– The rapid advancements and broad capabilities of generative AI and Large Language Models (LLMs) pose challenges for security teams.
– Chief Information Security Officers (CISOs) must guide the responsible adoption of these powerful tools to prevent immediate concerns, like proprietary data exposure, and mitigate long-term risks.
– Companies, including Apple, Amazon, and JPMorgan, have restricted certain AI applications due to potential data risks, emphasizing the need for responsible alternatives to prevent frustrated staff from resorting to workarounds and shadow IT.
– CISOs play a crucial role in striking a balance between making innovation accessible and limiting the risks associated with compromising sensitive data, regulatory issues, and reputational damage.
1. LLMs will be secured in-house.
– Christian Kleinerman and James Malone discussed the AI supply chain for businesses to construct secure large and not-quite-large language models.
– Security challenges arise when maintaining generative AI tools and Large Language Models (LLMs) within security perimeters, questioning trust in external data sources and open source models.
– Mario Duarte, Snowflake’s VP of Security, highlights concerns about potential misconfigurations, user errors, and the lack of experience in maintaining and securing LLM-based tools.
– The threat of bad data deliberately introduced by adversaries is another security concern, with inaccurate outputs from data tools posing a form of social engineering and falling within the realm of cybersecurity.
2. The AI data supply chain will be a target
of attack. Eventually.
– Examining the vulnerability of data, it’s crucial to realistically assess the risk of adversaries injecting false or biased data into foundational Large Language Models (LLMs).
– The potential threat involves a scenario where adversaries engage in a long game, conducting a propaganda operation to manipulate content in LLMs, creating misinformation about nation-state conflicts, election integrity, or political candidates.
3. Gen AI will improve intruder detection.
– Addressing a key issue in IT security, the time lapse between a security breach and its detection is a significant concern, with median dwell time reported at around two weeks.
– Anoosh Saboori, Head of Product Security, anticipates significant improvements in automated detection of intruder activities through the application of AI in various security aspects.
– AI’s role includes enhancing the user experience with security products, accelerating anomaly detection, automating responses, and conducting forensic analysis. Generative AI is expected to excel in recognizing and flagging malicious or inconsistent behavior based on behavioral data, such as deviations from an employee’s baseline activities.