Greetings,

Even before the recent CrowdStrike debacle, I was pondering the trusted role that security software plays in our ecosystem and the many ways where the security solution can become the problem.

Some of the most notable breaches of the last year came about through the compromise of security software including Barracuda's Email Security Gateway, Cisco's Adaptive Security Appliance, Ivanti's Endpoint Manager Mobile and Sentry, and Trend Micro's Apex Onesecure.

I've recently spent quite a bit of time giving talks and briefing enterprises on the lesser understood risks that come with these new GenAI systems.  Everyone talks about deep fakes and fraud, but few people are looking at these systems in a more comprehensive way and, critically, the adoption of these new AI systems has far outpaced the adoption of security for them.

In fact, 20 of the top 20 SaaS companies have announced new AI features using LLMs. And 20 of the top 20 security companies have also announced new AI capabilities. 

Whether you realize it or not, your data is being splintered into multiple shadow copies across almost all of your service providers and chances are they haven't secured that new data or the systems around it.  Even your security vendors are adding these risks to your company.  It's alarming.

If you'd like to understand these risks better, I talked about six specific risks and six mitigations in a talk I gave to RMISC last month (linked below). Those who have seen it tell me it was the most impactful talk they've seen on AI security. It's likely well worth your time.

Patrick Walsh
CEO, IronCore 

RMISC 2024 - Exploitable Weaknesss in Gen AI Workflows: 

From RAG to Riches

This presentation was delivered at the Rocky Mountain Information Security Conference (RMISC) in June 2024, but the talk was not recorded so this is a re-recording of the same material. This talk was extremely well received and opened up people's eyes to the many risks around this common AI workflow.

> Watch the video on YouTube

Snowflake and AT&T Breaches Were Preventable With Application-layer Encryption

Misleading Encryption Claims and a Lack of “Security by Default” are the Root Causes

The attacks on Snowflake and the recent successful attack on AT&T customers via their Snowflake data lake shows yet again how major enterprises are failing to secure the data they hold and why application-layer encryption and security by default are so very important, though so often overlooked.

> Read about where AT&T and Snowflake went wrong

Upcoming events:

• Defcon Creator Stage
  • August 10, 2024 in Las Vegas, Nevada
  • Title: Attacks on GenAI data and using vector encryption to stop them
  • Abstract: As the adoption of GenAI tools has soared, security has done little to keep up. New classes of data, and especially vector data, is flooding into new and untested data stores. Vector databases are getting copies of health data, financial data, HR data, emails, and everything else, but they have no intrinsic security. What's worse, the vectors themselves can be reversed in embedding inversion attacks that turn those vectors back into faces, sentences, and even pictures. We discuss these new attacks and a new branch of cryptography, vector encryption, which allows for privacy preserving searches to happen over the encrypted vectors. We'll discuss the benefits, trade-offs, and current state of the field and the open source software we've built to meet the new need.
• OpenSearchCon
  • September 24-26, 2024 in San Francisco, California
  • OpenSearchCon is the annual conference that brings the OpenSearch community together to learn, connect, and collaborate.  IronCore will be there to talk about secure, encrypted search in keyword indices, AI vectors, and in hybrid searches.