Balancing Opportunity and Risk: How to secure AI in the public sector

Guest blog by Mark Jow, Technology Evangelist EMEA at Gigamon #techUKSmarterState

Mark Jow

Technology Evangelist EMEA, Gigamon

In early 2025, the UK Government announced a bold plan to integrate artificial intelligence (AI) across the public sector. With more than 8 out of 10 public sector organisations now having a GenAI strategy in place, and 54% actively implementing AI, the momentum is clear.

However, recent research from the Gigamon Hybrid Cloud Security Survey reveals that with this rapid adoption comes a stark reality check. Over half (55%) of the more than 1,000 global security leaders surveyed reported they have experienced a security breach in the past 12 months, representing a 17% increase from the previous year, with many of these attacks either enabled with the assistance of AI and/or targeted at AI environments being used by organisations incidents linked to AI-driven complexity. As AI adoption accelerates, so does the need to carefully consider the risks – and how to address them. As AI adoption accelerates, so does the need to carefully consider the risks – and how to address them.

Why the public sector is turning to AI

There’s no denying the benefits of AI in government operations. When leveraged correctly, AI can drive innovation, leading to improved customer experience and better organisational scalability. It has the potential to transform the public sector, cutting down manual tasks and improving citizen services by streamlining operations. All of which will help in bridging the existing skills gaps in public institutions.

In a sector that’s under constant pressure to do more with less, these benefits are hard to ignore. But while the upside is significant, the risks must be just as carefully considered as the rewards.

Where things can go wrong

As AI projects expand in the public sector, network complexity and risk increase as well. Public sector systems, already being prime targets for cyberattacks, become even more attractive when AI is factored in. In fact, data from the Department for Science, Innovation and Technology indicates that 24% of all cyberattacks target the public sector, which is largely due to the sensitive data it holds. The more AI is integrated, the more potential entry points open up for attackers.

These new attack vectors are already being exploited, with nearly half (47%) of organisations reporting an increase in attacks specifically targeting their large language models (LLMs), while 58% are seeing a rise in AI-powered ransomware attacks.

A common pitfall is organisations focusing heavily on the AI itself, and neglecting the wider environment that it operates in. This compounded by changing risk perceptions, with 70% of organisations now viewing public cloud, where many AI workloads run, as representing greater security risk than any other environment and 91% of security and IT leaders admit to making compromises in securing their hybrid cloud infrastructure. As the foundation of any deployment, the surrounding infrastructure needs just as much attention as the model itself. If any part of the ecosystem is vulnerable, the whole system is at risk.

But threats aren’t always external. Insider threats, such as employees unintentionally exposing sensitive data or misusing AI tools can be just as damaging. Although these are not always malicious acts, they do come down to a lack of awareness and policy around the safe use of AI.

In the face of fast paced AI evolution, regulatory updates often lag behind, creating an environment where outdated regulations and strategies lead to gaps and missed warning signs.

How to deploy securely

Laying the right foundation is key to secure AI deployment. The urgency is clear, as 46% of security and IT leaders report that managing AI-generated threats is now their top security priority. Here are three practical steps to help public sector organisations do just that:

1. Set clear AI risk tolerance levels

Before deploying AI solutions, organisations must define what level of risk they’re willing to accept. The organisations appetite for risk goes beyond technical security, informing decisions around the types of models to implement, how much autonomy they’re given, and the kind of data they can access. Establishing these standards early will guide AI adoption strategies, helping shape more secure, strategic deployments.

2. Establish comprehensive monitoring

AI models don’t operate in isolation. To keep them secure, it’s critical to monitor not only the AI, but it’s surrounding environment as well. That means having complete visibility over all data in transit, user activity, and the evolution of the AI models over time. Without this level of visibility, threats can slip through undetected.

The importance of this approach is underscored by current findings, showing that 88% of security and IT leaders agree that deep observability, combining network-derived telemetry with comprehensive monitoring data, is critical for securing AI deployments.

3. Implement a stringent AI policy

Once risks are defined and visibility is place, the next step is establishing a secure AI policy. This should outline how AI is used, who has access, and what governance is required. Alongside implementing this AI policy, training promoting the safe use of AI is critical. It’s not just about writing the rules, it’s about educating and empowering.

Without doubt, AI has the power to reshape the public sector. Organisations don’t need to shy away from innovation, but they do need to take security seriously. By laying a strong foundation and addressing risks head-on, the public sector can unlock AI’s full potential without compromising trust, data, and safety.

techUK - Transforming Public Services

public_sector_icon_badge_stroke 2pt_final.png

techUK members are transforming public services in the UK. Our community help to shape a smarter, digitally empowered public sector.

techUK drives public sector digital transformation by uniting the public sector and tech industry. Through early market engagement, efficient procurement, and innovative technology adoption, we help to modernise legacy IT, and enable efficient, secure, and personalised services.

Get involved: We run a busy calendar of activity including events, reports, and insights that demonstrate some of the most significant digital transformation opportunities for the sector. Our Transforming Public Services Hub is where you will find details of all upcoming activities. We also send a monthly public services newsletter to which you can subscribe here.