3rd Party Risk Management
,
Artificial Intelligence & Machine Learning
,
Data Governance
Analyst Allie Mellen on Open-Source AI Adoption, Vendor Considerations, Data Risks
AI adoption is accelerating across security operations, but DeepSeek has introduced security, privacy and geopolitical risks that organizations should carefully assess. Forrester’s Allie Mellen shares advice on AI adoption by cybersecurity vendors, third-party risks and data protection.
See Also: AI Surge Drives a 40-1 Ratio of Machine-to-Human Identities
Mellen said security leaders must evaluate not only their own AI use but also the AI models embedded in vendor solutions. Some security vendors are already experimenting with DeepSeek using their own hosted versions of the open-source model, she said, but “whether or not it is going to be adopted by cybersecurity vendors is pretty fraught” with concerns over Chinese nation-state hacking. Plus, she expects rivals such as OpenAI and Google to be fast followers of DeepSeek-R1.
But Mellen advises cybersecurity teams to scrutinize the entire vendor supply chain for AI risk. The enterprise may not be using DeepSeek directly, Mellen said, “But is that vendor that I’m working with using it? And what impact downstream will that have on where my data is going?”
In this video interview with Information Security Media Group, Mellen also discussed:
- How cybersecurity vendors are approaching DeepSeek adoption;
- Third-party AI risks to enterprise security strategies;
- Safeguards to prevent AI models from absorbing sensitive corporate data.
Mellen supports security and risk professionals, covering all aspects of security infrastructure and operations for Forrester. She covers the people, processes and tools of the SOC, including security analysts; security information and event management; security user behavior analytics; security analytics; security orchestration, automation and response; endpoint detection and response; extended detection and response; and SOC metrics. Her research focuses on where analytics, detection, automation and response are headed in the security industry.