AI data risks lurk in your smartphone — here’s what you can do about them

AI in mobile devices raises enterprise security concerns: The integration of artificial intelligence (AI) into mobile devices presents new challenges for enterprise security leaders, particularly regarding data protection and management.

• Local AI engines have been released for Android phones by major vendors like Google and Samsung, as well as smaller players such as OnePlus and Xiaomi.

• Apple has announced its Apple Intelligence offering, set to be previewed in the fall.

• Mobile assistants like Alexa, Bixby, Google, and Siri, along with numerous apps, already utilize AI and large language models.

Current management limitations: Enterprise security leaders face obstacles in controlling AI engines on managed mobile devices, with varying degrees of success across different aspects.

• Local AI engines on Android devices cannot currently be managed through unified endpoint management (UEM) platforms.

• UEM vendors are uncertain about the management options for Apple Intelligence.

• OS developers and device manufacturers have not provided the necessary information for UEM vendors to implement configuration options for AI engine management.

Positive developments in AI assistant management: While local AI engines pose challenges, there is better news regarding the management of AI assistants on mobile devices.

• AI assistants can be disabled through UEM settings or by disabling the application itself, as in the case of Alexa.

• Security professionals should assess how AI assistants interact with business applications, messaging, and audio/video channels on both corporate and personal devices.

• UEM settings can be adjusted to limit the risk of business data leakage through AI assistants.

Mobile threat defense solutions: For applications that may collect and send data to third parties for processing, modern mobile threat defense (MTD) solutions offer valuable insights and control options.

• MTD solutions can analyze applications on mobile devices and identify where application data is being sent.

• Security teams can use this information to determine risk levels for apps and devices.

• Based on the risk assessment, security teams can:
– Disable access to corporate resources until risky applications are removed from bring-your-own-device situations.
– Apply UEM policies to disable risky applications on corporate devices.

Expanding mobile security landscape: The integration of AI into more applications and platforms necessitates a broader approach to mobile security.

• The range of threats targeting mobile devices is extensive and growing.

• Security professionals will need to implement additional controls to reduce the risk of sensitive data compromise.

• OS developers like Apple and Google, along with platform vendors, need to:
– Allow UEM platforms to implement policies on managed devices to limit corporate data collection by AI.
– Provide MTD vendors with greater insight to enhance mobile ecosystem security.

Call for industry collaboration: To address the evolving security challenges posed by AI in mobile devices, cooperation between various stakeholders is crucial.

• OS developers, device manufacturers, and UEM vendors must work together to create comprehensive management solutions.

• Enhanced communication and information sharing between these parties will be essential for developing effective security measures.

• The mobile security ecosystem needs to adapt quickly to keep pace with the rapid integration of AI technologies.

Future implications and recommendations: As AI continues to permeate the mobile landscape, enterprise security leaders must remain vigilant and proactive in their approach to data protection.

• Regular assessment of AI-related risks in mobile devices should become a standard practice for security teams.

• Organizations should stay informed about new management capabilities as they become available from UEM and MTD vendors.

• Developing a comprehensive mobile security strategy that accounts for AI-related risks will be crucial for protecting sensitive business data in the evolving technological landscape.