulatory advisory; HR advisory; mergers and acquisitions; corporate recovery; business advisory and strategy; accounting BPO and virtual CFO services; and legal process outsourcing.

The proposition is simple: big-firm capability without the big-firm price. Dawgen Global’s integrated approach is built for the specific complexities and opportunities of the Caribbean market, helping organizations make sharper, better-informed decisions that drive measurable progress.

To explore a partnership, reach out:

 

by Dr Dawkins Brown

Dr. Dawkins Brown is the Executive Chairman of Dawgen Global , an integrated multidisciplinary professional service firm . Dr. Brown earned his Doctor of Philosophy (Ph.D.) in the field of Accounting, Finance and Management from Rushmore University. He has over Twenty three (23) years experience in the field of Audit, Accounting, Taxation, Finance and management . Starting his public accounting career in the audit department of a “big four” firm (Ernst & Young), and gaining experience in local and international audits, Dr. Brown rose quickly through the senior ranks and held the position of Senior consultant prior to establishing Dawgen.

https://www.dawgen.global/wp-content/uploads/2023/07/Foo-WLogo.png

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region. We are integrated as one Regional firm and provide several professional services including: audit,accounting ,tax,IT,Risk, HR,Performance, M&A,corporate recovery and other advisory services

Where to find us?
https://www.dawgen.global/wp-content/uploads/2019/04/img-footer-map.png
Dawgen Social links
Taking seamless key performance indicators offline to maximise the long tail.
https://www.dawgen.global/wp-content/uploads/2023/07/Foo-WLogo.png

Dawgen Global is an integrated multidisciplinary professional service firm in the Caribbean Region. We are integrated as one Regional firm and provide several professional services including: audit,accounting ,tax,IT,Risk, HR,Performance, M&A,corporate recovery and other advisory services

Where to find us?
https://www.dawgen.global/wp-content/uploads/2019/04/img-footer-map.png
Dawgen Social links
Taking seamless key performance indicators offline to maximise the long tail.

© 2023 Copyright Dawgen Global. All rights reserved.

© 2024 Copyright Dawgen Global. All rights reserved.