David Moulton (15:26)

Hi, I'm David Moulton, host of the Threat Vector podcast where we discuss pressing cybersecurity threats and resilience and uncover insights in the latest industry trends. In our latest episode, I sat down with two of my colleagues, Tanya Shastry, SVP of Product Management, and Nav Singh, VP of Marketing, to explore a topic that's quietly redefining enterprise security. How to secure AI before it secures you a front page breach. Tanya and Nav pull back the curtain on what you're not seeing. Shadow AI, invisible threats inside browsers, and the hidden vulnerabilities in your AI dev pipeline. They break down how attackers are already exploiting gaps in AI security and how the most forward leaning organizations are staying two steps ahead. This episode will challenge the way you think about AI and security and what you haven't done yet. Check it out wherever you listen to podcasts. How are employees using Gen AI tools like ChatGPT, Copilots and Gemini inside the enterprise today and what risk does that create?

Navneet Singh (16:35)

Employees are using gen applications in a variety of different ways. Especially you know, if you look at marketing department. I lead marketing for network security here at Palo Alto Networks. We use it in many, many different ways. One example of this we just came out of the Cybersecurity Bigger Scenarios conference which is RSA and biggest week, RSA week at that time. During that time we launched many new products and we had a campaign come out of it. So one of the things that we did in order to launch that was actually do a competition, internal competition where we had to use AI tools to come up with taglines, concepts, creative concepts, videos and so on. So we got 56 submissions in two days and one of those submissions was actually chosen and that's what we went with. We had deploy bravely for Prisma Airs that actually came out of this competition. So this is just one of the ways in which we are using it in my team. And when we talk to customers, they're using it a variety of ways in sales, marketing, finance, and so on.

David Moulton (17:43)

Tanya, talk to me about the critical components of a security strategy that allows employees and AI or gen AI use without putting data at risk.

Tanya Shastri (17:54)

Yes. So as Nav just mentioned, there's tremendous adoption of AI, but there is lack of visibility into what users are actually using. Essentially we call it shadow AI. So first and foremost, one of the very important components is having visibility into what the employees are using, what apps they're using, and then having a visibility into what the app actually does. What does it do? The various attributes of that application so you can assess the risk of that application. That is one area or one component that's important. And as you think about it, really these apps are being generated so quickly and there are more and more new apps. So staying up to speed and being able to recognize and understand which these new apps are continues to be important. Then another area, another component or another piece that's very important is once you have visibility, you have to be able to control the usage of the app. And that control could be a blunt tool where you say it's too risky and I just don't allow access to the application. But more importantly, you also have to be able to have a finer approach in that you allow access to an application, but then you are able to have a finer grained ability to decide what you do with that application. So for example, having access to a chat LLM ChatGPT for general use makes a lot of sense. There's a lot of value to leveraging it, but you may not want it to be used for situations where employees are sharing code with it and asking ChatGPT to improve their code. So being able to have that kind of fine grained control over how an app is used and what data is shared with the app, ensuring that no private sensitive data is shared either inadvertently or otherwise with the application. That's also another important piece, essentially control of that application. And then if you choose to decide to allow that application to be used, it's very important to continuously monitor the traffic that's actually going between the application back and forth to ensure that there are no threats, no malware, no other command control, other such things in the communication between the application and Mac.

David Moulton (20:18)

Nav, let me take it over to you. How does the secure AI by design approach help organizations bake security into the AI development life cycle?

Navneet Singh (20:28)

So let me talk about a customer example. So I was talking to a customer, which is professional services firm and they're building AI application, they in fact have tested it internally. It helps their consultants prepare for their meetings 2x faster because gives them so much information so quickly and so easily and which basically for a professional services firm means that they could potentially even double their revenues with the same headcount. So it's a. Yeah, is can be a game changer. So when you look at this, you know, going back to what you were saying about CISOs, they are going to feel the pressure from their CEOs and the board to really allow AI. So they. That's why we believe that the best approach is secure AI by design, which means you use AI in your development lifecycle, as Chaney was mentioning. So we offer capabilities to secure AI or safely enable AI in both use cases that we just mentioned, either employees using third party gen applications like ChatGPT so employees can safely use but prevent sensitive data from leaking. And secondly enterprises developing their own AI applications. So all the risks that Tanya had mentioned, so model scanning, red teaming so that we can find vulnerabilities. Looking at the posture, do you have overly permissive AI applications or agents? The runtime security, prompt injection attack, preventing multiple different types of prompt injection attacks.

Dave Buettner (22:07)

Right.

Navneet Singh (22:07)

All of that is something that we offer as part of our portfolio of AI. And that's what we mean by being able to secure AI applications by design and securely being able to embrace AI.

David Moulton (22:24)

Tanya, what does it mean to secure the entire AI pipeline from development to deployment?

Tanya Shastri (22:33)

So I just shared how the entire stack for AI is new and how there is a lot of complexity in terms of the technologies that are being brought together to deliver an AI application and then essentially the threats that it opens up. And when you think about it, essentially all the threats that open up during development, deployment and runtime are essentially what we need to take care of. So starting with development, being able to scan these ML models, being able to have the confidence that the ML models that are being used are secure, do not have any malware or vulnerabilities in them. Starting right there with scanners and so on, ensuring that there are no secrets shared inadvertently, no data being included in code that should not be included. Those kinds of things at the code development time. From a deployment standpoint, you really need to be able to first assess what all exists in the infrastructure that is all related to the AI applications. Essentially discovery to be able to discover all the pieces that are being brought together to develop the application, ensure that all those pieces are deployed correctly, do not have any misconfigurations being able to ensure that that is done right. That's another big piece from a deployment standpoint. So essentially all the things I talked about, whether it's new agents, plugins, LLMs, data sources, all those need to be deployed and configured appropriately. And then from a runtime perspective, being able to continuously monitor. So essentially when these applications are put in production, they now access the outside world, they're communicating with other applications, with external entities, and being able to continuously monitor that connection and being able to ensure that all the traffic that's going back and forth doesn't have any malware in it, doesn't have any threats in it, there isn't any data being exfiltrated, being able to make sure that there's no data loss. All those things are also important. And I do also want to highlight, and I mentioned before, right, with AI, there is no AI without data for all practical purposes. So ensuring that the data is secure, not just the access to the data, but important secure data, private data is locked down is appropriate.

David Moulton (25:16)

If you've liked what you heard, catch the full episode now in your Threat Vector podcast feed. It's called Securing AI in the Interpretation Enterprise, released May 22. Don't get left behind.

Dave Buettner (25:34)

Be sure to check out the complete Threat Vector podcast wherever you get your favorite podcasts. And finally, imagine logging into a crusty old Star wars fan site, StarWarsWeb.net only to learn years later that it wasn't just peddling Battlefront 2 nostalgia and Lego sets. It was a covert CIA channel for communicating with human intelligence sources around the world. Like these games, you will read the site's Yoda quote, which honestly, this podcast host probably clicked on twice without ever realizing it was part of an international spy network. According to security researcher Ciro Santilli, this now defunct relic was one of many CIA operated sites disguised as innocuous hobbies, extreme sports, Brazilian music, even comedy fan sites. The idea? Hide spy communications in plain sight. The method? A secret login triggered by typing a password into the site's search bar. The results? Well, I've got a very bad feeling about this. Iranian authorities caught wind of the setup over a decade ago, eventually unraveling a web that reportedly led to the deaths of over two dozen CIA sources in China between 2011 and 2012. Santilli's interest in the case started with some personal curiosity his mother in law as part of the Falun Gong movement, but quickly turned into a deep dive hobby involving Tourbots, HTML sleuthing and hours of crawling through the Wayback Machine. His breakthrough was discovering that the CIA hadn't bothered to mask IP address patterns or remove file names from publicly posted screenshots. From there, he tracked down hundreds of related domains. Zach Edwards, an independent cybersecurity researcher, says the findings align with what the infosec community suspected. For years, he said, yes, the CIA absolutely had a Star wars fan website with a secretly embedded communication system. Noting that even in spycraft, developer errors like leaving digital breadcrumbs can bring an operation down, Santilli unearthed the sights using a mix of open source tools, sheer patience, and presumably zero Jedi mind tricks. It's a trap. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a word from our sponsor, ThreatLocker keeping your system secure shouldn't mean constantly reacting to threats. Threat Locker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.