AI and Security: A double-edged sword? Montréal Stacy Véronneau - SE Cloud Experts Yan Bellerose - Google

Stacy Véronneau Passionate Cloud Evangelist and Technical Lead, blending my strong business acumen with a deep dive into cloud technologies. My journey in tech is fueled by a love for learning and sharing knowledge, especially in the realms of cloud integration and operations. Whether you're a cloud newbie or a seasoned professional, I'm here to engage in thoughtful discussions, collaborate on exciting projects, and share insights from my journey.

Yan Bellerose As a results-oriented technology enthusiast, I excel at bridging the gap between technical expertise, business objectives, and innovation. Known for delivering high-quality work and inspiring others, I possess a natural aptitude for adaptation and continuous learning. This enables me to quickly become effective in dynamic and fast-paced environments such as Google. As a technology passionate, I'm dedicated to staying at the forefront of emerging trends. My experience, ranging from customer engineering to security leadership roles, has equipped me with a deep understanding of the security industry.

Montréal Our Topics For Today ● AI 101 ● AI as a Security Threat ● Security in AI ● AI in Security ● The Google Ecosystem ● Conclusion ● Q&A

Let’s level set the convo a bit

AI is powerful but has both positive and negative implications (Double-Edged), especially in the security realm. But, let’s level set and frame this conversation and also take a few steps back. AI 101

AI as a Security Threat: The dark side

AI as a Security Threat: The dark side Potential risks and challenges posed by AI in security: ● Adversarial attacks on AI systems ● AI-powered cyberattacks ● Deep Fakes and misinformation ● Privacy and surveillance issues ● Ethical considerations

Security in AI: Protecting the Protectors

Vulnerabilities Galore: ● Data Poisoning ● Model Theft ● Backdoors ● Adversarial Attacks Security in AI: Protecting the Protectors

The potential of AI, especially generative AI, is immense. As innovation moves forward, the industry needs security standards for building and deploying AI responsibly. That's why we introduced the Secure AI Framework (SAIF), a conceptual framework to secure AI systems. SAIF is designed to address top-of-mind concerns for security professionals, such as AI/ML model risk management, security and privacy—helping to ensure that when AI models are implemented, they're secure by default. Google's Secure AI Framework (SAIF)

Train model Dataset Pretrained model(s) ML Framework Model hub Production model Inference in production Risks in stage of GenAI Supply Chain

Train model Dataset Pretrained model(s) ML Framework Model hub Production model Inference in production Source tampering Inject vulnerability Data Poisoning Unauthorized Training Data Compromise model Model poisoning Bad model usage Insecure Integrated Component Risks in stage of GenAI Supply Chain Model Reverse Engineering Denial of ML Service Rogue actions

Train model Dataset Pretrained model(s) ML Framework Model hub Production model Inference in production Risks in stage of GenAI Supply Chain Source tampering Inject vulnerability Unauthorized Training Data Compromise model Model poisoning Bad model usage Library vulnerability analysis Trusted source Sensitive Data protection Trusted source Trusted source Sensitive Data protection Network Isolation WAF & DDOS Protection Insecure Integrated Component Model Reverse Engineering Denial of ML Service Rogue actions Data Poisoning

AI in Security: Enhancing Protection

AI in Security: Enhancing Protection AI is being used to improve security measures like: ● Threat detection and prevention ● Vulnerability assessment ● Incident response ● Fraud detection ● Cybersecurity automation

AI Core Capability Why specialized LLM needed Example opportunities Summarize Classify Generate Complex & ever-growing security jargon not well-represented in other training sets. Help reduce the noise and increase the signal Corrupt, malicious, & vulnerable data/code not represented in other training sets Niche languages and data structures in security domain not well-represented in other training sets ● Concisely explain behavior of suspicious scripts ● Summarize relevant & actionable threat intelligence ● SOC cases | Intel reports | Attack paths ● Generate YARA-L detection ● Generate SOAR playbook ● Security Testing ● Classify malware (Powershell, VBA, PHP, JavaScript) ● Identify security vulnerabilities in code ● Threat Relevance & Risk AI - key use case

The Google Cloud Ecosystem: AI and Security

● AI Superpowers: AI-powered security for rapid threat detection and response. 󰭉 ● Security Command Center: Panoramic security monitoring with AI. 🔭 ● SecOps: AI threat detection that finds hidden attacks. 󰡸 ● VirusTotal: AI-driven malware analysis and extermination. 🐛💥 The Google Cloud Ecosystem: AI and Security

Google Claims World First As AI Finds 0-Day Security Vulnerability On November 1st 2024, An AI agent has discovered a previously unknown, zero-day, exploitable memory-safety vulnerability in widely used real-world software. It’s the first example, at least to be made public, of such a find, according to Google’s Project Zero and DeepMind, the forces behind Big Sleep, the large language model-assisted vulnerability agent that spotted the vulnerability.

Demo time!

Conclusion and Q&A

● Develop robust architecture and resilient AI models that are resistant to adversarial attacks. ● Prioritize ethical considerations in the design and deployment of AI security systems. ● Invest in research and development to stay inform and ready to react against emerging threats and vulnerabilities. ● Foster collaboration between industry, academia, and government to ensure responsible and secure AI innovation in the security domain. To harness the benefits of AI while mitigating the risks, it's crucial to:

No content

No content