How can tech leaders manage emerging generative AI risks today while keeping the future in mind?

In the third installment of Deloitte’s Engineering in the age of Generative AI series, we explore four gen AI risk categories and how leaders can help manage them

Kieran Norton

United States

Tim Li

United States

Tim Davis

United States

Emily Mossburg

United States

Chris Thomas

United States

Alfons Buxó Ferrer

Global

While generative artificial intelligence offers significant opportunities to improve organizational products and practices, the technology also introduces new risks, both internal and external. Deloitte’s fourth quarter State of Generative AI in the Enterprise study finds that managing risks and regulatory compliance are the top two concerns among global respondents when it comes to scaling their gen AI strategies.1

The challenges are intersectional, cutting across questions of data provenance, security, and how to navigate a still-maturing marketplace. Cybersecurity investments can help organizations address these challenges: Nearly three quarters (73%) of respondents in Deloitte’s third quarter State of Generative AI in the Enterprise study say they plan to increase their cyber investments because of gen AI programs,2 and 59% of US respondents in Deloitte’s Focusing on the foundation: How digital transformation investments have changed in 2024 study had invested in cyber capabilities in the previous 12 months.3

But as gen AI continues to introduce new risks, leaders need a way to make sense of this world and channel their cyber investments into strategies that work today—and well into the future.

The good news is that while new risks are emerging and converging, leading practices are also evolving — practices that can help shape the future of enterprise risk management, cyber, data, and engineering. In this final installment of Deloitte’s Engineering in the Age of Generative AI series, we focus on building a framework that cyber and risk leaders can consider when assessing internal and external gen AI risks and help them develop strategies to mitigate those risks by:

  • Recalibrating cybersecurity strategies to account for emerging risk categories
  • Scaling tried-and-true leading practices in cybersecurity
  • Establishing new methods of data and model provenance and information protection
  • Enhancing security with gen AI-specific model firewalls, employee training, and guardrails
  • Projecting risk and cost exposure across infrastructure and architecture with scenario modeling    

Exploring four gen AI risk categories impacting cyber strategies

Our analysis of the fourth edition of Deloitte’s Global Future of Cyber Survey, which surveyed nearly 1,200 cyber decision-makers at the director level or higher, identified eight potential risks specific to gen AI, ranging from integrity risks like hallucinations, to social engineering attacks, to inadequate governance of gen AI strategies. Original analysis of that data for this research finds that respondents are equally worried about all of them, with 77% saying they were concerned “to a large extent” about how these risks may impact their cybersecurity strategies.  

To provide a clearer understanding of the intersectional nature of these threats and the areas they impact, we can organize these gen AI risks into four distinct categories: risks to the enterprise, which include threats to organizational operations and data; risks to gen AI capabilities, which include the potential for AI systems to malfunction or their vulnerabilities to be misused; risks from adversarial AI, which include threats posed by malicious actors leveraging gen AI; and risks from the marketplace, which include economic, legal, and competitive pressures that could influence AI deployment and security (figure 1).

In the following sections, we explore each of these four risk categories in more detail to understand their potential implications and the strategies that can be employed to help manage them.

Risks to the enterprise

Gen AI introduces increased enterprise risk across data, applications, infrastructure, and processes. Our research shows some of the most prevalent are:

Data privacy, security, and intellectual property risks. Gen AI models are trained on large, diverse collections of text, images, and audio that are gathered from the web, generated by other models, or manually curated. Third-party data and models often don’t authenticate original sources, creator intentions, copyrights, or basic properties, making provenance hard to track4 and perpetuating potential hallucinations and misinformation.5  

Additionally, gen AI is now creating art, music, literature, software, and inventions, leading to questions about authorship, ownership, and protection. Regulation around who owns what innovation and thus who can monetize it is still in the works.6 This has increased copyright ambiguity.

Gen AI also raises privacy concerns. Personal details like names and addresses might be collected unintentionally, leading to accidental exposure or misuse of sensitive information, trade secrets, or confidential data. For instance, a health care company might use a retrieval system to access patient records, enabling medical professionals to query a patient’s medical history using natural language, but also exposing that private data to unintended risk.   

Security and employee risk across development processes. As gen AI is introduced into development processes, new security risks emerge. A Palo Alto Networks report found that AI-generated code was the top concern for surveyed security and information technology leaders.7 The Deloitte leaders interviewed for this article expressed concerns that AI might inadvertently amplify existing code-level vulnerabilities such as misconfigured code, increasing the risk of data breaches, malware infections, and reputational damage. The concern is grounded in the lack of transparency into third-party foundation models, which may introduce unknown vulnerabilities.

Additionally, employees are frequently using unsanctioned gen AI solutions. According to a 2024 AI Adoption and Risk Report from Cyberhaven Labs, usage of major gen AI tools at work is through personal accounts.8 Unauthorized use can unknowingly expose sensitive information to risk. For instance, Samsung banned the usage of gen AI tools among its employees after it was revealed that employees accidentally leaked sensitive data in public prompts.9

Emerging approaches to enterprise risk management

Given the evolving risk landscape, enterprise risk leaders and chief information security officers (CISOs) can consider the following actions to address risks to the enterprise:

  • Implementing digital asset management and data privacy controls. Organizations need to know where data they bring into their organization came from, and where data they are sending out into the world has gone. One way to achieve this is through a digital passport or model cards that can help verify training data and history as well as model origins—a capability known as digital provenance. Authenticity techniques, data consent mechanisms, and data provenance standards can help companies achieve data traceability. Some organizations are working to develop infrastructure for the “consent layer” in AI data, which involves gathering opt-in and opt-out information from data creators and incorporating it into searchable databases, such as the Do Not Train registry.10

In the absence of universal standards, tracing data lineages can help. For instance, the Data & Trust Alliance’s Data Provenance Standard11 is a collaborative effort among 19 corporations to document leading practices.

Strong intellectual property management strategies can embed trust into content creation. One method is using verifiable content credentials for images, videos, fonts, and audio files. Additionally, advanced digital rights management solutions can prevent unauthorized copying, provide real-time tracking, enforce licenses, and control digital asset distribution.12 Some companies have started embedding hidden signals, or watermarks, in their data to identify machine origins or prevent future machine use.13

  • Reimagining DevSecOps processes for a new age of prompt engineering: Deloitte research on engineering has shown that gen AI also can change the way software is developed, by creating increasingly integrated roles among individuals in the pod team.14 Risk and cyber executives can take a leadership role in shaping those programs while centralizing governance structures to confirm clear policies and processes are in place for everything from AI usage to network monitoring and that new processes are being systematically implemented and scaled.

Risks to gen AI capabilities

Gen AI also introduces new security risks that target the data and models that gen AI solutions depend on. Emerging threats include:

Prompt injection attacks. A distinctive feature of gen AI solutions is their use of prompts or instructions given to the AI. Prompt injections are an emerging technique where attackers design prompts to deceive gen AI systems into revealing secure data, spreading misinformation or tricking the prompt into performing a malicious action or access the model via a backdoor with a hidden trigger.15 Prompt injections are the leading security threat aligned to large language model (LLM) applications on the Open Worldwide Application Security Project Top 10.16

Evasion attacks. Traditionally, in AI systems, an evasion attack happens when the model is deliberately misled or tricked by conflicting samples, known as “adversarial examples,” leading to incorrect output. Gen AI systems are often vulnerable to these attacks at a greater scale than traditional AI. Anyone with basic query privileges can probe the model with prompts intended to understand its predictive labels and confidence scores to engineer the model into making different decisions.17 These attacks can be used to bypass intrusion detection systems and more.

Data poisoning. External models trained on public data introduce a host of unknowns. Data poisoning is one such risk: a deliberate attack on an AI system where an adversary alters the model’s training dataset. Data poisoning techniques may include altering data to become deceptive, incorrect, or misleading. The risk of data poisoning increases with retrieval augmented generation systems.   

Hallucinations in gen AI models. Gen AI models predict outputs from training data patterns, but when they hallucinate, the results may appear plausible yet be incorrect. Such inaccuracies can cause faulty decisions, damaged reputations, regulatory penalties, and lost opportunities.18 Like hallucinations, misinformation can be perpetrated through gen AI models, which may lead to loss of trust, financial loss, and negative impact on business decisions.

Emerging approaches to data, model, and application security

CISOs and chief technology officers should account for these increased risks and attack surfaces. This should include a broad approach to cybersecurity that encompasses various strategies and measures, including:

  • Combatting prompt injections with input guardrails and model firewalls. First, consider input sanitization and validation that preprocess user inputs to eliminate or neutralize harmful content before it reaches the LLM. This can involve filtering, escaping, or transforming inputs to confirm they follow expected patterns and are free of malicious instructions. Confidential data should be thoroughly vetted or masked before connecting to an LLM application, and standard security practices such as least-privilege access to reduce the attack surface and parameterization to prevent the execution of malicious code should be adhered to reduce the risk of prompt injection.

Second, instead of depending on rules-based solutions, organizations could enhance their defenses by implementing an AI firewall to monitor data entering and exiting the model, which can enable better threat detection.19 While tools like prompt shields can help detect hidden instructions, human oversight remains critical to judge and approve the generated output.20

  • Fine-tuning to improve accuracy. Fine-tuning is a supervised process where a model is retrained with data to improve its content generation accuracy. We discussed emerging approaches when fine-tuning a gen AI model to combat hallucinations in part 2 of this series including bringing in authoritative external sources through retrieval augmented generation, implementing contextual guardrails, creating prompt libraries, and human oversight—each of which can help to reduce hallucinations.21
  • Integrating gen AI into cyber capabilities. According to the fourth edition of Deloitte’s Global Future of Cyber survey, 36% of the responding organizations reported including AI and gen AI as part of their organization’s cybersecurity budget.22 Gen AI can identify subtle signs of threats hidden in network traffic and system logs, which might be missed by traditional security tools.23 Gen AI can spot more complex phishing attempts by studying patterns in legitimate emails. For instance, NVIDIA introduced a spear phishing detection AI workflow which can reduce the time needed to develop a phishing detection solution with 21% higher accuracy when compared to existing methods.24

AI-powered deepfake detection tools can also outperform humans in identifying subtle indicators to identify misinformation and machine-generated content—whether text, audio, images, or multiple formats in combination—on a large scale.

The National Institute of Standards and Technology recommends adversarial training for data models25 to replicate cyberattacks and help identify security gaps and fortify defenses. General adversarial networks (GANs) and smart vulnerability detection tools can uncover security flaws that traditional scanners may overlook.26

Risks from adversarial AI

Gen AI technologies commoditize the skills needed to orchestrate cyberattacks, lowering the entry barrier for malicious actors. The fourth edition of Deloitte Global Future of Cyber survey shows close to one-third of organizations are concerned about phishing, malware, or ransomware (34%), and threats related to data loss (28%).27 Gen AI can increase the sophistication, scale, and ease of adversarial attacks. These types of risks may include:

AI-generated malware. Gen AI introduces more data and complexity into the digital ecosystem and enables attackers to automate malware and ransomware more easily, increasing both the scale and sophistication of known threats. For instance, hackers continuously create new malware and cybercriminals can now leverage gen AI to produce near limitless, sophisticated malware, potentially overwhelming conventional cybersecurity measures and response times.28 A study uncovered about 100 machine learning models capable of injecting insecure AI code onto user machines.29

Phishing attacks that seem more human. Gen AI has revolutionized phishing attacks. IBM’s 2024 X-Force Threat Intelligence Index found “AI” and “GPT” were mentioned in over 800,000 dark web posts in 2023.30 Adversaries can exploit technology to craft believable messages and automate large-scale, sophisticated social engineering campaigns. Gen AI tools have commoditized the ability to draft convincing, context-sensitive messages, text and audio messages—overcoming language barriers, and even integrating cultural subtleties.31 Moreover, AI’s capability to self-improve could enable it to develop autonomous phishing tactics based on its acquired knowledge.32

Impersonation attacks. The ability to create fake voices and videos through gen AI tools is an emerging risk that has matured over the last three years,33 significantly reducing the barriers to perpetuating impersonation fraud. For example, in banking, gen AI is expected to magnify the risk of deepfakes for financial fraud. Deloitte’s Center for Financial Services forecasts that gen AI could enable fraud losses to reach US$40 billion in the United States by 2027, up from US$12.3 billion in 2023, a compound annual growth rate of 32%.34 

Emerging approaches to adversarial AI

CISOs can evolve their strategies to address adversarial AI risks by:

  • Scaling traditional threat detection and response. CISOs have an opportunity to expand traditional AI and deep learning techniques to stay ahead of these threats. Mastercard is set to launch Decision Intelligence Pro, a system that evaluates the connections between various entities involved in a transaction to gauge its risk. The technology is estimated to increase fraud detection rates by an average of 20%, with potential peaks of up to 300% in certain cases.35 Similarly Visa uses AI and machine learning to analyze over 500 attributes of each transaction to counter frauds.36 Additionally, Microsoft noted that when monitoring its ecosystem, the company detects more than 65 trillion cybersecurity signals per day with the help of AI.37
  • Updating adversarial training programs: Trainings should be updated to cover the unique threats of gen AI being used by attackers and how employees should be vigilant in terms of digital interactions to avoid sophisticated phishing attempts. CISOs should drive security behavior and culture programs to help reduce human-related cybersecurity risks. These programs should aim to shift from merely increasing awareness to fostering behavior changes.

Risks from the marketplace

Broader market risks are still taking shape, and many are largely outside of organizations’ control, including regulatory risk, infrastructure resilience, third-party risk, and others. Some leading risks include:

Regulatory uncertainties. According to Deloitte’s fourth quarter State of Generative AI in the Enterprise report, being able to comply with regulations is the biggest concern reported by organizations surveyed. These can span global and regional regulations that govern what’s possible and dictate the use of data, security and privacy considerations integral to managing gen AI risks. For instance, in the United States, the 2023 executive order 14110 on “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” included a provision that directed federal agencies to impose reporting requirements on entities developing, acquiring, or possessing advanced AI models or computing clusters.38 However, in 2025, the new administration issued subsequent executive orders that rescinded order 14110 and directed federal agencies to review existing AI policies and roll back any rules that may hinder AI innovation.39 As a result, the reporting requirements have been rescinded. Organizations would have to be mindful of the evolving regulatory landscape’s implications on gen AI offerings.

Computing infrastructure risk as gen AI scales. Gen AI demands significant computing resources, putting pressure on the already strained electric grid. Public utilities are often not agile, and it can be challenging to accurately estimate future energy demand.40 The aging infrastructure is struggling to keep up. According to Deloitte’s 2025 power and utilities industry survey, respondents cited grid infrastructure limitations as the key challenge in providing reliable power to data centers.41 According to Deloitte analysis, data centers, which currently consume 6% to 8% of total annual electricity generation in the United States, could potentially see their electricity needs grow to between 11% and 15% by 2030.42

New value chains. Data centers face new uncertainties, and thus risks and opportunities, across their value chains. Many investment firms, real estate companies, and engineering construction organizations are working to access permits, land, and funding for new data centers. Many cloud hyperscalers, telecommunication companies, and tech infrastructure providers are working to manage increased computing demands. Limited electricity supply in US locations such as Northern Virginia, Columbus, and Pittsburgh can delay new project approvals.43 In the United Kingdom and Europe, insufficient power has hindered the construction of new data centers.44 Additionally, supply chain bottlenecks can cause delays and higher costs due to shortages of critical components and materials. For example, many operators are facing a delay in securing crucial equipment like generators, uninterruptible power supply batteries, transformers, servers, and building materials, forcing them to use available alternatives.45 Along with these challenges, enterprises and data center operators have to manage these increased loads.

Limited application flexibility caused by vendor lock-in. Gen AI models and infrastructure are advancing faster than organizations can keep pace, introducing a risk that leaders could be paying for obsolete or duplicative capabilities or partnering with vendors that don’t ensure their products interoperate easily with other future technologies.

In addition, many organizations are rushing to secure advanced hardware for gen AI, but suppliers are struggling to keep up with the demand. NVIDIA’s Blackwell graphic processing units (GPUs) are sold out for the next year, prompting companies to seek alternatives.46 Organizations that rely on a single vendor risk missing key hardware advancements in this competitive market.47

Value realization concerns. The initial investment required for training and running large models along with the necessary computing hardware is substantial. According to Deloitte’s fourth quarter State of Generative AI in the Enterprise survey, about one-third of respondents believe that not achieving the expected value could slow the overall marketplace adoption of generative AI over the next two years.

Emerging approaches to marketplace risks

Based on the extent the organization is impacted by supply-side or demand-side risks (or both), leaders are likely exploring several solutions, including:  

  • Cutting down on computing demand by shifting to small models and reducing workloads. While training small language models (SLMs) can be more expensive, upfront investment could save on GPU needs.48 For example, while Salesforce launched their LLM XGen-7B with seven billion parameters in 2023, the company is also deploying small models for a specific task where greater efficiency may be needed to minimize the cost of computing and specialized hardware.49 SLMs run on devices like a phone or a laptop,50 reducing energy consumption. Google and NVIDIA have also launched their SLMs, which can be deployed directly to devices for low latency.51 For example, training bidirectional encoder representations from transformers on a large dataset can take 64 Tensor Processing Units (TPU) days, and substantial energy usage. In contrast, smaller datasets might only need a few hours, significantly cutting energy consumption.52 This approach is one of the strongest levers businesses have control over to reduce marketplace risks. Additionally, organizations are cutting down retraining time to reduce workloads. IBM, for example, introduced an associative memory module to enhance a model’s ability to manage longer contexts.53
  • Making strategic and efficient infrastructure decisions. Some organizations are making multimillion-dollar investments in on-premises data centers and hardware to build their own infrastructure; but in doing so, they’re rebuilding the walls they’ve spent decades trying to tear down by moving to the cloud and creating a hybrid cloud infrastructure that will require enhanced switching equipment to move across on-prem, edge, and cloud solutions. To that end, a recent industry report predicts the AI data center switching equipment market could reach US$1 billion by 2027.54

The challenge with this approach is that companies have invested in these GPUs and still need scalable energy access. For example, an organization focusing on gen AI-based language translation and dubbing services initially purchased a four-GPU cluster, estimating a 60% to 70% cost-savings relative to the cloud. However, they hadn’t accounted for the power and cooling requirements that would come from running six machines. Ultimately the company opted for a hybrid approach with simple workloads performed on premises and more resource-intensive computing in the cloud.55

Resource efficient hardware, along with efficient workload balancing, will play a crucial role in managing power consumption and efficiently utilizing available hardware. NVIDIA introduced its Blackwell GPU platform whose processors are designed to handle the demanding workloads of LLM inference while significantly reducing energy consumption.56 IBM has also revealed its NorthPole chip was 25 times more energy-efficient than the other commonly used 12 nm GPUs and 14 nm CPUs.57

On-premises alternatives—including edge AI infrastructure solutions—are also gaining prominence, and new leading practices in cooling, construction, and collaboration are emerging. Cooling requirements can constitute up to 40% of energy consumption in data centers.58 As workloads increase and power demands generate more heat, liquid cooling systems—which circulate coolant directly to heat-producing components—have been used to manage data center power demand more efficiently.59

  • Managing energy consumption and addressing power grid stress. According to Flexential’s 2024 State of AI Infrastructure report, organizations also are turning to third-party colocation data centers for AI infrastructure needs. The survey found that only 24% of respondents use on-premises AI hardware, while 51% lease rack space at colocation centers for edge processing.60 With a constrained public power grid, organizations are looking into microgrids with renewable energy for enhanced resilience and improved sustainability outcomes.61

Given the challenge goes beyond data centers to a larger energy load challenge, there’s also a need for alternative energy sources to fill the gap. While modernization of the energy grid and smart meters are certainly options, the innovation needed to support the scale of energy goes well beyond what a modernized grid can handle. As a result, alternative energy solutions are also being explored which can complement the existing infrastructure. For example, Google’s upcoming data center in Mesa, Arizona, expected to be finished by 2025, will use over 400 megawatts of clean energy from three sources: solar photovoltaic panels, wind turbines, and battery storage systems.62 Similarly, a German company colocation provider has placed data centers inside wind turbines for clean energy access.63

Like alternative energy, nuclear energy and micro-nuclear strategies are on the rise. There have been reports of increases in micronuclear reactors—compact energy infrastructure available by road, rail, or sea—to meet the colocated demand.64 Amazon acquired a data center site next to Pennsylvania’s Susquehanna nuclear power plant.65 Microsoft agreed to recommission and purchase all of the electricity generated by Three Mile Island’s nuclear power plant for the next 20 years to support its data centers.66 Similarly, the future viability of these energy approaches will be impacted by national energy policy and infrastructure decisions.

  • Recommissioning and investing in data centers as AI factories. There’s been significant movement in the data center market, with 2.1 gigawatts of new leases signed in the United States from mid-May to late July 2023.67 Amazon is investing US$10 billion in two data center complexes,68 and 15 global telecommunications companies across a dozen countries are building gen AI data centers, or AI factories.69 Given data centers are newly defined as critical infrastructure in the United States as of 2024, these commercial organizations could serve as the first line of defense to understand whether public and private US computing needs are met. Sovereign cloud and regional models to maintain national privacy will be important as well.70

Organizations reliant on gen AI as a core business opportunity might need to invest more considerably to transform their infrastructure. For example, Meta has built its own colocated AI factory to support its large gen AI workloads while managing power or cooling needs through unified system design.71 The upfront cost of its colocation strategy is part of a larger investment strategy for the business.72

  • Decentralizing and creating new capacity through edge computing and low earth orbit. Edge data centers are small, localized data centers that are part of a larger distributed network. They can reduce latency and improve application performance needing real-time data processing as they are positioned near the areas they serve. Gen AI, being a computationally intensive technology, can benefit from edge computing’s reduced latency, local storage and processing, and fewer data transfers to the cloud. Edge data centers can also help in the reduction of central grid power consumption by distributing computing loads across the network. The resilience is further improved as the network structure can provide a collocated backup network.73 According to one interview with a Deloitte leader, one option could be exploring low earth orbit for colocated data centers, liberating them from the constraints—and competition—for power on the same electrical grid supporting cities and communities. Japan’s NTT is exploring photonics and optical tech to send data to satellite networks for efficient processing and storage. The telecommunications firm plans to gather and analyze diverse data in space via a high-speed optical network, delivering only crucial information to users swiftly. This could potentially improve real-time space data usage and user convenience.74
  • Building trust and governance in gen AI deployments. Deloitte’s Trustworthy AI framework recommends operationalizing trust in AI through a thoughtful strategy.75 The strategy should be coupled with governance process, standards, third-party risk management, and technology-enablement to manage the program efficiently and transparently. Depending on the scale of implementations, organizations can adopt a full stack approach in their gen AI deployments to help reduce the risks of obsolescence and maintaining cohesiveness between the components. This can help to understand the overall risk exposure from the ecosystem so leaders can take the necessary corrective action.

Reducing risk and strengthening resilience

Gen AI introduces internal and external risks that cut across the four categories discussed in this article—to the enterprise, to gen AI capabilities, from adversarial AI, and from the marketplace. The risks are multidimensional and intertwined in a way that organizations, regardless of industry and strategy, should assess the best way to protect their gen AI integrations. Leaders will likely need to play a crucial role in aligning their cyber and business resilience strategies based on this assessment. Risk leadership, including the CISO, is well positioned to help leaders understand the organizations’ exposure to gen AI risks, as well as how to address them with known and new approaches to protect the organization on all fronts.

A single solution can’t address all the risks, and organizations will likely have to align and customize multiple solutions based on their exposure. CISOs should also confirm that they are following a human in the loop along with a secure-by-design approach across their software development lifecycle to ensure that their organization is safeguarding customer privacy. They should build on their established practices to accommodate the evolved nature of existing risks as well as the nuanced risks of gen AI models and the rapidly evolving infrastructure needs to enable business resilience strategies accordingly.

Methodology

The insights on gen AI risks and emerging solutions detailed in this report are based on thematic analysis of 10 interviews with Deloitte’s gen AI, risk, and security leaders conducted from July to November 2024 for this research. The research team has also conducted an in-depth literature review and original analysis of survey data from Deloitte’s fourth edition of the Global Future of Cyber survey, collected June 2024.  

 

Part 1 of this series examines how leaders can maintain the quality of digital products when integrating gen AI into the software development life cycle.

 

Part 2 of the series identifies four engineering obstacles that organizations could address to help enhance data and model quality and fully unlock gen AI’s potential.

Show more

By

Kieran Norton

United States

Tim Li

United States

Tim Davis

United States

Emily Mossburg

United States

Diana Kearns-Manolatos

United States

Endnotes

  1. Jim Rowan et al., “Now decides next: Generating a new future,” Deloitte, Jan. 21, 2025.

    View in Article
  2. Deloitte Insights Magazine, “Gen AI investments increasingly extend beyond the AI itself,” Sep. 26 2024.

    View in Article
  3. Tim Smith, et. al, "Focusing on the foundation: How digital transformation investments have changed in 2024," Deloitte Insights, Oct. 14, 2024. Average of all cyber technologies represented in figure 3.

    View in Article
  4. Shayne Longpre et al., “Data authenticity, consent, and provenance for AI are all broken: What will it take to fix them?,” An MIT Exploration of Generative AI, March 27, 2024.

    View in Article
  5. Kathy Baxter and Yoav Schlesinger, “Managing the risks of generative AI,” Harvard Business Review, June 6, 2023.

    View in Article
  6. Deborah Golden, Brenna Sniderman, Timothy Murphy, and Diana Kearns-Manolatos, “Ownership unbound: Reinventing intellectual property in the open innovation age,” Deloitte Insights, Oct. 9, 2024.

    View in Article
  7. Palo Alto Networks, “The state of cloud-native security report 2024,” accessed Feb. 10, 2025.

    View in Article
  8. Cyberhaven Labs, “AI adoption and risk report Q2 2024,” accessed Feb. 10, 2025.

    View in Article
  9. Mark Gurman, Samsung bans staff’s AI use After spotting ChatGPT data leak, Bloomberg, May 2, 2023.

    View in Article
  10. Have I Been Trained? “About,” accessed Jan. 16, 2025.

    View in Article
  11. Data & Trust Alliance, “Data provenance standards,” accessed Nov. 12, 2024.

    View in Article
  12.  Golden, Sniderman, Murphy, and Kearns-Manolatos, “Ownership unbound.”

    View in Article
  13. Valentina Izzo, “AI content protection: Understanding watermarking essentials,” Wordlift, March 18, 2024.

    View in Article
  14. Faruk Muratovic, Jasmeet Gill, Diana Kearns-Manolatos, and Ahmed Alibage, “How can organizations engineer quality software in the age of generative AI?Deloitte Insights, Oct. 28, 2024.

    View in Article
  15. Sheng Yang et al., “Not All Prompts Are Secure: A Switchable Backdoor Attack Against Pre-trained Vision Transformers,” arXiv (2024).

    View in Article
  16. Open Worldwide Application Security Project, “OWASP top 10 for LLM applications 2025,” Nov. 17, 2024.

    View in Article
  17. Laura French, “4 key takeaways from NIST’s new guide on AI cyber threats,” CyberRisk Alliance, Jan. 8, 2024.

    View in Article
  18. Lamont Black and Matthew Stern, “How to Mitigate Hallucination Risk in gen AI,” Strategic Finance, May 20, 2024. 

    View in Article
  19. Banghua Zhu, Norman Mu, Jiantao Jiao, and David Wagner, “Generative AI security: Challenges and countermeasures,” arXiv (2024).

    View in Article
  20. Prism Infosec, “The evolution of prompt injection in AI models,” July 5, 2024. 

    View in Article
  21. Sharon Maher, “Generative AI hallucinations: What can IT do?CIO, Nov. 7, 2023.

    View in Article
  22. Emily Mossburg et al., Global Future of Cyber Survey, 4th Edition, Deloitte, Oct. 27, 2024. 

    View in Article
  23. Perception Point, “Generative AI in cybersecurity: 3 positive uses and 6 gen AI-based attacks,” accessed Nov. 12, 2024.

    View in Article
  24. NVIDIA, “What is the spear phishing detection AI workflow?” accessed Nov. 12, 2024.

    View in Article
  25. Apostol Vassilev, Alina Oprea, Alie Fordyce, and Hyrum Anderson, “Adversarial machine learning: A taxonomy and terminology of attacks and mitigations,” National Institute of Standards and Technology, January 2024.

    View in Article
  26. Gaurav Aggarwal, “Harnessing gen AI: Building cyber resilience against offensive AI,” Forbes, Sept. 25, 2023; Md Mashrur Arifin et al., “A survey on the application of generative adversarial networks in cybersecurity: Prospective, direction and open research scopes,” arXiv, July 11, 2024.

    View in Article
  27. Mossburg et al., Global Future of Cyber Survey, 4th Edition.

    View in Article
  28. Peter Silva, “How gen AI is supercharging zero-day cyberattacks,” Ericom Security, Sept. 19, 2023.

    View in Article
  29. Elizabeth Montalbano, “Hugging face AI platform riddled with 100 malicious code-execution models,” Dark Reading, Feb. 29, 2024.

    View in Article
  30. IBM, “IBM report: Identity comes under attack, straining enterprises’ recovery time from breaches,” Feb. 21, 2024.

    View in Article
  31. Shannon Murphy, Gen AI-powered phishing threats call for new Training, Trend Micro, July 24, 2024.

    View in Article
  32. Stu Sjouwerman, How AI is changing social engineering forever, Forbes, May 26, 2023.

    View in Article
  33. Deborah Golden, Jesse Goldhammer, Jay Parekh, and Diana Kearns-Manolatos, “Earning digital trust: Where to invest today and tomorrow,” Deloitte Insights, Feb. 16, 2022.

    View in Article
  34. Satish Lalchand, Val Srinivas, Brendan Maggiore, and Joshua Henderson, “Generative AI is expected to magnify the risk of deepfakes and other fraud in banking,” Deloitte Insights, May 29, 2024.

    View in Article
  35. Mastercard, “Mastercard supercharges consumer protection with gen AI,” press release, Feb. 1, 2024.

    View in Article
  36. Sheila Chiang, “How Visa employed artificial intelligence to check $40 billion in fraud as scammers also take to AI,” CNBC, July 25, 2024.

    View in Article
  37. National Cybersecurity Center, “Space ISAC stands up operational watch center to keep pace with proliferating threats to space systems,” March 30, 2023.

    View in Article
  38. Federal Register, “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence,” Oct. 30, 2023.

    View in Article
  39. The White House, “Initial rescissions of harmful executive orders and actions,” Jan. 20, 2025 ; The White House, “Removing barriers to American leadership in artificial intelligence,” Jan. 23,2025.

    View in Article
  40. Prof. Dr. Bernhard Lorentz, Dr. Johannes Trüby, and Geoff Tuf, “Powering artificial intelligence: A study of AI’s environmental footprint—today and tomorrow,” Deloitte, November 2024.

    View in Article
  41. Thomas L. Keefe, Kate Hardin, and Jaya Nagdeo, 2025 Power and Utilities Industry Outlook, Deloitte Insights, Dec. 9, 2024.

    View in Article
  42. Ibid.

    View in Article
  43. Tim Hysell, “Tackling operational challenges in modern data centers,” Data Centre Dynamics, Oct. 21, 2024. 

    View in Article
  44. Fiona Jackson, “Power shortages stall data centre growth in UK, Europe,” TechRepublic, Oct. 31, 2024. 

    View in Article
  45. Hysell, “Tackling operational challenges in modern data centers.”

    View in Article
  46. Adam Clark and Tae Kim, “Nvidia stock rises after management says Blackwell ss sold out for 12 months,” Barron’s, Oct. 10, 2024.

    View in Article
  47. David Linthicum, “Navigating cloud concentration and AI lock-in,” InfoWorld, Dec. 19, 2023 ; Neil Sheppard, “AI vendor lock-in: Building your house on sand,” LeanIX, March 21, 2024.

    View in Article
  48.  

    Lucas Mearian, “With genAI models, size matters (and smaller may be better),” Computerworld, Sept. 19, 2024.

    View in Article
  49. Lisa Lee, “Tiny titans: How small language models outperform LLMs for less,” Salesforce, June 3, 2024 ; Janakiram MSV, “Salesforce introduces XGen-7B, a large language model with longer context support,” Forbes, July 3, 2023.

    View in Article
  50. The Wall Street Journal, “Why AI giants are turning to small language models,” podcast, July 9, 2024.

    View in Article
  51. Google, “Gemma open models,” accessed Feb. 2, 2025; Ike Nnoli, “SLMming down latency: How NVIDIA’s first on-device small language model makes digital humans more lifelike,” Nvidia, Aug. 21, 2024.

    View in Article
  52. Sourabh Mehta, “How much energy do LLMs consume? Unveiling the power behind AI,” The Association of Data Scientists, July 3, 2024. 

    View in Article
  53. Peter Hess, “How memory augmentation can improve large language model efficiency and flexibility,” IBM, Sept. 24, 2024. 

    View in Article
  54. Jon Mischel, “The ABCs of AI data center networking: Build vs. buy & cost,” Juniper Networks, Oct. 31, 2024.

    View in Article
  55. Stan Gibson, “Getting infrastructure right for generative AI,” CIO, June 3, 2024.

    View in Article
  56. Esther Shein, “NVIDIA Blackwell GPUs sold out: Demand surges, what’s next?TechRepublic, Oct. 14, 2024.

    View in Article
  57. Peter Hess, “For LLMs, IBM’s NorthPole chip overcomes the tradeoff between speed and efficiency,” IBM, Sept. 26, 2024.

    View in Article
  58. National Renewable Energy Laboratory, “NREL joins $40 million effort to advance data center cooling efficiency,” press release, Dec. 14, 2023.

    View in Article
  59. Aashi Mishra, “Liquid cooling: The sustainable solution driving efficiency in data centers,” Data Center Knowledge, Oct. 28, 2024; Ali Heydari et al., “Power usage effectiveness analysis of a high-density air-liquid hybrid cooled data center,” Proceedings of the ASME 2022 International Technical Conference and Exhibition on Packaging and Integration of Electronic and Photonic Microsystems (Garden Grove, California: The American Society of Mechanical Engineers, 2022).

    View in Article
  60. Joe Burns, “Data centers powered by clean energy draw higher prices, as AI fuels electricity demand spike,” Utility Dive, July 26, 2024.

    View in Article
  61. Joe Burns, “Organizations’ AI road maps face adoption, implementation challenges,” Facilities Dive, July 23, 2024.

    View in Article
  62.  Shannon Cuthrell, “Google plans solar, wind, battery to power expanded data center,” EEPower, April 8, 2024.

    View in Article
  63. Arya Jyothi, “This project cuts emissions by putting data centers inside wind turbines,” CNN, Dec. 5, 2023.

    View in Article
  64. Wayne Williams, “Micro nuclear reactors could cost as little as $20 million and launch by 2031 — but will it be enough for data center operators and the AI industry,” TechRadar, Sept. 11, 2024.

    View in Article
  65. Casey Crownhart, “Why Microsoft made a deal to help restart Three Mile Island,” MIT Technology Review, Sept. 26, 2024.

    View in Article
  66. Ibid.

    View in Article
  67. Sam Prudhomme, “Rise of generative AI and its impact on the data center sector,” Data Center Knowledge, Sept. 7, 2023.

    View in Article
  68. James Walker, “New data center developments: February 2024,” Data Center Knowledge, Feb. 1, 2024.

    View in Article
  69. Duncan Stewart, Dan Littmann, Girija Krishnamurthy, and Matti Littunen, “Telecoms tackle the generative AI data center market,” Deloitte Insights, Sept. 16, 2024.

    View in Article
  70. Mitch Wagner, “Nations declare independence with ‘sovereign clouds’,” Fierce Network, May 17, 2024; Jean Gil Barroca, Alfons Buxo, and Bruno Silva Batista, “Cloud sovereignty: Three imperatives for the European public sector,” Deloitte Insights, Oct. 26, 2023; Angie Lee, “What is sovereign AI?” NVIDIA, Feb. 28, 2024.

    View in Article
  71. Santosh Janardhan, “Reimagining our infrastructure for the AI age,” Meta, May 18, 2023.

    View in Article
  72. Lorentz, Trüby, and Tuf, “Powering artificial intelligence.”

    View in Article
  73.  Matt Rees, “How AI is fueling the rise of edge networking,” TechRadar, Aug. 27, 2024.

    View in Article
  74. Kosei Suzuki et al., “Overview of space integrated computing network,” NTT R&D, Dec. 28, 2022.

    View in Article
  75. Deloitte, “Trustworthy AI™,” accessed Feb. 4, 2025.

    View in Article

Acknowledgments

A special thanks to Brenna Sniderman for her executive leadership and guidance. Thanks to Alfons Buxo Ferrer, Alison Hu, Jeremy Kofsky, Kate Hardin, Nicholas Merizzi, Myke Miller, Chris Pasternak, Parth Patwari, and Chris Thomas for their industry insights and expertise on this topic.

We would also like to thank the Deloitte US marketing teams, including Andrew Ashenfelter, Ireen Jose, Saurabh Rijhwani, Chad Testa, Will Wilt, and Alice Worsham for their creative vision, production support, and guidance on extending the global reach of these insights. We would like to thank Jim Slatton for design and visualization support.

Finally, the authors would like to thank Corrie Commisso and Prodyut Borah from the Deloitte Insights team for their invaluable editorial and production input.

Cover image by: Jim Slatton; Adobe Stock