AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Cloud Security Podcast by Google
EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons
Nov 11, 2024
Ante Gojsalic, Co-Founder & CTO at SplxAI, dives into the intricacies of securing generative AI applications. He outlines the unique challenges of penetration testing in this realm, such as non-determinism and the complex interplay of data and applications. Ante discusses the most concerning current attack surfaces and shares his insights on common security mistakes companies make. He emphasizes the importance of blending automated pentesting with human expertise and offers practical strategies for learning about AI security. Tune in for crucial tips on navigating this evolving landscape!
27:22
Episode guests
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- Securing Generative AI applications is complex due to their non-deterministic nature and continuous updates, requiring ongoing testing rather than periodic assessments.
- The evolving attack surfaces for GenAI, such as multimodality and programmatic agents, introduce significant exploitation risks, including social engineering attacks and indirect prompt injections.
Deep dives
Unique Challenges in Securing Gen AI Applications
Securing Generative AI applications presents unique challenges compared to traditional web or API testing. The non-deterministic nature of AI means that penetration testing requires multiple attempts across different message segments, as context length can vary significantly. Additionally, continuous updates from LLM vendors complicate the process since major version changes are often unannounced, necessitating ongoing testing instead of the periodic assessments common in traditional applications. The embedded logic within AI models presents another challenge, as sensitive business data is integrated within the model itself, making it difficult to implement role-based access controls or isolate confidential information effectively.
Get the Snipd
podcast app
Unlock the knowledge in podcasts with the podcast player of the future.
AI-powered
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode
Save any
moment
Hear something you like? Tap your headphones to save it with AI-generated key takeaways
Share
& Export
Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more
AI-powered
podcast player
Listen to all your favourite podcasts with AI-powered features
Discover
highlights
Listen to the best highlights from the podcasts you love and dive into the full episode