Al and Security: A double edge sword? by Stacy Véronneau and Yan Bellerose

Transcript

1. AI and Security: A double-edged sword? Montréal Stacy Véronneau -

   SE Cloud Experts Yan Bellerose - Google

2. Stacy Véronneau Passionate Cloud Evangelist and Technical Lead, blending my

   strong business acumen with a deep dive into cloud technologies. My journey in tech is fueled by a love for learning and sharing knowledge, especially in the realms of cloud integration and operations. Whether you're a cloud newbie or a seasoned professional, I'm here to engage in thoughtful discussions, collaborate on exciting projects, and share insights from my journey.

3. Yan Bellerose As a results-oriented technology enthusiast, I excel at

   bridging the gap between technical expertise, business objectives, and innovation. Known for delivering high-quality work and inspiring others, I possess a natural aptitude for adaptation and continuous learning. This enables me to quickly become effective in dynamic and fast-paced environments such as Google. As a technology passionate, I'm dedicated to staying at the forefront of emerging trends. My experience, ranging from customer engineering to security leadership roles, has equipped me with a deep understanding of the security industry.

4. Montréal Our Topics For Today • AI 101 • AI

   as a Security Threat • Security in AI • AI in Security • The Google Ecosystem • Conclusion • Q&A

5. Let’s level set the convo a bit

6. AI is powerful but has both positive and negative implications

   (Double-Edged), especially in the security realm. But, let’s level set and frame this conversation and also take a few steps back. AI 101

7. AI as a Security Threat: The dark side

8. AI as a Security Threat: The dark side Potential risks

   and challenges posed by AI in security: • Adversarial attacks on AI systems • AI-powered cyberattacks • Deep Fakes and misinformation • Privacy and surveillance issues • Ethical considerations

9. Security in AI: Protecting the Protectors

10. Vulnerabilities Galore: • Data Poisoning • Model Theft • Backdoors

    • Adversarial Attacks Security in AI: Protecting the Protectors

11. The potential of AI, especially generative AI, is immense. As

    innovation moves forward, the industry needs security standards for building and deploying AI responsibly. That's why we introduced the Secure AI Framework (SAIF), a conceptual framework to secure AI systems. SAIF is designed to address top-of-mind concerns for security professionals, such as AI/ML model risk management, security and privacy—helping to ensure that when AI models are implemented, they're secure by default. Google's Secure AI Framework (SAIF)

12. Train model Dataset Pretrained model(s) ML Framework Model hub Production

    model Inference in production Risks in stage of GenAI Supply Chain

13. Train model Dataset Pretrained model(s) ML Framework Model hub Production

    model Inference in production Source tampering Inject vulnerability Data Poisoning Unauthorized Training Data Compromise model Model poisoning Bad model usage Insecure Integrated Component Risks in stage of GenAI Supply Chain Model Reverse Engineering Denial of ML Service Rogue actions

14. Train model Dataset Pretrained model(s) ML Framework Model hub Production

    model Inference in production Risks in stage of GenAI Supply Chain Source tampering Inject vulnerability Unauthorized Training Data Compromise model Model poisoning Bad model usage Library vulnerability analysis Trusted source Sensitive Data protection Trusted source Trusted source Sensitive Data protection Network Isolation WAF & DDOS Protection Insecure Integrated Component Model Reverse Engineering Denial of ML Service Rogue actions Data Poisoning

15. AI in Security: Enhancing Protection

16. AI in Security: Enhancing Protection AI is being used to

    improve security measures like: • Threat detection and prevention • Vulnerability assessment • Incident response • Fraud detection • Cybersecurity automation

17. AI Core Capability Why specialized LLM needed Example opportunities Summarize

    Classify Generate Complex & ever-growing security jargon not well-represented in other training sets. Help reduce the noise and increase the signal Corrupt, malicious, & vulnerable data/code not represented in other training sets Niche languages and data structures in security domain not well-represented in other training sets • Concisely explain behavior of suspicious scripts • Summarize relevant & actionable threat intelligence • SOC cases | Intel reports | Attack paths • Generate YARA-L detection • Generate SOAR playbook • Security Testing • Classify malware (Powershell, VBA, PHP, JavaScript) • Identify security vulnerabilities in code • Threat Relevance & Risk AI - key use case

18. The Google Cloud Ecosystem: AI and Security

19. • AI Superpowers: AI-powered security for rapid threat detection and

    response. 󰭉 • Security Command Center: Panoramic security monitoring with AI. 🔭 • SecOps: AI threat detection that finds hidden attacks. 󰡸 • VirusTotal: AI-driven malware analysis and extermination. 🐛💥 The Google Cloud Ecosystem: AI and Security

20. Google Claims World First As AI Finds 0-Day Security Vulnerability

    On November 1st 2024, An AI agent has discovered a previously unknown, zero-day, exploitable memory-safety vulnerability in widely used real-world software. It’s the first example, at least to be made public, of such a find, according to Google’s Project Zero and DeepMind, the forces behind Big Sleep, the large language model-assisted vulnerability agent that spotted the vulnerability.

21. Demo time!

22. Conclusion and Q&A

23. • Develop robust architecture and resilient AI models that are

    resistant to adversarial attacks. • Prioritize ethical considerations in the design and deployment of AI security systems. • Invest in research and development to stay inform and ready to react against emerging threats and vulnerabilities. • Foster collaboration between industry, academia, and government to ensure responsible and secure AI innovation in the security domain. To harness the benefits of AI while mitigating the risks, it's crucial to:
24. None
25. None