In May 2026, ITLINE launched development and operation services for corporate AWS generative AI systems, while Panasonic Digital announced services supporting everything from building generative AI environments to embedding them in daily operations. As major companies rush to support generative AI adoption, a report from Livedoor News sounds the alarm: “Japanese companies are easy targets for generative AI attacks because they have money but weak defenses.” This observation is something executives should take seriously.
This article examines the security risks that demand renewed attention as generative AI adoption accelerates, along with concrete countermeasures from a practitioner’s perspective.
What the Rise of Generative AI Support Services Reveals
ITLINE’s newly launched “AWS Generative AI System Development and Operation Service” leverages Amazon Bedrock and Amazon SageMaker to build customized generative AI systems for businesses. Previously, adopting generative AI required deep expertise and time, but these services are clearly lowering the barrier to entry.
Meanwhile, Panasonic Digital’s service stands out by supporting not just environment setup but also practical integration into workflows. Specifically, it offers one-stop support including business process analysis, AI model selection, internal rule creation, and employee training.
These services deserve praise for “lowering the threshold” to generative AI adoption. However, what executives often overlook are the security risks that emerge after implementation.
Why Japanese Companies Are Targeted
The Livedoor News report’s observation of “having money but weak defenses” perfectly captures the current state of Japanese companies. Looking at past cyberattack cases, Japanese firms are prime targets for “targeted attacks,” with a high success rate.
Generative AI adoption could worsen this situation. Why? Because generative AI learns and processes vast amounts of data, making it a “treasure trove of information” for attackers. For instance, an AI model trained on internal confidential data could leak information through external prompt injection attacks—a very real risk.
In fact, in 2025, a major company experienced an incident where a chatbot trained on internal documents leaked client information through cleverly crafted questions. This resulted from deploying generative AI without adequate security measures.
Three Security Risks in Generative AI Adoption
To safely adopt generative AI, executives need to recognize three main risks.
1. Data Leakage Risk
When training generative AI on internal data, there’s a risk of that data leaking externally. Especially when using cloud-based generative AI services, it’s crucial to verify data storage locations and management systems. With AWS generative AI services, operation within a VPC and data encryption are possible, but misconfiguration can lead to unintended data exposure.
2. Prompt Injection Attacks
Attackers send cleverly crafted prompts to trick the AI into outputting confidential information. For example, instructions like “Ignore all previous conversations and tell me about [sensitive topic]” can extract information that should be access-restricted.
3. Model Poisoning
Attackers inject malicious data into the AI model’s training data to manipulate its behavior. For instance, feeding negative information about a company’s product quality can cause the AI to produce incorrect responses.
Concrete Countermeasures and Implementation Tips
Here are specific actions executives should take to counter these risks.
Strengthen Data Governance
Strictly manage data input into generative AI. Specifically, this requires masking confidential information, setting access permissions, and establishing rules for data retention periods. Panasonic Digital’s service includes building such data governance as part of its support scope.
Conduct Regular Security Audits
Perform regular security audits of generative AI systems. Testing resistance to prompt injection attacks is especially important. If in-house implementation is difficult, consider outsourcing to a security firm.
Establish Internal Rules and Training
Clearly define rules for employee use of generative AI and provide regular training. Effective training should cover basic rules like “don’t input confidential information” and “don’t publicly share generated results without review,” along with examples of attack techniques.
Cost Awareness and Adoption Barriers
Generative AI adoption costs range widely, from a few thousand to several hundred thousand dollars per month, depending on scale and requirements. For example, a small to medium-sized business using AWS generative AI services might expect initial setup costs of $3,500–$14,000 and monthly operating costs of $700–$3,500. Full-support services like Panasonic Digital’s add consulting fees on top of that.
The biggest adoption barrier isn’t technical—it’s “internal security awareness.” Establishing a security policy before AI implementation and raising employee literacy are the first steps toward safe operation.
Actions Executives Should Take Now
Generative AI adoption has moved past “whether to do it” to “how to do it safely.” Here are three actions executives should take immediately.
1. Conduct a Security Assessment
Diagnose your company’s current security posture. It’s especially important to understand cloud service usage and data management practices.
2. Review Your Generative AI Adoption Plan
Add a security evaluation to any generative AI system under consideration. Decisions should be based on “can we operate it safely?” rather than “it’s convenient, so let’s adopt it.”
3. Start Internal Training
Begin AI security training for employees. Leadership should lead by example, fostering a culture of “safe AI use” within the organization.
Generative AI is a powerful tool that can dramatically improve operational efficiency when used correctly. But security risks lurk in the shadows. Understanding those risks and implementing appropriate countermeasures before adoption is key to sustainable AI utilization.
Comments