WEBVTT 00:00:00.000 --> 00:00:02.379 Welcome to Tech Unplugged podcast. It's great 00:00:02.379 --> 00:00:04.839 to be here. Today, we're going to be diving deep 00:00:04.839 --> 00:00:08.210 into the world of AI security. Yeah. You've shared 00:00:08.210 --> 00:00:10.769 some really fascinating material with me, and 00:00:10.769 --> 00:00:14.050 our mission today is to unpack all of this. What 00:00:14.050 --> 00:00:16.510 does all of this mean for our listeners out there, 00:00:16.530 --> 00:00:19.170 whether they're tech professionals, business 00:00:19.170 --> 00:00:21.530 leaders, or just someone who's really interested 00:00:21.530 --> 00:00:25.269 in staying safe in this age of AI. So we're going 00:00:25.269 --> 00:00:28.170 to be exploring some of the unique risks that 00:00:28.170 --> 00:00:31.269 come with using AI, how security experts are 00:00:31.269 --> 00:00:34.030 tackling these challenges, and what our listeners 00:00:34.030 --> 00:00:36.369 should really be aware of to protect themselves 00:00:36.369 --> 00:00:39.429 and their organization. So no need to feel overwhelmed. 00:00:39.509 --> 00:00:41.450 We're going to be extracting the essential insights 00:00:41.450 --> 00:00:44.630 that you need right now. Yeah, sounds good. You 00:00:44.630 --> 00:00:46.189 know, I think a lot of people, when they hear 00:00:46.189 --> 00:00:48.810 AI risk, kind of lump it all into one big bucket. 00:00:49.289 --> 00:00:51.189 But it can be really helpful to think about AI 00:00:51.189 --> 00:00:54.929 risk in two distinct categories, safety and security. 00:00:55.130 --> 00:00:57.009 OK, so safety first, right? What does that mean 00:00:57.009 --> 00:00:59.270 when we're talking about AI? Yeah, so AI safety 00:00:59.270 --> 00:01:02.729 is all about making sure that the AI model itself, 00:01:03.009 --> 00:01:06.269 like the actual model, isn't producing harmful 00:01:06.269 --> 00:01:09.390 or unintended outputs. What kind of things are 00:01:09.390 --> 00:01:11.390 we talking about here? Well, think about biased 00:01:11.390 --> 00:01:14.989 results, for example. OK. We've seen AI generate 00:01:14.989 --> 00:01:19.329 really weird visual representations or even data 00:01:19.329 --> 00:01:23.129 that reflects biases that were present in the 00:01:23.129 --> 00:01:26.189 information it was trained on. Oh, I see. And 00:01:26.189 --> 00:01:28.549 here's the thing. This isn't always about developers 00:01:28.549 --> 00:01:30.969 intentionally creating a biased model. Right, 00:01:31.010 --> 00:01:34.150 right. It often comes down to problems with the 00:01:34.150 --> 00:01:37.129 training data itself. Maybe it overemphasizes 00:01:37.129 --> 00:01:39.469 certain viewpoints, or maybe it doesn't include 00:01:39.469 --> 00:01:41.590 a diverse enough range of information to be truly 00:01:41.590 --> 00:01:43.409 representative. Kind of like the old saying, 00:01:43.890 --> 00:01:46.290 garbage in, garbage out. Makes sense. So how 00:01:46.290 --> 00:01:49.030 does security differ from safety when it comes 00:01:49.030 --> 00:01:52.450 to AI? So with AI security, we're taking all 00:01:52.450 --> 00:01:54.469 of those concepts that we've learned from traditional 00:01:54.469 --> 00:01:57.349 cybersecurity over the years. Things like protecting 00:01:57.349 --> 00:01:59.829 our networks and applications. And we're applying 00:01:59.829 --> 00:02:02.450 them to the unique challenges that AI brings 00:02:02.450 --> 00:02:05.340 to the table. What's interesting here is that 00:02:05.340 --> 00:02:07.659 when you're actually testing an AI system's defenses, 00:02:07.980 --> 00:02:10.780 something we call red teaming, it's not always 00:02:10.780 --> 00:02:13.500 the same as your typical penetration test. How 00:02:13.500 --> 00:02:15.879 so? Well, you have to really dig deep and understand 00:02:15.879 --> 00:02:18.960 what the client is most worried about. Are they 00:02:18.960 --> 00:02:22.599 concerned about a customer -facing chatbot? Or 00:02:22.599 --> 00:02:25.360 is their concern more about critical infrastructure 00:02:25.360 --> 00:02:29.300 that's powered by AI? Each scenario demands its 00:02:29.300 --> 00:02:31.759 own very specific approach. So when you're trying 00:02:31.759 --> 00:02:34.539 to assess AI risk, you can just look at how the 00:02:34.539 --> 00:02:37.159 AI behaves. You also need to look at the security 00:02:37.159 --> 00:02:39.219 of the entire infrastructure, all those data 00:02:39.219 --> 00:02:41.479 pipelines that surround it. It's a two -pronged 00:02:41.479 --> 00:02:43.569 challenge. That distinction between safety and 00:02:43.569 --> 00:02:45.509 security is really useful. Now you mentioned 00:02:45.509 --> 00:02:47.849 red teaming. What kind of vulnerabilities are 00:02:47.849 --> 00:02:50.069 security experts actually finding when they're 00:02:50.069 --> 00:02:53.069 poking and prodding these AI models? I keep hearing 00:02:53.069 --> 00:02:55.090 about this thing called data poisoning. Yeah, 00:02:55.169 --> 00:02:57.550 data poisoning is a big one. And it's the legitimate 00:02:57.550 --> 00:03:01.090 concern. Imagine this. Someone intentionally 00:03:01.090 --> 00:03:05.210 injecting bad data, malicious data, into the 00:03:05.210 --> 00:03:08.669 massive data sets that are used to train these 00:03:08.669 --> 00:03:12.270 very large AI models, the ones that we call foundation 00:03:12.270 --> 00:03:15.370 models. These foundation models are trained on 00:03:15.370 --> 00:03:18.090 information that's scraped from huge portions 00:03:18.090 --> 00:03:20.750 of the internet, including things like online 00:03:20.750 --> 00:03:24.289 forums and code repositories. Wow. So if an attacker 00:03:24.289 --> 00:03:26.349 is able to slip in some of this poison data, 00:03:26.409 --> 00:03:28.389 and if they know that it's there, well, they 00:03:28.389 --> 00:03:30.830 might be able to retrieve that data later. Or 00:03:30.830 --> 00:03:33.250 even worse, they could manipulate the model's 00:03:33.250 --> 00:03:36.849 behavior by using really carefully crafted prompts. 00:03:37.289 --> 00:03:38.909 And that's a big problem. You can see how that 00:03:38.909 --> 00:03:40.750 could be exploited, right? Yeah, that's scary. 00:03:41.110 --> 00:03:43.550 Yeah. And here's the thing. The integrity of 00:03:43.550 --> 00:03:46.310 an AI's knowledge base is directly tied to the 00:03:46.310 --> 00:03:48.990 security of its training data supply chain. And 00:03:48.990 --> 00:03:50.449 that's a rest that we don't really see in the 00:03:50.449 --> 00:03:51.969 same way with traditional software. There's like 00:03:51.969 --> 00:03:54.129 a whole new level of vulnerability then. And 00:03:54.129 --> 00:03:56.699 what about this indirect... prompt injection. 00:03:57.180 --> 00:03:59.120 Yeah, so indirect prompt injection. That's another 00:03:59.120 --> 00:04:03.180 sneaky one. Imagine using AI, let's say a large 00:04:03.180 --> 00:04:06.360 language model, to create these super convincing 00:04:06.360 --> 00:04:09.199 phishing campaigns. Think back to all those old 00:04:09.199 --> 00:04:11.340 phishing emails we used to get. The ones with 00:04:11.340 --> 00:04:13.759 all the obvious mistakes. You know, the bad grammar, 00:04:13.900 --> 00:04:16.439 the weird formatting. AI can make all of that 00:04:16.439 --> 00:04:19.079 go away. It can make phishing attacks way harder 00:04:19.079 --> 00:04:21.860 to spot. But here's where it gets even more worrying. 00:04:22.439 --> 00:04:24.639 If an attacker can actually get their hands on 00:04:24.639 --> 00:04:27.100 someone's login credentials, and those credentials 00:04:27.100 --> 00:04:29.240 belong to someone who works at a company that 00:04:29.240 --> 00:04:32.519 uses internal AI models, well, that attacker 00:04:32.519 --> 00:04:35.300 now has access to this super powerful assistant. 00:04:35.740 --> 00:04:37.920 It's like having a sidekick that can dig into 00:04:37.920 --> 00:04:40.360 all of the company's proprietary data. So it's 00:04:40.360 --> 00:04:42.939 like they've basically given a hacker an AI assistant. 00:04:43.259 --> 00:04:46.310 Exactly. And if that AI has what we call agentic 00:04:46.310 --> 00:04:48.689 capabilities, meaning it can actually use tools 00:04:48.689 --> 00:04:51.189 and do things within the company's systems, well, 00:04:51.189 --> 00:04:53.470 then that's a huge risk, an immediate risk. That 00:04:53.470 --> 00:04:55.970 paints a pretty alarming picture. It does. And 00:04:55.970 --> 00:04:58.230 it's really important to grasp the difference 00:04:58.230 --> 00:05:00.970 between, let's say, a researcher demonstrating 00:05:00.970 --> 00:05:04.629 a data poisoning trick in a lab setting and the 00:05:04.629 --> 00:05:06.810 very real threat this poses to organizations. 00:05:07.410 --> 00:05:09.949 What might seem like just a fun experiment could 00:05:09.949 --> 00:05:12.730 actually be setting the stage for much more complex 00:05:12.730 --> 00:05:15.259 attacks. You know, these nested attacks where 00:05:15.259 --> 00:05:18.300 if an attacker gets even a tiny foothold, well, 00:05:18.300 --> 00:05:20.040 they might be able to completely take over an 00:05:20.040 --> 00:05:22.420 organization's systems. It's that serious. Now 00:05:22.420 --> 00:05:25.300 you've mentioned agentic AI and you've talked 00:05:25.300 --> 00:05:27.620 about these persona prompt patterns. Can you 00:05:27.620 --> 00:05:29.720 explain what those are? Sure. So when we talk 00:05:29.720 --> 00:05:31.920 about persona prompt patterns, we're basically 00:05:31.920 --> 00:05:34.759 describing a technique where you give an AI a 00:05:34.759 --> 00:05:37.319 specific role to play. You set up some boundaries 00:05:37.319 --> 00:05:39.899 within your prompt. OK. For example, you might 00:05:39.899 --> 00:05:42.800 tell an AI to act as a seasoned cybersecurity 00:05:42.800 --> 00:05:45.250 expert. and explain this vulnerability in detail. 00:05:45.569 --> 00:05:47.769 You're giving it a persona to adopt. People are 00:05:47.769 --> 00:05:50.350 even using coding personas, where they give the 00:05:50.350 --> 00:05:52.910 AI really strict rules about what kind of code 00:05:52.910 --> 00:05:55.269 it's allowed to generate. Like they might say, 00:05:55.449 --> 00:05:57.389 you can only write code that's well -documented, 00:05:57.709 --> 00:06:00.509 verified, and comes from trusted sources. It's 00:06:00.509 --> 00:06:03.569 like giving the AI a hat to wear during that 00:06:03.569 --> 00:06:05.930 particular interaction. So it's like giving the 00:06:05.930 --> 00:06:09.149 AI a very detailed job description. Exactly. 00:06:09.329 --> 00:06:11.790 You're setting expectations. But, and this is 00:06:11.790 --> 00:06:14.689 crucial, Even when you use these fancy personas, 00:06:15.470 --> 00:06:18.370 you have to remember that AI systems are still 00:06:18.370 --> 00:06:21.209 what we call non -deterministic. That means that 00:06:21.209 --> 00:06:23.550 you might get slightly different answers or results 00:06:23.550 --> 00:06:26.540 each time. even with the same prompt. Oh, interesting. 00:06:26.800 --> 00:06:28.860 So while personas can definitely make things 00:06:28.860 --> 00:06:31.339 more predictable, they're not a foolproof solution. 00:06:31.480 --> 00:06:33.699 OK, good to know. And just to clarify, when I 00:06:33.699 --> 00:06:34.939 talk about agents, I'm talking about something 00:06:34.939 --> 00:06:37.199 more advanced. I'm talking about AI systems that 00:06:37.199 --> 00:06:39.980 can plan and carry out tasks over time. They 00:06:39.980 --> 00:06:42.699 might use tools, interact with different systems. 00:06:42.740 --> 00:06:45.500 That's a whole other ballgame. And that technology 00:06:45.500 --> 00:06:47.860 is still very much under development. So this 00:06:47.860 --> 00:06:50.079 whole idea of controlling the information that 00:06:50.079 --> 00:06:52.360 these AI models learn from and then generate, 00:06:52.810 --> 00:06:54.990 That raises some important questions. It does. 00:06:55.149 --> 00:06:57.350 And what I find really fascinating is the parallel 00:06:57.350 --> 00:07:00.889 between this and the idea that if you control 00:07:00.889 --> 00:07:03.329 information, you can control what people think. 00:07:03.949 --> 00:07:06.069 We've seen that explored in literature. We've 00:07:06.069 --> 00:07:09.910 seen it in history. And today, we see accusations 00:07:09.910 --> 00:07:11.990 being thrown around about how search engines 00:07:11.990 --> 00:07:15.089 and social media platforms might be manipulating 00:07:15.089 --> 00:07:17.689 the information we see. It makes you think. It 00:07:17.689 --> 00:07:20.769 does. And AI can be influenced in the same way. 00:07:21.600 --> 00:07:23.860 Whoever controls and prepares the data that's 00:07:23.860 --> 00:07:26.480 used to train an AI, they have a lot of power. 00:07:26.939 --> 00:07:30.100 And that has big implications for what we consider 00:07:30.100 --> 00:07:31.959 to be true, what we consider to be accurate. 00:07:32.240 --> 00:07:34.560 That's why it's so important to have human oversight 00:07:34.560 --> 00:07:36.579 of AI outputs. It doesn't matter what you call 00:07:36.579 --> 00:07:39.339 it, human in the loop or human at the helm. The 00:07:39.339 --> 00:07:41.339 point is, you can't just blindly trust everything 00:07:41.339 --> 00:07:43.339 that an AI spits out. Right. You've got to have 00:07:43.339 --> 00:07:45.860 someone checking its work. Absolutely. Even if 00:07:45.860 --> 00:07:48.600 the AI is using your own internal data, There's 00:07:48.600 --> 00:07:51.300 this technique called Retrieval Augmented Generation, 00:07:51.560 --> 00:07:55.100 RHG for short, where the AI pulls information 00:07:55.100 --> 00:07:56.959 from your knowledge base to answer questions. 00:07:57.660 --> 00:08:00.139 Even then, you still need to double check. You 00:08:00.139 --> 00:08:03.240 can't assume it's always going to be 100 % right 00:08:03.240 --> 00:08:06.819 or unbiased. Humans are still essential. So with 00:08:06.819 --> 00:08:09.199 all of these potential vulnerabilities, how do 00:08:09.199 --> 00:08:12.060 you actually go about finding and fixing security 00:08:12.060 --> 00:08:15.740 issues in AI systems? Do you have any real -world 00:08:15.740 --> 00:08:18.060 examples of what this looks like? Yeah, absolutely. 00:08:18.160 --> 00:08:20.199 I was actually involved in a red teaming project 00:08:20.199 --> 00:08:22.860 for a really big organization. And what was interesting 00:08:22.860 --> 00:08:24.579 about this particular project was that it was 00:08:24.579 --> 00:08:27.540 highly confidential. We had zero direct communication 00:08:27.540 --> 00:08:29.319 with our developers or their security teams. 00:08:29.949 --> 00:08:31.970 But even without talking to them, we could tell 00:08:31.970 --> 00:08:33.450 that they were addressing the vulnerabilities 00:08:33.450 --> 00:08:35.549 we were finding. We could see that the model's 00:08:35.549 --> 00:08:38.289 behavior was changing every day as they implemented 00:08:38.289 --> 00:08:40.370 fixes based on what we were uncovering. So you're 00:08:40.370 --> 00:08:42.549 basically playing this cat and mouse game with 00:08:42.549 --> 00:08:45.649 their security team. Kinda, yeah. And it was 00:08:45.649 --> 00:08:47.690 really cool to see that our work, even though 00:08:47.690 --> 00:08:50.009 it was behind the scenes, was having a real impact. 00:08:50.570 --> 00:08:52.990 It just goes to show you how important proactive 00:08:52.990 --> 00:08:56.210 AI security work is. It sounds like a real detective 00:08:56.210 --> 00:08:59.629 story. Now how does this AI red teaming compare 00:08:59.629 --> 00:09:02.789 to the traditional kind of red teaming that people 00:09:02.789 --> 00:09:04.809 might be more familiar with? Yeah, there are 00:09:04.809 --> 00:09:07.850 definitely some overlaps. In both cases, you're 00:09:07.850 --> 00:09:10.330 trying to find weaknesses in a system's defenses. 00:09:10.570 --> 00:09:14.490 That's the core idea. But with AI red teaming, 00:09:14.870 --> 00:09:16.889 there's often more of an emphasis on trying to 00:09:16.889 --> 00:09:19.570 understand how the model behaves. You know, can 00:09:19.570 --> 00:09:21.889 it generate harmful content? Can it be tricked 00:09:21.889 --> 00:09:24.149 into saying things that are biased? How does 00:09:24.149 --> 00:09:27.049 it respond to weird inputs? Traditional red teaming, 00:09:27.049 --> 00:09:29.149 on the other hand, might have a broader scope. 00:09:29.269 --> 00:09:30.669 They might be looking at things like network 00:09:30.669 --> 00:09:33.789 vulnerabilities, physical security, even social 00:09:33.789 --> 00:09:35.529 engineering tactics. It really depends on what 00:09:35.529 --> 00:09:37.289 the goals are for that particular engagement. 00:09:37.929 --> 00:09:39.850 So let's go back to that safety versus security 00:09:39.850 --> 00:09:42.049 distinction. It seems like they're tackling different 00:09:42.049 --> 00:09:44.389 aspects of the overall risk picture when it comes 00:09:44.389 --> 00:09:48.460 to AI. Exactly. Think about it this way, AI safety 00:09:48.460 --> 00:09:51.820 is all about the model file itself, how it works, 00:09:52.259 --> 00:09:55.820 whether it spits out bad stuff. Okay. AI security 00:09:55.820 --> 00:09:58.200 though, that's about the bigger picture. It's 00:09:58.200 --> 00:10:00.480 about the entire ecosystem that the AI lives 00:10:00.480 --> 00:10:03.240 in. Got it. So that includes all the networks 00:10:03.240 --> 00:10:05.700 it connects to, all the applications that are 00:10:05.700 --> 00:10:08.740 built using the AI, and even the entire process 00:10:08.740 --> 00:10:11.700 of developing that AI. That's where MLCCOPS comes 00:10:11.700 --> 00:10:14.860 in. MLCCOPS. It stands for Machine Learning Security 00:10:14.860 --> 00:10:17.539 Operations. It's basically about making sure 00:10:17.539 --> 00:10:20.480 that security best practices are baked into how 00:10:20.480 --> 00:10:22.460 machine learning models are developed, kind of 00:10:22.460 --> 00:10:24.840 like how DevSecOps works for traditional software. 00:10:24.960 --> 00:10:26.879 OK, makes sense. So if you're a company and you're 00:10:26.879 --> 00:10:29.639 building a chatbot or an AI -powered agent, well, 00:10:29.700 --> 00:10:31.960 your software engineers need to be thinking about 00:10:31.960 --> 00:10:34.480 security right from the very beginning. And it's 00:10:34.480 --> 00:10:36.759 not just about the code that a company writes 00:10:36.759 --> 00:10:39.480 themselves, right? They could also be introducing 00:10:39.480 --> 00:10:42.879 risks by using AI models or data that come from 00:10:42.879 --> 00:10:44.720 other places. That's a really important point. 00:10:44.960 --> 00:10:46.960 It's all about the source. Where did you get 00:10:46.960 --> 00:10:49.360 your AI models from? Where's your training data 00:10:49.360 --> 00:10:51.820 coming from? If you just download a pre -trained 00:10:51.820 --> 00:10:55.159 model from a site like Hugging Face, well, you 00:10:55.159 --> 00:10:58.360 don't know for sure if it's secure. That's kind 00:10:58.360 --> 00:11:01.320 of worrying. It is. And it's actually only very 00:11:01.320 --> 00:11:03.080 recently that Hugging Phase teamed up with a 00:11:03.080 --> 00:11:06.019 company called Protect AI to start scanning their 00:11:06.019 --> 00:11:08.700 models for malicious code. That tells you something, 00:11:08.799 --> 00:11:10.879 right? People are starting to realize just how 00:11:10.879 --> 00:11:13.639 risky this AI supply chain can be. But here's 00:11:13.639 --> 00:11:15.879 the thing. Even with all this scanning going 00:11:15.879 --> 00:11:18.759 on, there's still no guarantee that a model is 00:11:18.759 --> 00:11:21.500 completely safe. So it sounds like we need a 00:11:21.500 --> 00:11:23.779 totally new way of thinking about application 00:11:23.779 --> 00:11:27.139 security in this age of AI. Absolutely. We're 00:11:27.139 --> 00:11:30.159 talking about a whole new field here. AI application 00:11:30.159 --> 00:11:33.639 security. Traditional app security that was designed 00:11:33.639 --> 00:11:36.139 for deterministic software. The kind of software 00:11:36.139 --> 00:11:38.200 where you put in the same input and you get the 00:11:38.200 --> 00:11:41.559 same output every time. But AI models, especially 00:11:41.559 --> 00:11:43.379 the ones that can create stuff, the generative 00:11:43.379 --> 00:11:46.679 ones, they're often non -deterministic. You can 00:11:46.679 --> 00:11:48.840 give them the same prompt over and over and you 00:11:48.840 --> 00:11:51.720 get different results. So we need new ways of 00:11:51.720 --> 00:11:54.059 figuring out where the weaknesses are and how 00:11:54.059 --> 00:11:56.679 to fix them. I see. And here's another wrinkle. 00:11:56.840 --> 00:11:59.419 AI applications. They can keep learning. They 00:11:59.419 --> 00:12:01.899 can change even after you've launched them. Oh, 00:12:01.899 --> 00:12:04.039 wow. So you might end up with vulnerabilities 00:12:04.039 --> 00:12:06.519 or weird behaviors that you'd never see in traditional 00:12:06.519 --> 00:12:08.720 software. It's a whole different ballgame. So 00:12:08.720 --> 00:12:11.720 when we talk about AI application security, what 00:12:11.720 --> 00:12:14.120 are some of the vulnerabilities that we're concerned 00:12:14.120 --> 00:12:16.940 about? What are we actually looking for? Well, 00:12:17.000 --> 00:12:18.639 the list is long and it keeps getting longer. 00:12:18.879 --> 00:12:21.700 On the safety side, we're worried about AI that 00:12:21.700 --> 00:12:23.940 might generate toxic content, you know, stuff 00:12:23.940 --> 00:12:26.720 that's offensive or inappropriate. We're worried 00:12:26.720 --> 00:12:29.279 about AI that might leak sensitive information. 00:12:29.379 --> 00:12:31.240 And of course, there's the whole issue of malicious 00:12:31.240 --> 00:12:35.240 use. Could someone use AI to do bad things? We're 00:12:35.240 --> 00:12:37.240 also concerned about deception and manipulation. 00:12:37.519 --> 00:12:40.100 Could AI be used to trick people? And then there 00:12:40.100 --> 00:12:42.379 are the broader social implications. Could AI 00:12:42.379 --> 00:12:44.940 be used in ways that harm society? That's a lot 00:12:44.940 --> 00:12:46.919 to think about. It is. And then on the security 00:12:46.919 --> 00:12:49.720 side, we have things like prompt injection, where 00:12:49.720 --> 00:12:52.220 someone tries to hijack the AI by feeding it 00:12:52.220 --> 00:12:54.600 carefully crafted prompts. This could be direct 00:12:54.600 --> 00:12:57.460 or indirect. We have data -praising, where someone 00:12:57.460 --> 00:13:00.259 tries to corrupt the AI's training data. And 00:13:00.259 --> 00:13:01.820 then there's jailbreaking, where someone tries 00:13:01.820 --> 00:13:04.440 to break out of the AI's safety controls. And 00:13:04.440 --> 00:13:06.399 then there's the whole issue of privacy attacks. 00:13:06.899 --> 00:13:09.899 Could someone use AI to spy on people or steal 00:13:09.899 --> 00:13:12.309 their data? So it's a complex landscape to say 00:13:12.309 --> 00:13:14.509 the least. Given all of these potential threats, 00:13:14.850 --> 00:13:18.190 how do organizations even begin to approach securing 00:13:18.190 --> 00:13:20.809 their AI systems? Where do they even start? The 00:13:20.809 --> 00:13:23.440 key is to shift left. That means that security 00:13:23.440 --> 00:13:25.759 needs to be part of the conversation right from 00:13:25.759 --> 00:13:28.519 the very beginning of the AI development process, 00:13:28.820 --> 00:13:31.460 not just an afterthought. So that means you need 00:13:31.460 --> 00:13:33.659 to be really careful about where you're getting 00:13:33.659 --> 00:13:35.519 your training data from, where you're getting 00:13:35.519 --> 00:13:38.019 your pre -trained models from. Are these sources 00:13:38.019 --> 00:13:40.679 trustworthy? Makes sense. And you should be scanning 00:13:40.679 --> 00:13:43.759 these models for any signs of malicious code, 00:13:44.080 --> 00:13:47.679 any signs of unsafe behavior. And here's something 00:13:47.679 --> 00:13:49.919 that might surprise you, even if you're taking 00:13:49.919 --> 00:13:51.990 a good foundation model. you know, one that's 00:13:51.990 --> 00:13:54.309 been carefully vetted, and you're tweaking it 00:13:54.309 --> 00:13:57.129 for your specific needs, you still need to check 00:13:57.129 --> 00:13:59.330 it. You still need to validate it for both security 00:13:59.330 --> 00:14:02.870 and safety. Why is that? Because sometimes, when 00:14:02.870 --> 00:14:05.809 you tweak a model, you can accidentally break 00:14:05.809 --> 00:14:07.509 the safety features that were built into the 00:14:07.509 --> 00:14:11.210 original model. Oh, wow. Yeah. And to do this 00:14:11.210 --> 00:14:14.190 validation, you often have to use an API that's 00:14:14.190 --> 00:14:16.129 basically a way of interacting with the model 00:14:16.129 --> 00:14:18.590 without actually seeing its guts. It's like a 00:14:18.590 --> 00:14:21.259 black box. I see. And you should be doing this 00:14:21.259 --> 00:14:23.679 validation every single time you update the model. 00:14:23.799 --> 00:14:26.200 It's an ongoing process. OK. So you've built 00:14:26.200 --> 00:14:28.019 your AI. You've checked it for vulnerabilities. 00:14:28.139 --> 00:14:30.120 And now it's out in the wild. How do you keep 00:14:30.120 --> 00:14:33.340 it secure once it's actually being used? Constant 00:14:33.340 --> 00:14:35.519 vigilance. You have to be on the lookout for 00:14:35.519 --> 00:14:37.720 any new vulnerabilities that might pop up. And 00:14:37.720 --> 00:14:40.320 you have to keep up with the latest threat intelligence. 00:14:41.100 --> 00:14:43.139 What are the bad guys doing these days? Right. 00:14:43.340 --> 00:14:45.840 And here's the thing. With traditional software, 00:14:46.200 --> 00:14:48.460 You can often just patch a vulnerability, you 00:14:48.460 --> 00:14:51.279 know, release an update. But with AI, it's not 00:14:51.279 --> 00:14:52.980 that simple. You can't just slap a Band -Aid 00:14:52.980 --> 00:14:55.980 on it. You have to think about controls. Controls. 00:14:56.059 --> 00:14:58.799 Yeah, like an AI application firewall, for example. 00:14:59.340 --> 00:15:02.100 This is something that can block bad requests 00:15:02.100 --> 00:15:05.620 from getting to the AI, and it can stop the AI 00:15:05.620 --> 00:15:08.399 from generating responses that are unsafe. And 00:15:08.399 --> 00:15:11.399 all of the logs from this firewall that can be 00:15:11.399 --> 00:15:13.960 fed into your other security systems so that 00:15:13.960 --> 00:15:16.149 you can track what's going on and respond to 00:15:16.149 --> 00:15:19.049 incidents. It sounds like AI itself is also becoming 00:15:19.049 --> 00:15:21.730 a valuable tool in the cybersecurity world. Oh, 00:15:21.730 --> 00:15:24.450 absolutely. AI is being used more and more to 00:15:24.450 --> 00:15:26.850 help organizations improve their security posture. 00:15:27.470 --> 00:15:29.269 We're seeing things like machine learning and 00:15:29.269 --> 00:15:32.149 deep learning being used to analyze huge amounts 00:15:32.149 --> 00:15:35.690 of data. Things like network traffic, how applications 00:15:35.690 --> 00:15:38.110 are being used, even browsing habits. Right. 00:15:38.330 --> 00:15:40.769 And by looking for patterns in this data, AI 00:15:40.769 --> 00:15:43.009 systems can spot anything unusual that might 00:15:43.009 --> 00:15:45.960 be a sign of a security threat. We're even seeing 00:15:45.960 --> 00:15:47.940 generative AI being used to take all of this 00:15:47.940 --> 00:15:50.379 complicated security data and translate it into 00:15:50.379 --> 00:15:53.100 plain English. So instead of having to decipher 00:15:53.100 --> 00:15:55.980 all of these technical logs and reports, security 00:15:55.980 --> 00:15:58.419 teams can get clear, actionable recommendations. 00:15:59.240 --> 00:16:00.919 And studies have shown that companies that really 00:16:00.919 --> 00:16:04.000 embrace AI and automation, well, they can detect 00:16:04.000 --> 00:16:06.159 threats and respond to incidents much faster. 00:16:06.500 --> 00:16:08.659 It sounds like AI is becoming a real game changer 00:16:08.659 --> 00:16:11.580 in cybersecurity. It is. But it's not a silver 00:16:11.580 --> 00:16:14.620 bullet. Like any powerful tool, it can be used 00:16:14.620 --> 00:16:16.419 for good or for bad. So it's a double -edged 00:16:16.419 --> 00:16:19.860 sword. Exactly. While AI can make us more secure, 00:16:20.059 --> 00:16:22.379 it can also be used by attackers to make their 00:16:22.379 --> 00:16:24.879 attacks more sophisticated, more targeted. You 00:16:24.879 --> 00:16:26.659 know, things like highly personalized phishing 00:16:26.659 --> 00:16:29.740 campaigns. And, of course, the AI models themselves 00:16:29.740 --> 00:16:32.399 are new targets. Attackers are looking for ways 00:16:32.399 --> 00:16:34.200 to exploit them, to manipulate them. So it's 00:16:34.200 --> 00:16:37.240 like a constant arms race. It is. Now, shifting 00:16:37.240 --> 00:16:39.700 gears a bit, let's talk about data privacy. How 00:16:39.700 --> 00:16:43.720 does the rise of AI impact our privacy? The ERASP 00:16:43.720 --> 00:16:46.320 AI Security and Privacy Guide does a great job 00:16:46.320 --> 00:16:48.179 of highlighting the growing concerns in this 00:16:48.179 --> 00:16:52.259 area. One really important principle is use limitation 00:16:52.259 --> 00:16:55.039 and purpose specification. Basically what that 00:16:55.039 --> 00:16:57.100 means is that if you collect data for one specific 00:16:57.100 --> 00:16:59.360 reason, you shouldn't use it for something completely 00:16:59.360 --> 00:17:01.539 different. So if you're collecting biometric 00:17:01.539 --> 00:17:04.819 data for multi -factor authentication, you shouldn't 00:17:04.819 --> 00:17:07.400 be using that same data to build a marketing 00:17:07.400 --> 00:17:09.680 profile. Exactly. That would be a violation of 00:17:09.680 --> 00:17:12.380 that principle. And a lot of data privacy regulations, 00:17:12.440 --> 00:17:15.279 like GDPR, they require you to have a clear legal 00:17:15.279 --> 00:17:17.640 basis for processing personal data. Makes sense. 00:17:17.940 --> 00:17:20.380 And there are some AI practices that are considered 00:17:20.380 --> 00:17:22.859 so risky that they're being restricted. Like 00:17:22.859 --> 00:17:25.779 in the EU, they're working on the AI Act. And 00:17:25.779 --> 00:17:28.440 one of the things that it does is ban the use 00:17:28.440 --> 00:17:31.339 of AI for individual criminal profiling. Oh, 00:17:31.339 --> 00:17:34.140 wow. Yeah. And it's not just about personal data. 00:17:34.599 --> 00:17:37.920 Even how you use non -personal data can be problematic. 00:17:38.640 --> 00:17:41.259 It can lead to unfair or harmful outcomes if 00:17:41.259 --> 00:17:43.400 you're not careful. That's why we're seeing new 00:17:43.400 --> 00:17:45.700 techniques being developed, things like data 00:17:45.700 --> 00:17:48.279 enclaves and federated learning, which are designed 00:17:48.279 --> 00:17:50.700 to give you more control over how data is used. 00:17:51.200 --> 00:17:53.599 Fairness and AI is another big topic these days. 00:17:53.640 --> 00:17:55.579 It is. And fairness, when we're talking about 00:17:55.579 --> 00:17:57.920 AI, means that you're handling data in a way 00:17:57.920 --> 00:18:00.730 that people would expect, you know, in a way 00:18:00.730 --> 00:18:03.609 that's reasonable. And it means that you're not 00:18:03.609 --> 00:18:05.450 discriminating against certain groups of people. 00:18:05.470 --> 00:18:08.410 OK. And here's an interesting point. Even if 00:18:08.410 --> 00:18:11.230 your AI model is accurate, it can still lead 00:18:11.230 --> 00:18:13.690 to privacy problems. How so? Well, imagine you 00:18:13.690 --> 00:18:16.309 have an AI system that's designed to detect fraud 00:18:16.309 --> 00:18:19.130 and is really good at its job. It's very accurate. 00:18:19.490 --> 00:18:22.069 But what if it makes a mistake? What if it flags 00:18:22.069 --> 00:18:25.039 someone as a fraudster when they're not? that 00:18:25.039 --> 00:18:27.220 could have a huge impact on that person's life. 00:18:27.660 --> 00:18:29.700 It could affect their credit score, their ability 00:18:29.700 --> 00:18:31.720 to get a loan, all sorts of things. That's a 00:18:31.720 --> 00:18:34.099 good point. So accuracy is important, but it's 00:18:34.099 --> 00:18:36.519 not the only thing that matters. You also need 00:18:36.519 --> 00:18:39.380 to think about fairness. And there are lots of 00:18:39.380 --> 00:18:41.660 different ways to measure fairness in AI, but 00:18:41.660 --> 00:18:44.359 there's no one -size -fits -all solution. It's 00:18:44.359 --> 00:18:46.880 often a balancing act. You're trying to make 00:18:46.880 --> 00:18:49.599 your AI as accurate as possible, but you also 00:18:49.599 --> 00:18:51.259 want to make sure that it's not discriminating 00:18:51.259 --> 00:18:53.519 against anyone. And sometimes you might have 00:18:53.519 --> 00:18:56.039 to accept that you can achieve both goals at 00:18:56.039 --> 00:18:58.640 the same time. Exactly. Sometimes the most responsible 00:18:58.640 --> 00:19:01.579 thing to do is to say, you know what, this AI 00:19:01.579 --> 00:19:04.140 model is too risky. We're not going to deploy 00:19:04.140 --> 00:19:07.839 it. So given the huge amount of data that AI 00:19:07.839 --> 00:19:09.799 models are trained on, what does that mean for 00:19:09.799 --> 00:19:13.099 our privacy? That brings us to data minimization 00:19:13.099 --> 00:19:16.509 and storage limitation. Basically, the idea is 00:19:16.509 --> 00:19:18.470 that you should only collect the data that you 00:19:18.470 --> 00:19:20.589 absolutely need, and you should only keep it 00:19:20.589 --> 00:19:22.650 for as long as you need it. OK, less is more. 00:19:23.170 --> 00:19:26.750 Exactly. And whenever possible, you should anonymize 00:19:26.750 --> 00:19:29.269 the data. And that doesn't just mean removing 00:19:29.269 --> 00:19:31.369 someone's name and address. You might also need 00:19:31.369 --> 00:19:34.490 to remove other identifying information. And 00:19:34.490 --> 00:19:36.349 sometimes you need to reduce the level of detail 00:19:36.349 --> 00:19:39.849 in the data. You might not need to know someone's 00:19:39.849 --> 00:19:41.690 exact age. Maybe you just need to know their 00:19:41.690 --> 00:19:44.559 age range. I see. And once you've finished using 00:19:44.559 --> 00:19:46.779 the data, you should delete it. And you should 00:19:46.779 --> 00:19:49.019 restrict access to the data. Not everyone in 00:19:49.019 --> 00:19:51.259 your organization needs to be able to see everything. 00:19:51.420 --> 00:19:53.859 Right. Need to know basis. Exactly. And there 00:19:53.859 --> 00:19:55.599 are also some really cool new technologies being 00:19:55.599 --> 00:19:58.440 developed, like distributed data analysis and 00:19:58.440 --> 00:20:01.079 secure multi -party computation. These allow 00:20:01.079 --> 00:20:03.500 you to analyze data without actually having to 00:20:03.500 --> 00:20:06.220 see the raw data itself. That sounds pretty amazing. 00:20:06.359 --> 00:20:09.319 It is. And it has huge implications for privacy. 00:20:10.000 --> 00:20:12.000 Transparency is another big issue when we talk 00:20:12.000 --> 00:20:15.490 about AI. Absolutely. Transparency is all about 00:20:15.490 --> 00:20:18.049 building trust. If people don't understand how 00:20:18.049 --> 00:20:19.950 AI is being used, they're not going to trust 00:20:19.950 --> 00:20:23.509 it. Makes sense. And a lot of data privacy regulations, 00:20:24.130 --> 00:20:28.190 like GDPR, they have specific requirements for 00:20:28.190 --> 00:20:30.880 transparency. You know, you have to tell people 00:20:30.880 --> 00:20:32.839 how you're using their data. You have to give 00:20:32.839 --> 00:20:34.680 them a copy of their data if they ask for it. 00:20:34.859 --> 00:20:36.500 And you have to tell them if you make any major 00:20:36.500 --> 00:20:38.339 changes to how you're processing their data. 00:20:38.440 --> 00:20:41.059 Right, keep them in the loop. Exactly. But transparency 00:20:41.059 --> 00:20:43.660 isn't just about the end user. It's also about 00:20:43.660 --> 00:20:47.079 internal transparency. Your own employees need 00:20:47.079 --> 00:20:49.740 to understand how AI is being used. Okay, so 00:20:49.740 --> 00:20:52.259 good documentation is important. It is. And you 00:20:52.259 --> 00:20:54.619 need to be able to track how decisions are being 00:20:54.619 --> 00:20:56.950 made. You know, if an AI system makes a decision, 00:20:57.309 --> 00:20:59.789 you need to be able to explain why it made that 00:20:59.789 --> 00:21:02.109 decision. And that explanation needs to be understandable 00:21:02.109 --> 00:21:05.069 to humans, not just to other AI systems. So it's 00:21:05.069 --> 00:21:08.190 about accountability as well. Exactly. Now, individuals 00:21:08.190 --> 00:21:10.609 have certain rights when it comes to their personal 00:21:10.609 --> 00:21:13.890 data. How does AI affect those rights? Yeah, 00:21:13.890 --> 00:21:16.170 so these are often called privacy rights. And 00:21:16.170 --> 00:21:17.910 they give people more control over their own 00:21:17.910 --> 00:21:21.910 data. Like what? Well, for example, you have 00:21:21.910 --> 00:21:24.809 the right to access your data. You can ask a 00:21:24.809 --> 00:21:27.109 company, hey, what data do you have about me? 00:21:27.490 --> 00:21:29.930 And they have to tell you. You also have the 00:21:29.930 --> 00:21:33.349 right to data portability. That means you can 00:21:33.349 --> 00:21:36.390 ask a company to give you a copy of your data 00:21:36.390 --> 00:21:38.809 in a format that you can use. So you can take 00:21:38.809 --> 00:21:40.829 your data with you if you switch to a different 00:21:40.829 --> 00:21:42.789 service. Exactly. And then there's the right 00:21:42.789 --> 00:21:45.289 to erasure, also known as the right to be forgotten. 00:21:45.849 --> 00:21:49.549 You can ask a company to delete your data. Interesting. 00:21:49.769 --> 00:21:51.869 And you have the right to correct any inaccurate 00:21:51.869 --> 00:21:54.400 data. If they have your age wrong, your address 00:21:54.400 --> 00:21:56.740 wrong, you can ask them to fix it. Makes sense. 00:21:57.000 --> 00:21:59.019 And you also have the right to object to the 00:21:59.019 --> 00:22:01.240 processing of your data for certain purposes. 00:22:01.440 --> 00:22:03.420 So if you don't want them using your data for 00:22:03.420 --> 00:22:05.839 marketing, you can tell them to stop. Exactly. 00:22:06.160 --> 00:22:08.319 And this is all really important in the context 00:22:08.319 --> 00:22:11.960 of AI because AI systems are often trained on 00:22:11.960 --> 00:22:14.279 huge amounts of personal data. So you have to 00:22:14.279 --> 00:22:15.980 think about how you're going to respect these 00:22:15.980 --> 00:22:18.599 privacy rights. And that might mean retraining 00:22:18.599 --> 00:22:21.599 your AI models if someone asks you to delete 00:22:21.599 --> 00:22:24.390 their data. It could, yeah. Data accuracy is 00:22:24.390 --> 00:22:26.789 another big issue when we talk about AI and privacy. 00:22:27.130 --> 00:22:29.930 Absolutely. If your AI systems are making decisions 00:22:29.930 --> 00:22:32.630 based on inaccurate data, well, that can have 00:22:32.630 --> 00:22:34.670 serious consequences for people. Right. Wrong 00:22:34.670 --> 00:22:37.650 data, wrong decisions. Exactly. And those decisions 00:22:37.650 --> 00:22:39.690 could be about anything. You know, it could be 00:22:39.690 --> 00:22:42.390 about whether someone gets a loan, whether they 00:22:42.390 --> 00:22:44.589 get hired for a job, whether they get approved 00:22:44.589 --> 00:22:46.869 for insurance. So it's really important to make 00:22:46.869 --> 00:22:49.750 sure that the data you're using is accurate and 00:22:49.750 --> 00:22:52.289 up to date. And that means having processes in 00:22:52.289 --> 00:22:54.849 place to check the data, to correct any errors, 00:22:54.950 --> 00:22:56.869 and to make sure that you're getting your data 00:22:56.869 --> 00:22:59.670 from reliable sources. Exactly. Garbage in, garbage 00:22:59.670 --> 00:23:02.309 out, right? Right. And finally, there's the issue 00:23:02.309 --> 00:23:04.930 of consent. How does consent play into all of 00:23:04.930 --> 00:23:07.230 this? Consent is all about giving people a choice. 00:23:07.819 --> 00:23:10.740 Do they want you to use their data or not? And 00:23:10.740 --> 00:23:13.740 a lot of data privacy regulations, like GDPR, 00:23:14.140 --> 00:23:16.119 they say that you need to get consent before 00:23:16.119 --> 00:23:18.460 you can use someone's data. But that consent 00:23:18.460 --> 00:23:21.480 has to be freely given. It can't be coerced. 00:23:21.759 --> 00:23:24.240 And it has to be specific. You can't just say, 00:23:24.539 --> 00:23:26.440 hey, can we use your data for anything we want? 00:23:26.579 --> 00:23:28.140 Right. You have to be clear about what you're 00:23:28.140 --> 00:23:30.740 going to use the data for. Exactly. And the person 00:23:30.740 --> 00:23:33.450 has to understand what they're agreeing to. So 00:23:33.450 --> 00:23:36.809 no burying it in a long, complicated privacy 00:23:36.809 --> 00:23:39.589 policy that nobody reads. Right. And the consent 00:23:39.589 --> 00:23:42.069 has to be easy to withdraw. If someone changes 00:23:42.069 --> 00:23:43.690 their mind, they should be able to say, hey, 00:23:43.750 --> 00:23:45.430 I don't want you to use my data anymore. And 00:23:45.430 --> 00:23:48.089 then you have to delete their data. Right. Ideally, 00:23:48.210 --> 00:23:50.890 you should also retrain your AI models so that 00:23:50.890 --> 00:23:53.150 they're not using that data anymore. Now, we 00:23:53.150 --> 00:23:55.529 talked earlier about all of those security threats 00:23:55.529 --> 00:23:59.029 that AI systems face. How do those threats relate 00:23:59.029 --> 00:24:01.849 to privacy? So this brings us to model attacks. 00:24:02.329 --> 00:24:05.289 Basically, if someone can hack into your AI system, 00:24:05.930 --> 00:24:08.250 they might be able to steal the data that the 00:24:08.250 --> 00:24:11.150 AI is trained on. And if that data is personal 00:24:11.150 --> 00:24:13.170 data, well, that's a privacy violation. Right. 00:24:13.289 --> 00:24:16.269 It's a data breach. Exactly. And there are all 00:24:16.269 --> 00:24:18.890 sorts of ways. that attackers can try to steal 00:24:18.890 --> 00:24:21.849 data from AI systems. They might try to figure 00:24:21.849 --> 00:24:24.250 out if a particular data point was used to train 00:24:24.250 --> 00:24:26.970 the model. They might try to reconstruct the 00:24:26.970 --> 00:24:28.890 training data from the model itself. It sounds 00:24:28.890 --> 00:24:31.569 pretty sophisticated. It is. And it's a real 00:24:31.569 --> 00:24:34.349 concern. So how can companies protect themselves 00:24:34.349 --> 00:24:37.650 against these model attacks? It all comes down 00:24:37.650 --> 00:24:41.319 to good security practices. You know, you need 00:24:41.319 --> 00:24:43.420 to have strong encryption in place. You need 00:24:43.420 --> 00:24:45.980 to control who has access to your AI systems. 00:24:46.380 --> 00:24:48.680 And you need to be constantly monitoring for 00:24:48.680 --> 00:24:51.019 any signs of intrusion. And you need to be aware 00:24:51.019 --> 00:24:53.059 of the different types of model attacks that 00:24:53.059 --> 00:24:54.480 are out there so that you can defend against 00:24:54.480 --> 00:24:57.859 them. Exactly. Now, switching gears again, you 00:24:57.859 --> 00:25:00.420 mentioned earlier that how AI models are stored 00:25:00.420 --> 00:25:03.220 and shared can introduce vulnerabilities. I've 00:25:03.220 --> 00:25:05.390 heard about this thing called Pickle. Can you 00:25:05.390 --> 00:25:07.529 explain what that is? Yeah, so Pickle is basically 00:25:07.529 --> 00:25:10.269 the default way that Python programmers save 00:25:10.269 --> 00:25:12.269 their AI models. It's like putting the model 00:25:12.269 --> 00:25:14.630 in a jar so that you can store it or share it 00:25:14.630 --> 00:25:17.549 with others. Okay. But Pickle has a bit of a 00:25:17.549 --> 00:25:20.029 security problem. Yeah, the way that Pickle works, 00:25:20.470 --> 00:25:23.890 it allows you to embed code inside of the model 00:25:23.890 --> 00:25:26.329 file. And when someone loads that model file, 00:25:26.559 --> 00:25:29.279 that code gets executed. So if an attacker can 00:25:29.279 --> 00:25:31.819 sneak some malicious code into a pickle file, 00:25:31.900 --> 00:25:33.980 they can potentially take over someone's computer. 00:25:34.180 --> 00:25:37.259 Exactly. It's called remote code execution. That 00:25:37.259 --> 00:25:40.220 sounds bad. It is. And it's a real vulnerability. 00:25:40.779 --> 00:25:42.799 Now, to be fair to Pickle, this isn't necessarily 00:25:42.799 --> 00:25:45.079 a problem if you're only ever loading Pickle 00:25:45.079 --> 00:25:48.019 files that you've created yourself or that you've 00:25:48.019 --> 00:25:49.900 gotten from a trusted source. OK, so it's about 00:25:49.900 --> 00:25:51.880 trust. Exactly. Yeah. But if you're downloading 00:25:51.880 --> 00:25:54.099 models from the internet, you need to be very 00:25:54.099 --> 00:25:56.240 careful. You don't know who created those models. 00:25:56.599 --> 00:25:58.240 You don't know if they've been tampered with. 00:25:58.440 --> 00:26:00.569 So what can you do to protect yourself? Well, 00:26:00.750 --> 00:26:02.910 the best solution is to use a different format 00:26:02.910 --> 00:26:05.289 for saving your models. There's a format called 00:26:05.289 --> 00:26:07.789 safe tensors that's designed to be more secure. 00:26:07.890 --> 00:26:10.430 OK. But if you have to use pickle, then you need 00:26:10.430 --> 00:26:13.849 to be extra vigilant. Only load files from trusted 00:26:13.849 --> 00:26:16.950 sources. And if you come across a model that 00:26:16.950 --> 00:26:20.289 you think might be compromised, report it to 00:26:20.289 --> 00:26:22.450 the creator or the maintainer of that model. 00:26:22.809 --> 00:26:25.640 Makes sense. So considering all of these complexities, 00:26:25.960 --> 00:26:29.220 all of these potential threats, what does a good 00:26:29.220 --> 00:26:32.420 AI security solution look like? What should organizations 00:26:32.420 --> 00:26:35.140 be doing to protect themselves? Well, ideally, 00:26:35.339 --> 00:26:38.119 you want a comprehensive AI security platform, 00:26:38.559 --> 00:26:40.779 something that can give you visibility into all 00:26:40.779 --> 00:26:43.700 of your AI systems, that can help you find and 00:26:43.700 --> 00:26:45.900 fix vulnerabilities, and that can help you set 00:26:45.900 --> 00:26:48.710 up good governance policies. So it's not just 00:26:48.710 --> 00:26:51.170 about technology, it's also about processes and 00:26:51.170 --> 00:26:53.730 policies. Exactly. And you need to start thinking 00:26:53.730 --> 00:26:55.910 about security from the very beginning of the 00:26:55.910 --> 00:26:59.049 development process. Secure by design, that should 00:26:59.049 --> 00:27:01.210 be your mantra. Secure by design, I like that. 00:27:01.410 --> 00:27:04.369 And you need to have good testing procedures 00:27:04.369 --> 00:27:07.250 in place. You need tools that can specifically 00:27:07.250 --> 00:27:09.890 test AI applications. Right, because traditional 00:27:09.890 --> 00:27:11.930 security tools might not be enough. Exactly. 00:27:12.109 --> 00:27:13.869 And you need to be thinking about your supply 00:27:13.869 --> 00:27:15.730 chain. Where are you getting your components 00:27:15.730 --> 00:27:18.390 from? Are they secure? Right. It's all connected. 00:27:18.690 --> 00:27:20.970 It is. And OWASP, they have a really helpful 00:27:20.970 --> 00:27:23.750 resource called the Top 10 for Large Language 00:27:23.750 --> 00:27:26.210 Model Applications. It's a great starting point 00:27:26.210 --> 00:27:28.289 for understanding the most common vulnerabilities. 00:27:28.869 --> 00:27:31.289 So organizations need a strategy, a plan for 00:27:31.289 --> 00:27:33.210 how they're going to secure their AI systems. 00:27:33.529 --> 00:27:35.319 Absolutely. They need to figure out what their 00:27:35.319 --> 00:27:37.539 risks are, what their needs are, and then they 00:27:37.539 --> 00:27:39.519 need to put the right solutions in place. And 00:27:39.519 --> 00:27:42.640 that includes training their employees. Absolutely. 00:27:42.940 --> 00:27:44.539 You can have the best technology in the world, 00:27:44.980 --> 00:27:46.740 but if your employees don't know how to use it 00:27:46.740 --> 00:27:48.799 securely, well, it's not going to do you much 00:27:48.799 --> 00:27:51.619 good. It's the human factor. It is. And here's 00:27:51.619 --> 00:27:54.460 an interesting development. AI itself is being 00:27:54.460 --> 00:27:57.079 used to make traditional security tools better. 00:27:57.319 --> 00:27:59.680 Oh, really? Yeah. So you're seeing things like 00:27:59.680 --> 00:28:03.380 AI -powered static analysis tools, AI -powered 00:28:03.380 --> 00:28:06.460 software composition analysis tools. These tools 00:28:06.460 --> 00:28:09.059 can provide more intelligent analysis. They can 00:28:09.059 --> 00:28:11.440 give developers real -time feedback. They can 00:28:11.440 --> 00:28:14.759 even suggest safer ways to write code. So AI 00:28:14.759 --> 00:28:17.880 is making security tools smarter. Exactly. But 00:28:17.880 --> 00:28:20.380 we also need to be careful about bias. Bias in 00:28:20.380 --> 00:28:24.119 the AI tools themselves. Yeah. If the AI tools 00:28:24.119 --> 00:28:28.109 are trained on bias data, Well, they might perpetuate 00:28:28.109 --> 00:28:30.170 those biases. So that's something that we need 00:28:30.170 --> 00:28:32.250 to be mindful of. That's a good point. And we're 00:28:32.250 --> 00:28:35.529 moving towards this idea of adaptive application 00:28:35.529 --> 00:28:38.869 security. That's basically about having a unified 00:28:38.869 --> 00:28:41.769 view of your entire IT environment. You know, 00:28:41.890 --> 00:28:43.730 all of your code, all of your cloud infrastructure. 00:28:44.170 --> 00:28:46.430 And it's about integrating security throughout 00:28:46.430 --> 00:28:48.630 the entire development lifecycle. So it's a more 00:28:48.630 --> 00:28:51.809 holistic approach to security. Exactly. And some 00:28:51.809 --> 00:28:54.140 people believe that will eventually be able to 00:28:54.140 --> 00:28:57.950 use AI to automate a lot of the security casts 00:28:57.950 --> 00:29:00.549 that are currently done manually. Oh, wow. So 00:29:00.549 --> 00:29:03.089 AI could potentially fix code vulnerabilities 00:29:03.089 --> 00:29:05.289 automatically. That's the idea. That would be 00:29:05.289 --> 00:29:07.430 pretty amazing. It would. And, of course, you 00:29:07.430 --> 00:29:09.650 also need to secure the AI systems themselves. 00:29:09.930 --> 00:29:12.470 Right. So it's not just about securing the applications 00:29:12.470 --> 00:29:14.730 that use AI. It's also about securing the AI 00:29:14.730 --> 00:29:17.009 infrastructure. Exactly. You need to have strong 00:29:17.009 --> 00:29:18.430 encryption in place. You need to have access 00:29:18.430 --> 00:29:20.910 controls. You need to be monitoring for threats. 00:29:21.250 --> 00:29:23.670 And you need to be constantly evaluating your 00:29:23.670 --> 00:29:26.109 AI systems to make sure that they're performing 00:29:26.109 --> 00:29:28.529 as expected, that they're compliant with regulations, 00:29:29.009 --> 00:29:30.750 and that they're not introducing any new risks. 00:29:31.089 --> 00:29:34.190 So it's a multifaceted challenge. It is. Now, 00:29:34.349 --> 00:29:38.029 what about all of those companies that provide 00:29:38.029 --> 00:29:41.230 managed security services, you know, the MSPs, 00:29:41.670 --> 00:29:45.210 how do they fit into this AI -driven world? That's 00:29:45.210 --> 00:29:47.450 a good question. And it's one that a lot of people 00:29:47.450 --> 00:29:49.029 in the industry are asking right now. We're seeing 00:29:49.029 --> 00:29:51.069 some new companies pop up that are basically 00:29:51.069 --> 00:29:54.089 saying, hey, we can automate all of your security 00:29:54.089 --> 00:29:56.849 operations using AI. You don't need an MSP anymore.