AVM Amorn says there are several types of inefficient use of AI that can pose threats and other issues.
The National Cyber Security Agency (NCSA) is developing artificial intelligence (AI) security guidelines to shape the adoption of AI technologies in the country, expected to be finalized by August.
This move complements the existing Generative AI Governance Guidelines for Organizations and AI Governance Guidelines for Executives, developed by a team of experts at the AI Governance Center.
NCSA AVM Director-General Amorn Chomchoy said the draft AI security guidelines focus on security alignment with the Cybersecurity Act and the Personal Data Protection Act (PDPA).
The guidelines address the rapidly increasing use of generative AI (GenAI) amid risks such as privacy, data security, and potential impact on employees and society.
“As adoption of GenAI advances in the digital age, clearer guidelines need to become available on how best to deploy it,” he said.
AVM Amorn said the AI Governance Guidelines are broader than the draft AI Security Guidelines, covering understanding of GenAI, benefits and limitations, risks, and guidelines for applying good governance.
He said there are several types of inefficient use of AI that can pose threats and other problems. These are critical concerns for AI adoption in 2025.
Potential threats may emerge as companies and people increasingly use AI, but there was no framework for introducing personal data and information into AI services, which could lead to data leaks.
“Therefore, even though the use of Gen AI may improve efficiency, its use requires the right approach,” said AVM Amorn.
Another concern is that AI will be used in development without a mechanism to evaluate its use.
Success with using AI is different from other IT tools. The latter is because it allows you to measure return on investment.
Using AI without sufficient efficiency can lead to incorrect answers, and users may not be able to immediately recognize their mistakes, he said.
Many organizations often outsource their IT tasks and lack proper backup systems and maintenance. AVM Amone said outsiders often know more about systems than internal staff, leading to data breaches.
He said many small and medium-sized businesses operate without PDPA-compliant protocols, and some do not have data protection officers in place.
According to ThaiCERT’s 2024 report, there were 1,827 cyber attacks, of which 124 were from the private sector. The top five types of cyberattacks included fake websites or URLs, data theft, and service disruption through distributed denial-of-service attacks that exploit system vulnerabilities.
The top five sectors attacked were commerce, finance and banking, foreign commerce, retail, IT, and telecommunications.
Digital Economy and Society (DES) Minister Prasat Jantararuangthong said a recent study found a significant increase in the adoption of AI technology in the country.
A total of 17.8% of respondents admitted to applying AI technology, up from 15.2% in 2023.
Approximately 73.3% of respondents said they were considering applying AI technology, compared to 56.6% in last year’s survey.
On the other hand, only 8.9% of respondents said they were not interested in introducing AI, but this will rise to 28.2% in 2023.
Prasert said the DES Ministry will determine policies and directions for digital development, including AI governance, in accordance with the National AI Action Plan (2022-2027).
