When the Catalyst’s Katrina Lawrence talks about Catalyst’s newest course offerings, Secure AI, she lights up. It’s a course she has meticulously developed, alongside the Catalyst’s cybersecurity experts, piloting material as a professor at Eastern University and a machine learning scientist, integrating research and firsthand findings from conferences, poring over academic papers, and now tailoring those insights for small- and medium-sized businesses.
Katrina finished her degree in applied mathematics when the first GPT model was released. Up until then, her focus had been on mathematical modeling in biology, neuro-science and physics, but her thinking took a turn.
Her instincts were right: AI was about to become one of the defining technological shifts of the decade. But despite the widespread adoption of AI tools, Katrina says there’s a danger in assuming that casual experimentation amounts to expertise. It is a real security issue. Secure AI is designed to address that gap.
With firsthand experience, Katrina knows the ways organizations are putting themselves in danger. Through conversations with law firms, tech companies, and transportation organizations, she’s seen employees paste sensitive PII directly into public AI tools to generate reports. It worries her. “The biggest thing I’ve seen,” she says, “is just not understanding where the data is going. They don’t always realize they may be using public-facing models where submitted information could be retained, exposed, or used in future model training.”
The first Secure AI offering — Strategy & Oversight for AI Adoption — gets down to the fundamentals. What are the AI risks? How can you identify them in your company? What are the ways to mitigate them? And how can you ensure it’s secure while using AI to increase productivity and output?
The course is suitable for leadership and extends to people working in the company, says Katrina. “Oftentimes, I like to use the analogy that AI is like traffic law,” she says. “For instance, you have your government or municipalities that set the traffic law, but in order for everyone to be safe, everyone needs to abide by it, whether you’re a pedestrian, a cyclist, or any kind of vehicle.”
It’s the same for AI. Setting AI governance and policies may initially be geared toward senior leadership, but everyone in the organization is accountable for understanding these policies and their own use of AI. As such, it gives employees a clearer understanding of how to access, use, and protect organizational data responsibly.
A lot of it is understanding the risk, step one, and step two, figuring out how they can manage it.
When you go to a law firm, you assume your information is going to be safe. But Katrina advises that with AI, there’s a cycle you have to be aware of. There’s the data itself, the model training process, user inputs and outputs, and the cloud infrastructure supporting it all. “I think it’s a question that clients need to be asking their lawyer, financial advisor, and medical practitioner,” says Katrina.
The biggest thing I always tell anyone is that if you’re using a tool and the tool is free, it’s probably not free. You’re probably paying with your data.
Enterprise-level AI platforms often include stronger privacy protections and clearer data governance policies. For business enterprise versions, for instance, they state they will not retrain your data, meaning your data is subject to stronger privacy protections. Since data is vulnerable in the cloud, it is always best practice to never put PII (personally identifiable information) into these models. “If you don’t want it out there,” says Katrina, “you don’t want to put it in.”
Katrina is passionate about the development and resulting course content of Secure AI, which sits at the intersection of her interests, prompt engineering for AI, accessible AI, and machine learning. Her goal is for students to learn how large language models work, even at a high level. Secure AI helps course participants discover what happens between a user prompt and an AI-generated response.
Katrina wants her course participants to understand how the pipeline works and to understand the risks. “I think it’s really important because there are a lot of self-proclaimed experts in the field,” she says. Without having a picture of the full process, Katrina believes you can’t anticipate where security problems might pop up.
She places emphasis on AI for good, highlighting AI ethics, bias, and safety. This is crucial because the models are trained on historical data. This is where prompt engineering comes in: the way users frame prompts can inadvertently influence biased outputs. The principles of these courses inform Secure AI.
“Secure AI also distinguishes between predictive (traditional), generative, and agentic AI, helping participants understand how modern AI differs from earlier forms of automation.” “People know what AI is,” Katrina says, “but they don’t know the distinctions between the types of AI and what it can do. This helps them build a framework around it.”
There is a real need for practical guidance and clarity on the steps that small and medium businesses should take to securely adopt AI. This was a clear insight gained by Lester Chng, senior trainer & practice lead at the Catalyst. “The Catalyst has been at the forefront of running cybersecurity training programs, and our participants have been very vocal about needing to leverage AI and to do it securely.” As one of the contributing authors to the Secure AI course, Lester has leaned heavily on his experience working with small and medium businesses to ensure that the course delivers exactly what is needed: a clear roadmap, distilled and guided information, and working tools such as AI Risk Registers and RASCI charts.
In a time when AI capabilities are evolving rapidly, governance is essential. To simulate this, Katrina teaches policy and guardrails. You have your structure, so how does this adapt as AI adapts? What are the things that don’t change, your foundations? And what aspects are you continuously monitoring to make sure you’re staying secure and keeping up with AI?
“We cover all of this in the course,” says Katrina, “and participants leave with a practical toolkit they can use to build their own roadmap.”
As organizations continue integrating AI into daily operations, Katrina believes understanding the technology — and its risks — is no longer optional.