Greetings,

There are two questions I have to address regularly:

1. Why can't I just turn on database encryption and call it a day?

2. Our engineers can call "encrypt" just fine, why do we need you?

The good news is that I hear the first question much less often these days as Application-layer Encryption gains mindshare among security teams. If you're getting this email, you probably already understand why it's important and why infrastructure-layer encryption like transparent database encryption is useless at protecting data in the cloud.

The second question doesn't come up as often. Generally if we're talking to someone, they've already realized that it isn't as easy as just calling "encrypt" on some data. Crypto-systems are complex and difficult to build and get right, which is something we've spent years perfecting. Our new blog goes much deeper on what it takes to build an ALE system and the many potential pitfalls. It's geared towards engineers and walks through hypothetical design decisions.

And speaking of issues, we also put out a blog on why you shouldn't use the native encryption functions in MySQL. Really. Don't.

Lastly, the talk we gave at Defcon in August about Cloaked AI is now up on YouTube. It's a technical one. We had tons of people come up to talk to us afterwards and are flattered by the great response. AI security is really critical today as companies adopt GenAI at record rates.

I truly hope this is useful for you. As always, I'm happy to answer any questions.

Patrick Walsh
CEO, IronCore

Build Your Own Application-Layer Encryption?

Non-obvious Considerations and Why It’s
More Complex Than It May Seem

Implementing application-layer encryption (ALE) is a powerful way to secure sensitive data, yet building it in-house presents challenges far beyond simply calling an encryption function. This blog explores the many hidden complexities, from key management and scalability to evolving cryptographic standards and data sovereignty concerns. Learn why DIY ALE often proves costly, and how leveraging IronCore can streamline secure, scalable data protection.

> Read the full blog

Using MySQL's Built-in Encryption:
A Terrible Idea

6 Reasons To Avoid MySQL’s Native Encryption Functions

Thinking of using MySQL’s built-in encryption functions for your sensitive data? Think again. MySQL’s native AES encryption presents security risks with outdated and insecure modes, bad defaults, inadequate key management, and poor scalability. This blog examines why MySQL’s encryption might do more harm than good, with six reasons to consider alternative solutions for secure application-layer encryption.

> Read the full blog

DEF CON 32 - Attacks on Gen-AI data & using vector encryption to stop them

A Comprehensive Tour of AI Security and Tools and Techniques to Fix the Problems

As the adoption of Gen-AI tools has soared, security has done little to keep up. New classes of data, and especially vector data, is flooding into new and untested data stores. Vector databases are getting copies of health data, financial data, HR data, emails, and everything else, but they have no intrinsic security. What's worse, the vectors themselves can be reversed in embedding inversion attacks that turn those vectors back into faces, sentences, and even pictures. We discuss these new attacks and a new branch of cryptography, vector encryption, which allows for privacy preserving searches to happen over the encrypted vectors. We'll discuss the benefits, trade-offs, and current state of the field including the open source software we've built to meet the new need.

> Watch the video