Chief human resource officers (CHROs) have their hands full with artificial intelligence. AI security is an essential challenge for HR professionals to tackle in 2025. Trends indicate that misuse is rising, aligning with an uptick in adoption. What can CHROs do to secure this technology within their teams and organizations?

Why the Secure Use of AI is Such a Challenge

AI may be a cost-effective, powerful productivity driver, but implementation is not without risks. If the algorithm is tampered with or hacked, it may output sensitive information like employee details or source code. Privacy violations of staff, clients or candidates may lead to legal action or reputation damage.

Breaches can happen in numerous ways. One of the more common is a prompt injection attack, where an individual manipulates the tool via input to trigger unintended behavior. For example, a person can tell the program they are a member of the information technology (IT) team requesting sensitive data. Without guardrails and fail-safes in place, they will be successful in getting access.

In a data poisoning attack, a bad actor — a disgruntled ex-employee or a dishonest competitor, perhaps — injects faulty samples into a training dataset by targeting the online content an algorithm collects. Doing so can drastically affect model performance.

Research shows a 0.001% poisoning rate can be effective. Even with large models, only a fraction of the training dataset must be altered. For reference, poisoning a large language model with a mere 1% of its total samples is possible. Since roughly 30% of these samples are accessible in any given model, such an attack is surprisingly easy.

The security risks of AI can be internal, too. Workers who use it to summarize legal documents or generate source code for the company — especially via non-corporate accounts — risk exposing that information publicly.

Unfortunately, such instances are not uncommon. In 2024, 27.4% of the information workers input into AI tools was sensitive, up from 10.7% in 2023. This trend will likely continue to rise in 2025. The data included confidential customer details, internal communications and financial documents — much of which ended up in personal accounts. For example, 49% of HR and employee records entered into these systems were sent to noncorporate accounts.

The Importance of Securing AI Systems

Despite the risks, AI will continue proliferating in the workplace. It has an estimated market value of $10 to $15 trillion globally, indicating it is a highly valuable asset. Besides, relatively few organizations have yet to hold off on incorporating it into internal processes. Those that have completed integration will not easily forsake such a potentially lucrative investment.

Even if business leaders are willing to halt or reverse implementation, they likely won’t entirely remove this technology from the workplace. Shadow AI — the unsanctioned use of AI tools — is rampant. Even HR is prone to this behavior. According to a 2024 survey, while 37.36% of HR executives indicate they personally use AI for work, just 3.03% said their employers trained them on proper use. This trend will likely continue in 2025.

Even if the IT team adequately secures internal systems, these third-party tools may be vulnerable to cybercriminals. Employees who use them for work-related applications risk causing a data breach.

The HR and IT departments may not detect said breach for weeks or even months. Since these algorithms are autonomous and require little oversight, performance and security issues may not be immediately obvious. In privacy-centric industries like health and finance, the consequences could be catastrophic — and costly.

Since AI is here to stay, CHROs should act now. It is better to have guidance for potential use cases than to ignore the growing threat of autonomous technology. Intellectual property theft and reputation damage due to AI-related breaches must be avoided at all costs.

How CHROs Can Achieve the Secure Use of AI

CHROs must adopt a human-centered strategy to manage AI risks within their HR departments and throughout their organizations.

1. Deidentify and Encrypt Sensitive Data
When sensitive data is deidentified and encrypted, breaches become more of a nuisance than a threat. If CHROs don’t already have such measures in place for data storage systems, they should request the IT team make these changes.

2. Create AI Policies and Procedures
Which large language model is staff allowed to use? Are there any restrictions on what information they can enter? What are the penalties for non-compliance? CHROs should carefully consider questions like these. If they need help making their policies more actionable, IT leaders can surely assist.

3. Deploy Internal Management Controls
Security is a shared responsibility between the IT and HR departments. While the former is in charge of monitoring and patching, the latter must enforce compliance with newly created policies. Collaboration is essential.

4. Disclose Where and How AI Is Used
Whether organizations leverage AI in hiring or payroll, participants should be aware their data is being used. This way, companies can avoid liability. CHROs should disclose how, where, when and why this technology is being utilized. Allowing individuals to opt in or out may add another layer of legal protection.

The Secure Use of AI is Possible with Effort

CHROs cannot afford to deprioritize AI security — this technology poses one too many risks to departments and employers. The safest approach is to collaborate with the IT team and staff members to create actionable guidance to prevent threats from arising in 2025.

Author Bio

Zachary Amos is a Tech Expert with a special interest in HR technology, automation, and cybersecurity.

Error: No such template "/CustomCode/topleader/category"!