Cloud Security Podcast by Google

EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons

Nov 11, 2024

Ante Gojsalic, Co-Founder & CTO at SplxAI, dives into the intricacies of securing generative AI applications. He outlines the unique challenges of penetration testing in this realm, such as non-determinism and the complex interplay of data and applications. Ante discusses the most concerning current attack surfaces and shares his insights on common security mistakes companies make. He emphasizes the importance of blending automated pentesting with human expertise and offers practical strategies for learning about AI security. Tune in for crucial tips on navigating this evolving landscape!

27:22

Creator website

Episode guests

Ante Gojsalic

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Securing Generative AI applications is complex due to their non-deterministic nature and continuous updates, requiring ongoing testing rather than periodic assessments.

The evolving attack surfaces for GenAI, such as multimodality and programmatic agents, introduce significant exploitation risks, including social engineering attacks and indirect prompt injections.

Deep dives

Unique Challenges in Securing Gen AI Applications

Securing Generative AI applications presents unique challenges compared to traditional web or API testing. The non-deterministic nature of AI means that penetration testing requires multiple attempts across different message segments, as context length can vary significantly. Additionally, continuous updates from LLM vendors complicate the process since major version changes are often unannounced, necessitating ongoing testing instead of the periodic assessments common in traditional applications. The embedded logic within AI models presents another challenge, as sensitive business data is integrated within the model itself, making it difficult to implement role-based access controls or isolate confidential information effectively.

Intro

2min

Challenges of Penetration Testing in LLM-Based Applications

2min

Navigating AI Security Risks

12min

Balancing AppSec and AI Threats

8min

Practical Learning Strategies in AI Security

3min

Guests:

Ante Gojsalic, Co-Founder & CTO at SplxAI

Topics:

What are some of the unique challenges in securing GenAI applications compared to traditional apps?
What current attack surfaces are most concerning for GenAI apps, and how do you see these evolving in the future?
Do you have your very own list of top 5 GenAI threats? Everybody seem to!
What are the most common security mistakes you see clients make with GenAI?
Can you explain the main goals when trying to add automation to pentesting for next-gen GenAI apps?
What are your AI testing lessons from clients so far?

Resources:

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Cloud Security Podcast by Google

EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Unique Challenges in Securing Gen AI Applications

Emerging Attack Surfaces and Risks

Common Mistakes in Implementing AI Security

Remember Everything You Learn from Podcasts