Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Apidays Paris 2023 - Cloud APIs, ChatGPT 4-Turb...

apidays
December 18, 2023

Apidays Paris 2023 - Cloud APIs, ChatGPT 4-Turbo, and Attack Path Visualization, Doug Dooley, Data Theorem

Apidays Paris 2023 - Software and APIs for Smart, Sustainable and Sovereign Societies
December 6, 7 & 8, 2023

Cloud APIs, ChatGPT 4-Turbo, and Attack Path Visualization
Doug Dooley, COO at Data Theorem

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

December 18, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. Cloud External APIs with ChatGPT 4-Turbo and Attack Path Visualization

    AI Innovations bring new attacks to Enterprise APIs
  2. Agenda • Playground has changed for APIs… • AI innovation

    makes it easier to find new data insights • Barriers (costs) are dropping for API experimentation • Data is AI fuel. APIs are the new charging stations. • GenAI proliferation accelerates 2024+ • API data consumption will explode alongside AI assistants • API Security & App, Data, SCS Discovery must evolve. • Context becomes necessary for API and data safety • “Attack Path Visualization” helps with security & privacy
  3. Playground has changed… Sam Altman - Nov 7, 2023 at

    DevDay, OpenAPI’s first conf “Assistants API will make everything easier.” “[API] retrieval… and using your own functions” makes better Assistants Ramon Huet, OpenAI’s head of developer experience
  4. Enterprise API Security & Data Classification API target: https://retoolapi.dev/rv0soy/sensitivedata API

    key: sensitivetH16uqkjUPiTX9T6y8S1E0d8myj39f2j1co0w0EzdKF3RfYmtIymyKJ Data Theorem (API Secure) Teleskope.ai (Cloud Data Security Platform) Other Security Tools
  5. gpt-4.0-turbo After analyzing the provided API response, I found a

    total of 42 instances of PII. These instances include credit card numbers, social security numbers, and zip codes. If you have any further questions or need assistance with anything else, please let me know. API Key, OAuth 2.0, Azure AD ChatGPT 4.0 Turbo = yes to External APIs (Nov 2023)
  6. Data is AI fuel. APIs are the charging stations. Elon

    Musk - Nov 23,2023 at NYT DealBook summit “Data is probably more valuable than gold.”
  7. AI concepts Generative AI (GenAI) Foundation Models LLM (Large Language

    Models) ChatGPT (AI app) AGI (Artificial General Intelligence) Today Not yet… [process more data]
  8. “[Not-for-profit Open AI that I named and help start] should

    be renamed Super Closed Source for Maximum Profit AI.” AGI defined as "smarter than the smartest human at anything… less than three years away.” said on Nov 23, 2023 How far is AGI from reality?
  9. API security and data discovery must evolve. Satya Nadella, Microsoft

    - Nov 2023 at Ignite 2023 “We are making the age of AI real for people and businesses everywhere.”
  10. Transparency can improve security VISUAL CONTEXT What? • Vulnerabilities •

    Priority Level • Data Types Who? • Owner • IAM • CIEM When? • Last Changed • Last accessed • Alert Time How? • Attack Path • Public/Private • Exploit Details MRI for APIs
  11. Comprehensive analyst report on the broadening landscape of API Security

    & Management New Research: API Security & Mgmt Alexei Balaganski, Analyst