Apidays Paris 2023 - Cloud APIs, ChatGPT 4-Turbo, and Attack Path Visualization, Doug Dooley, Data Theorem

Transcript

1. Cloud External APIs with ChatGPT 4-Turbo and Attack Path Visualization

   AI Innovations bring new attacks to Enterprise APIs

2. Agenda • Playground has changed for APIs… • AI innovation

   makes it easier to find new data insights • Barriers (costs) are dropping for API experimentation • Data is AI fuel. APIs are the new charging stations. • GenAI proliferation accelerates 2024+ • API data consumption will explode alongside AI assistants • API Security & App, Data, SCS Discovery must evolve. • Context becomes necessary for API and data safety • “Attack Path Visualization” helps with security & privacy

3. Playground has changed… Sam Altman - Nov 7, 2023 at

   DevDay, OpenAPI’s first conf “Assistants API will make everything easier.” “[API] retrieval… and using your own functions” makes better Assistants Ramon Huet, OpenAI’s head of developer experience

4. ChatGPT 3.0 or earlier = no external APIs (Nov 2022)

   gpt-3.0

5. Enterprise API Security & Data Classification API target: https://retoolapi.dev/rv0soy/sensitivedata API

   key: sensitivetH16uqkjUPiTX9T6y8S1E0d8myj39f2j1co0w0EzdKF3RfYmtIymyKJ Data Theorem (API Secure) Teleskope.ai (Cloud Data Security Platform) Other Security Tools

6. OpenAI: Nov 7 (Functions & Retrieval)

7. gpt-4.0-turbo After analyzing the provided API response, I found a

   total of 42 instances of PII. These instances include credit card numbers, social security numbers, and zip codes. If you have any further questions or need assistance with anything else, please let me know. API Key, OAuth 2.0, Azure AD ChatGPT 4.0 Turbo = yes to External APIs (Nov 2023)

8. Cost = $0.25-$0.35 2-3X lower cost with Chat GPT-4

9. Data is AI fuel. APIs are the charging stations. Elon

   Musk - Nov 23,2023 at NYT DealBook summit “Data is probably more valuable than gold.”

10. Growth of OpenAI

11. AI concepts Generative AI (GenAI) Foundation Models LLM (Large Language

    Models) ChatGPT (AI app) AGI (Artificial General Intelligence) Today Not yet… [process more data]

12. “[Not-for-profit Open AI that I named and help start] should

    be renamed Super Closed Source for Maximum Profit AI.” AGI defined as "smarter than the smartest human at anything… less than three years away.” said on Nov 23, 2023 How far is AGI from reality?

13. API security and data discovery must evolve. Satya Nadella, Microsoft

    - Nov 2023 at Ignite 2023 “We are making the age of AI real for people and businesses everywhere.”

14. Genie locked in a bottle

15. None

16. Defending Enterprise APIs and apps…

17. API exploits and vulnerabilities… so what?

18. Visualize the API connective tissue

19. Transparency can improve security VISUAL CONTEXT What? • Vulnerabilities •

    Priority Level • Data Types Who? • Owner • IAM • CIEM When? • Last Changed • Last accessed • Alert Time How? • Attack Path • Public/Private • Exploit Details MRI for APIs

20. Attack Path Visualization MRI for APIs

21. Highlight: API Security Leaders #1 Pure Play #3 Overall

22. Comprehensive analyst report on the broadening landscape of API Security

    & Management New Research: API Security & Mgmt Alexei Balaganski, Analyst

23. Come see us - Booth #5