Damian Hasse, CISO of Moveworks and a security expert from Amazon's Alexa, offers a deep dive into AI security. He discusses how the current AI hype cycle differs from past failures and the importance of expertise in AI Councils. Hasse shares his framework for assessing AI risks, focusing on specific use cases and data protection. He addresses threats like prompt injection and outlines strategies to mitigate security risks in AI-assisted environments, making this a must-listen for security leaders navigating the complexities of modern AI.
52:16
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
Pre-GPT Versus GenAI Shift
Pre-GPT AI focused on explaining ML and narrow tasks like NLP and vision, not generative creation.
GenAI changes the game by making outputs generative and accessible to non-experts, shifting security concerns.
volunteer_activism ADVICE
Staff AI Councils With ML Expertise
Build AI councils with ML expertise and educate members before they set rules.
Ensure decisions are grounded in technical understanding, not just governance desire.
insights INSIGHT
Power Of Non-Determinism
AI's value includes variability and creative outputs rather than deterministic consistency.
Expect different results each run and design processes that embrace that variability.
Get the Snipd Podcast app to discover more snips from this episode
Is the current AI hype cycle different from the ones that failed before? How do you build a security program for technology that can't give the same answer twice? This episode features a deep-dive conversation with Damian Hasse, CISO of Moveworks and a security veteran from Amazon's Alexa team, VMware, and Microsoft.
Damian provides a practical blueprint for securing both traditional Machine Learning (ML) and modern Generative AI (GenAI). We discuss the common pitfalls of newly formed AI Councils, where members may lack the necessary ML background to make informed decisions. He shares his framework for assessing AI risk by focusing on the specific use case, the data involved, and building a multi-layered defense against threats like prompt injection and data leakage.
This is an essential guide for any security leader or practitioner tasked with navigating the complexities of AI security, from protecting intellectual property in AI-assisted coding to implementing safeguards for enterprise chatbots.
Questions asked:
(00:00) Introduction(02:31) Who is Damian Hasse? CISO at Moveworks(04:00) AI Security: The Difference Between the Pre-GPT and Post-GPT Eras(06:00) The Problem with New AI Councils Lacking ML Expertise(07:50) A History of AI: The Hype Cycles and Winters Since the 1950s(16:20) Is This AI Hype Cycle Different? The Power of Accessibility(20:25) Securing AI-Assisted Coding: IP Risks, Data Leakage, and Poisoned Models(23:30) The Threat of Indirect Prompt Injection in Open Source Packages(26:20) Are You Asking Your AI the Right Questions? The Power of "What Am I Missing?"(40:20) A CISO's Framework for Securing New AI Features(44:30) Building Practical Safeguards for Enterprise Chatbots(47:25) The Biggest Challenge in Real-Time AI Security: Performance(50:00) Why Access Control in AI is a Deterministic Problem
AI Security Podcast