The enthusiasm surrounding AI adoption has, in many organisations, outpaced the security thinking needed to support it. Employees are pasting confidential data into ChatGPT. Teams are connecting AI tools to internal databases without security review. Sensitive customer information is flowing through third-party AI services with no governance framework. For UK businesses subject to the Data Protection Act 2018 and UK GDPR, this isn't just a security risk — it's a regulatory liability that could result in significant fines and reputational damage.
The challenge is that AI security doesn't fit neatly into traditional cybersecurity frameworks. Large language models introduce entirely new attack surfaces — prompt injection, data exfiltration through model outputs, training data poisoning, and the insidious problem of "shadow AI" where employees adopt tools without organisational oversight. Addressing these risks requires updated policies, new technical controls, and a security-aware culture.
The Threat Landscape: What You're Protecting Against
Data Leakage Through AI Services
This is the most prevalent risk. Every time an employee pastes company data into a public AI tool — a customer complaint into ChatGPT, a financial spreadsheet into an analysis tool, a legal document into an AI summariser — that data potentially becomes part of the tool's training data or is stored on servers outside your control. Samsung's widely reported incident, where engineers leaked proprietary source code through ChatGPT, demonstrated how easily confidential information escapes through AI tools.
The scope is broader than most leaders realise. AI features embedded in productivity tools, browser extensions, and mobile apps all process data externally. A Grammarly keyboard analyses everything typed. An AI email assistant reads your correspondence. A meeting transcription tool processes spoken conversations. Each represents a data flow needing assessment and governance.
Prompt Injection Attacks
Prompt injection is a class of attack unique to AI systems. A malicious user crafts input that manipulates the AI into ignoring instructions, revealing confidential information, or performing unintended actions. Consider a customer service chatbot with access to your product database and customer records — a well-crafted injection could trick it into revealing other customers' data or disclosing internal pricing strategies.
The UK National Cyber Security Centre (NCSC) has issued specific guidance, noting there is currently no foolproof defence against sophisticated attacks. This doesn't mean chatbots shouldn't be deployed, but they need security as a primary consideration.
Shadow AI: The Invisible Risk
Shadow AI — AI tools used by employees without organisational approval — is arguably the most widespread risk. Research consistently shows the majority of AI usage in organisations is unofficial. Employees adopt tools because they're useful and the barrier is zero — most require only an email address. The security implications: data flowing to unvetted services, through unmonitored connections, under unreviewed terms of service.
Critically, banning AI outright is not effective. Prohibition drives usage underground, making it less visible and more dangerous. The best approach is providing approved, secure alternatives that meet employees' productivity needs while maintaining controls.
The UK's National Cyber Security Centre recommends treating large language models as untrusted components. Never give AI direct access to sensitive databases without intermediary controls. Never trust AI outputs without validation for critical decisions. Implement defence-in-depth. AI should operate within strict boundaries, with human oversight for any consequential action.
Model Poisoning and Supply Chain Risks
For businesses using third-party or open-source AI models, supply chain risks are an emerging concern. A compromised model could produce biased outputs, leak training data, or contain hidden vulnerabilities. Stick to reputable providers with transparent security practices, and validate AI outputs against independent sources for consequential decisions.
Percentage of UK organisations reporting exposure to each AI security risk category over the past 12 months.
Building Your AI Security Policy
A comprehensive policy is the foundation of effective risk management. For most SMEs, a clear 5-10 page document covering these areas will suffice.
Approved Tools and Vendor Assessment
Maintain a register of approved AI tools. For each, document what data it may process, who's authorised, and conditions of use. At minimum, your vendor assessment should verify: Where is data processed and stored? Does the provider hold ISO 27001 or SOC 2? Is there a UK GDPR-compliant Data Processing Agreement? Does the provider use customer data for training, and can this be opted out? What are retention and deletion policies?
Data Classification for AI
| Data Classification | Description | Public AI Tools | Approved AI Tools | Enterprise AI (internal) |
|---|---|---|---|---|
| Public | Published content, marketing materials | Permitted | Permitted | Permitted |
| Internal | Non-sensitive business data, processes | With caution | Permitted | Permitted |
| Confidential | Financial data, strategies, contracts | Prohibited | Permitted (with controls) | Permitted |
| Restricted | Personal data, health records, payment details | Prohibited | Case-by-case approval | Permitted (with controls) |
Acceptable Use Guidelines
Provide clear, practical guidance. Avoid overly restrictive rules that will be ignored. Make guidelines specific: "Do not enter any data containing customer names, addresses, email addresses, or account numbers into ChatGPT, Gemini, or any AI tool not on the approved register" is far more effective than "be careful with AI." Include: never paste personal data into unapproved tools, never upload confidential documents to public services, always review AI outputs before client use, report suspected data leakage immediately.
Technical Controls and DLP Tools
Data Loss Prevention (DLP) for AI
Microsoft Purview now includes policies designed to monitor data shared with AI services, detecting sensitive patterns (National Insurance numbers, credit card numbers) being pasted into chatbot interfaces and blocking or alerting. For businesses on other platforms, Forcepoint, Digital Guardian, and Symantec offer similar capabilities with broader coverage.
AI-Specific Security Platforms
Platforms like Robust Intelligence, Lakera, and Prompt Security focus on protecting AI deployments. Lakera Guard deploys as middleware in front of any chatbot, scanning inputs for prompt injection and outputs for sensitive data leakage in real time. For customer-facing AI applications, this protection is increasingly essential.
Network-Level Controls
DNS filtering (Cisco Umbrella, Cloudflare Gateway) can block unapproved AI service domains, while web proxies inspect data flowing to approved services. Particularly relevant for regulated industries where any unauthorised data processing triggers compliance violations.
Forward-thinking organisations implement AI gateways — centralised access points routing all AI interactions. These enforce data classification, log interactions for audit, strip sensitive data before reaching external services, and provide single-point control. Azure AI Content Safety and Cloudflare AI Gateway offer this at accessible prices. The gateway solves visibility, control, compliance, and cost management simultaneously.
Protecting Against Prompt Injection
If your business deploys customer-facing AI, prompt injection protection is not optional. While no defence is perfect, a layered approach reduces risk significantly.
Input validation: Filter user inputs to detect known injection patterns — instruction-like phrases ("ignore previous instructions", "act as"), encoded content, unusually long inputs. Lakera and Prompt Security offer pre-built detection models.
Principle of least privilege: Limit data and capabilities accessible to AI systems. A customer service chatbot doesn't need your entire database — give it only what it needs. If compromised, the blast radius is contained.
Output filtering: Monitor AI outputs for sensitive data patterns before returning them to users. Block internal pricing data, personal information, and other restricted content regardless of how it was triggered.
Human-in-the-loop: Never allow AI to take consequential actions — refunds, account modifications, restricted data access — without human approval. AI recommends; humans authorise.
Regulatory Compliance in the UK
| Regulation | Applies To | Key AI Requirements | Penalties |
|---|---|---|---|
| UK GDPR / DPA 2018 | All UK businesses processing personal data | Lawful basis, DPIAs, data minimisation, right to human review | Up to £17.5M or 4% of turnover |
| EU AI Act | UK businesses serving EU customers | Risk classification, transparency, human oversight for high-risk AI | Up to 35M EUR or 7% of turnover |
| FCA AI Guidance | Financial services firms | Model governance, explainability, fairness in automated decisions | Sector-specific enforcement |
| ICO AI Auditing Framework | All UK organisations using AI | Accountability, transparency, fairness, security | Advisory, supports GDPR enforcement |
UK GDPR requires lawful basis for processing personal data through AI, data minimisation, DPIAs for high-risk AI processing, and the right to human review of automated decisions. The EU AI Act has extraterritorial implications for UK businesses serving EU customers, with specific requirements for high-risk AI. Sector regulators (FCA, Ofcom, CMA) are developing AI-specific guidance — stay informed about your industry's requirements.
Building a Security-Aware AI Culture
Training and awareness: Run regular, practical training covering real scenarios. Show employees what a data leak looks like, demonstrate prompt injection, and explain in concrete terms why policies exist. Live demonstrations are far more impactful than slide decks.
Safe reporting culture: Employees who accidentally share sensitive data with AI tools must feel safe reporting immediately, without fear of punishment. Speed of response can be the difference between a contained incident and a full breach.
AI security champions: Designate champions within each team — individuals with deeper training who serve as first points of contact for AI security questions. This distributed model ensures guidance is available without creating a bottleneck.
Current state of AI security preparedness among UK SMEs — the gap between adoption rates and security measures represents significant risk.
Your AI Security Action Plan
Week 1-2: Visibility. Audit current AI tool usage across your organisation. Survey employees to understand what tools they're using and what data they're processing. This will almost certainly reveal more usage than expected — you can't secure what you can't see.
Week 3-4: Policy. Draft your AI security policy covering approved tools, data classification, acceptable use, and incident response. Keep it practical and concise. Publish and communicate with a clear explanation of why it matters.
Week 5-6: Controls. Implement DLP policies to detect sensitive data in AI interactions. Set up an approved tools register. Establish a vendor assessment process. If deploying customer-facing AI, implement input and output filtering.
Week 7-8: Training. Roll out awareness training covering key risks, policy walkthrough, safe usage demonstrations, and reporting channels. Follow up with quarterly refreshers given the pace of AI evolution.
Ongoing: Review incidents monthly, update your tools register as new tools are evaluated, and refresh your policy quarterly to reflect the evolving threat landscape.
AI security is not about preventing AI adoption — it's about enabling it safely. The organisations that thrive will embrace AI's benefits while implementing guardrails to protect their data, customers, and regulatory standing. The gap between AI adoption and AI security in UK businesses is wide, meaning organisations that close it now gain a genuine competitive advantage: the ability to move fast with confidence. If you need help assessing your AI security posurance, building a policy framework, or implementing technical controls, contact the Cloudswitched team for expert guidance tailored to your business size, industry, and risk profile.
CloudSwitched
London-based managed IT services provider offering support, cloud solutions and cybersecurity for SMEs.