Define your company's AI risk tolerance and strategy
Before you can secure AI, you need to understand your organization's goals and concerns for your users and data. This first step is crucial for anyone new to AI security because it helps you align on your overall risk tolerance for generative AI.
The level of risk you are willing to accept will determine how quickly you need to act and how deeply you need to implement security measures. Your specific concerns will then guide the exact security approaches you take to monitor and control AI usage.
To begin, consider these questions to help shape your strategy:
- Sanctioned versus shadow AI: Are your employees already using approved AI services, or are you primarily concerned with shadow AI — unapproved applications that may pose a risk? Note: Some approved vendors may offer embedded AI functionality. Consider whether those AI services are a risk, too.
- Data sensitivity: What types of sensitive data do you currently monitor, classify, and protect? This will help you identify what you need to safeguard when employees interact with AI. If you have not determined this yet, refer to Define your sensitive data to learn more.
- Encouraging user behavior: Do you want to encourage or limit user engagement with AI? How much do you expect your employees to use AI in a controlled, sanctioned way?
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
