It's a tough time to be a CISO. The pressure to innovate and to allow innovation -- especially around new AI tech -- is very strong. There are no established standards for encryption or for protecting AI systems and data. So while the business is pushing out new AI features, the security team has to figure out how to mitigate the very large inherent risks that come with these new technologies.
We've also been doing original research on attacking AI data that we're excited to share. We'll be giving a presentation on the findings at the upcoming RMISC conference at the end of May -- let us know if you'll be there.
That's it for now. Stay safe and protect your data.
Title: Illuminating the Dark Corners of AI: Exploiting Shadow Data in AI Models and Embeddings
Abstract: A demonstration of how to extract confidential data and personally identifiable information from fine-tuned LLMs and vector embeddings. Shows how confidential data finds its way into your AI systems and presents attacks for identifying and extracting that sensitive data. This will highlight the problem of AI shadow data in RAG workflows and chat bots. The data may be monitored and protected in its primary store but is vulnerable and overlooked in the corresponding AI systems.
Important Questions to Ask Your Software Vendor
About the Security of their AI Features
Before trusting your vendor's new AI feature, ask these 12 critical security questions to protect your data, prevent breaches, and ensure compliance.
Essential Security Steps Before Launching Your AI Feature
Stay ahead of threats like prompt injections, data leaks, and model manipulation with proactive measures every company should take before rolling out AI features.
OWASP's Updated Top 10 LLM Includes Vector and Embedding Weaknesses
The Update Looks Beyond Models to the Whole AI Stack
OWASP released their second version of the Top 10 for LLM Applications. It now includes major new issues found in the surrounding AI ecosystem, going beyond LLM model risks. In this blog post, we look at their key findings and zoom in on LLM08, vector and embedding weaknesses.