The Azure Security Podcast Episode 109: Securing GenAI Applications with Entra (2 of 4) - Overpermissioning
8 snips
Feb 19, 2025 Bailey Bercik, a Senior Product Manager at Microsoft Entra, discusses the critical issue of overpermissioning in generative AI applications. He dives into how to leverage Microsoft Entra Permissions Management to tackle over-permissioned identities and enhance security in multi-cloud settings. The conversation touches on the implications of large models in automating scams and highlights the importance of managing permissions for data privacy. Bercik also shares insights on governance and the latest security developments related to Azure Confidential Ledger and AI red teaming.
AI Snips
Chapters
Transcript
Episode notes
Accidental Oversharing Story
- Michael Howard shares a story of accidentally including a sensitive slide in a presentation but caught it just in time.
- His manager emphasized having a process for handling oversharing and over-permissioning to avoid legal issues.
Doctors Sharing Data with AI
- Doctors unknowingly put patient info into chat GPT under pressure to use AI tools at work.
- This shows the clash between expertise in domain and knowledge of data governance, highlighting IT's role in safe AI use.
Control AI App Usage
- Use allow lists to restrict AI apps employees can use to reduce risk and shadow IT.
- Assess if applications are malicious or over-permissioned to prevent attackers from exploiting them.