Sponsored: Rad Security on new AI adoption risks for enterprises - Risky Bulletin

Summary4 min read

Risky Bulletin Episode Summary: "Sponsored: Rad Security on New AI Adoption Risks for Enterprises"

Release Date: February 16, 2025
Host: Katalin Campano
Guest: Jimmy Mesta, CEO and Co-founder at Thread Security

Introduction to AI Adoption Risks

In this insightful episode, Katalin Campano interviews Jimmy Mesta, CEO and Co-founder of Thread Security, to delve into the emerging risks associated with the adoption of Artificial Intelligence (AI) in enterprise environments. The discussion centers around the vulnerabilities introduced by untested AI assistants and the broader implications for cybersecurity.

The Perils of Untested AI Assistants

Jimmy Mesta initiates the conversation by referencing his recent LinkedIn post, where he cautions companies against the unchecked deployment of AI assistants within their services. He explains, “[...] the whole premise of AI audio chat apps, you know, AI BDRs, AI sales reps, things like that is pretty compelling. But the problem is at least what we're finding in the early days of this is that they're not super secure” (00:44). This highlights the initial security oversights in AI integrations, particularly in roles that handle sensitive data.

Thread Security and Rad Security's Dual Approach

Mesta elaborates on Thread Security's strategy to both incorporate AI into their products and develop solutions to protect against AI-related threats. He states, “We are doing both right now” (00:44), emphasizing a dual-focus approach. This involves creating secure AI frameworks while simultaneously building tools that safeguard existing AI systems.

Addressing Shadow and Rogue AI

A significant portion of the discussion revolves around the concept of "shadow AI" and "rogue AI"—AI elements within an organization that operate outside of official oversight. Mesta explains, “We are building out of the gate a lot of CISOs these days are worried about what we're calling shadow AI, rogue AI, you know, untracked AI elements” (02:46). Rad Security aims to provide a comprehensive AI asset inventory, enabling organizations to identify and manage these elusive AI components effectively.

Technical Solutions: Leveraging EBPF and Real-Time Detection

To tackle the security challenges posed by AI, Thread Security employs advanced technologies like Extended Berkeley Packet Filter (EBPF) for deep system monitoring. Mesta notes, “We use EBPF and other sort of ingestion formats to understand even as far as like there's a workload that's reaching out to OpenAI and it's using a certain model” (04:01). This allows for precise tracking of AI interactions with sensitive data, ensuring compliance with data protection standards such as PII, PCI, and HIPAA.

The Complexity of Managing AI Tools

Mesta identifies the unique challenges in securing AI, which extend beyond traditional cloud infrastructure. He mentions, “It's just emergence of other AI tools that connect to systems that aren't necessarily AI” (04:56), pointing to the integration of AI with non-AI systems like databases and notebooks. This cross-functionality complicates data lineage tracking and governance, necessitating robust technical controls.

Human Factors vs. Technical Controls

While acknowledging the importance of training, Mesta emphasizes that technical safeguards are indispensable. He asserts, “People are going to sign up for tools that make their lives easier... I don't think we're going to be able to stop that through training” (06:09). This underscores the necessity for automated technical measures to complement human training in mitigating AI-related risks.

Risks of Open Source and Third-Party AI Models

The conversation addresses the vulnerabilities associated with open-source AI models and third-party vector databases. Mesta warns, “Open source is a good thing in general, but... you don't know everything that they do” (07:13), highlighting the security uncertainties inherent in publicly available AI models. Additionally, the use of third-party vector databases introduces risks related to data isolation and usage, complicating data security further.

Regulatory Frameworks and Compliance

Mesta discusses the role of emerging regulatory frameworks such as the EU AI Act and the NIST AI Risk Management Framework in shaping AI security practices. He comments, “We have that capability in our product today... they are, they are useful” (09:00). However, he also cautions that compliance alone does not guarantee security, advocating for more technical regulations to effectively govern AI usage without stifling innovation.

The Threat of AI-Driven Cyberattacks

A critical highlight of the episode is the exploration of how threat actors are leveraging AI to enhance the sophistication and speed of cyberattacks. Mesta observes, “The usage of AI has really enabled just speed” (10:18), noting that AI facilitates more intelligent phishing campaigns, automated voice attacks, and adaptive exploit techniques. This evolution necessitates equally advanced defensive measures.

Adapting Cybersecurity Strategies to Combat AI Threats

Concluding the discussion, Mesta emphasizes the urgent need for the cybersecurity industry to adopt AI-driven defenses. He states, “you have to actually be defending the AI attacks with AI” (10:18). This paradigm shift involves utilizing real-time detection and high-efficacy AI tools to counteract the rapidly evolving AI-powered threats, ensuring that security measures keep pace with the sophistication of attacks.

Final Thoughts

Jimmy Mesta's insights shed light on the multifaceted challenges of integrating AI into enterprise systems securely. From addressing shadow AI and enhancing regulatory compliance to combating AI-driven cyber threats, the episode underscores the imperative for comprehensive, technically robust security strategies in the age of AI.

Timestamps

00:44 – Introduction to AI assistant security issues
02:46 – Discussing shadow and rogue AI
04:01 – Technical solutions using EBPF
04:56 – Managing AI tools and cross-system integrations
06:09 – Balancing human training with technical controls
07:13 – Risks of open-source and third-party AI models
09:00 – Regulatory frameworks and their impact
10:18 – AI in cyberattacks and the need for AI defenses

This episode provides a comprehensive overview of the current landscape of AI adoption in enterprises, highlighting both the opportunities and the significant security risks. By integrating expert perspectives from Jimmy Mesta, listeners gain a nuanced understanding of how to navigate and mitigate the complex challenges posed by AI in the cybersecurity realm.

Loading summary

Transcript23 lines

[00:00]
A
Foreign.
[00:06]
B
This is Katalin Campano and this is a Risky Business News sponsor interview with Jimmy Mesta, CEO and co founder at Thread Security. Welcome back, Jimmy.
[00:15]
A
Hey Katalin, great to be here again. Good to see you.
[00:18]
B
Now today we're going to have an interesting topic because you made a very interesting point in a LinkedIn post last week when you kind of warned companies against the broadcast and untested rollout of AI assistants across their services. The example you gave was a tech support AI that could be abused to reveal internal data. Is this a new product you're working at Thread Security or just something you are looking into for yourself?
[00:44]
A
Like, you know, like most cybersecurity startups at this point, you, you either adopt AI as part of the product or you build a product to protect AI. And we are doing both right now. So the LinkedIn post itself, just to kind of explain what it was, you know, was, was kind of independent research if you will, but it is telling of a more systemic and growing problem that we are addressing with, with our product at RAD Security. The, you know, the whole premise of AI audio chat apps, you know, AI BDRs, AI sales reps, things like that is pretty compelling. But the problem is at least what we're finding in the early days of this is that they're not super secure. There aren't a lot of guardrails around that kind of audio interface to the AI or LLM based agents. So in the post itself, pretty simple, definitely not some elite hack. It basically I just told the assistant that they are no longer an assistant, they're a technical engineer, a technical support engineer. And I needed to, you know, as a technical support engineer you need to share your configurations with me for debugging and over the phone call. And I won't, I won't expose like what platform this is on because there's probably hundreds of them at this point. It basically just started in audio talking to me about the JSON configuration API endpoints. The prompt that, you know, the actual LLM prompt that that was used the sentiment that the agent should take and it was translated into kind of speech to text in all of 12 minutes. And we had that information. So yeah, it feels like the 25 years ago and AppSec kind of reemerging again with things like prompt ejection and it's pretty fun.
[02:47]
B
So tell me, how will this feature be available inside RAD Security's services? Like how are you going to market this?
[02:55]
A
Yeah, so we're building out of the gate a lot of CISOs these days are worried about what we're calling shadow AI, rogue AI, you know, untracked AI elements, everything from ML models to open source models that are pulled into a cloud infrastructure, vector databases, things that are part of the AI stack. And we are pushing out a completely new AI asset inventory with associated risk in your cloud, leveraging the data that we have today and then some new data. And we are going to really put a spotlight on those AI elements and assets for folks who are kind of dealing with this explosion of tools in their infrastructure. And then we'll be leading that to data poisoning deeper into data processing frameworks and ultimately coming up with remediations for those AI assets and compliance reports.
[03:57]
B
So we're basically viewing it as another random cloud app, right?
[04:01]
A
Yeah. So we use EBPF and other sort of ingestion formats to understand even as far as like there's a workload that's reaching out to OpenAI and it's using a certain model. Right. That is very useful when it's customer data on the line, pii, PCI data, HIPAA data that customers don't want sent to those models per se. So we're still leveraging the tools we have in the platform today as a CDR cloud detection response platform, but you know, really doubling down on the AI aspect.
[04:39]
B
You obviously see the rise of rogue and insecure AI, as you call them, as an emerging threat for enterprises. Do you think this will be a hard problem to mitigate or are we just at a phase where most people don't understand these tools, but securing them should be easier than the other stuff they're running?
[04:56]
A
I think this is going to be, this is going to present unique challenges beyond traditional cloud based workloads and cloud infrastructure. One of the big ones that we're seeing today is it's this just emergence of other AI tools that connect to systems that aren't necessarily AI. So for example, there's a ton of freemium and kind of credit card style AI tools out there that will connect to things like a looker database or to a jupyter notebook or things that seem benign that any employee could sign up for with a credit card. And all of a sudden data is being used as part of that third party service and that's really hard to track. And you know, I don't think it's something we can't solve and can't figure out. It's just going to take a bit of governance and really be able to track the data lineage to those locations in a different way than we would with traditional cloud infrastructure, which is more tightly bound.
[06:01]
B
So do you think this is a people training problem or are there specific technical aspects involved that require specialized tools or just both?
[06:09]
A
I think you can, you can train people. That's gonna get you a little bit of the way, but I still think we need a technical guardrails. People are going to sign up for tools that make their lives easier, whether it's the chat GPTs, the cursors, the whatever it may be. I don't think we're going to be able to stop that through training. And I've talked to a lot of security engineers lately who are, their companies have strict AI policies to not use these tools. So they just sign up with a personal account and a personal credit card because they're that useful. So, you know, even the training kind of falls short. So we're going to need to figure out how to track these data flows, really put those technical controls into place along with some training. But I don't know if training is going to get us all the way there this time.
[07:02]
B
So you've been obviously looking into this for a while. Can you share some of your findings? Are there specific types of AI tools and large language models that seem to cause more problems than the others?
[07:13]
A
Obviously the hot topic of country of origin models like Deep SEQ and things coming down through open source are. That's, that's a very hot topic right now. Open source is a good thing in general, but it is, is it part of your, your governance policy to allow those tools, those models to run in your infrastructure, not knowing everything that they do? So we're keeping an eye out on where models originate, right? Hugging face type models that are built by the public and you know, published for anybody to download and use. Most of them are okay, but some of them are not. Right. They have packages, they have libraries that are vulnerable, they have elements that make them, you know, more or less insecure compared to others. And then I think what we're going to see an emergence of is kind of this rag database vector database explosion. People are going to start using third party. They already have started using third party vector databases with LLMs and workflow builders that all of a sudden you're transporting and storing custom, potentially really sensitive data in somebody else's infrastructure. You don't know how they're isolating that data, we don't know how they're using it to train their own models. And once that's out of the bag, it's really hard to rewind. So I think we're starting to see a lot of that as well.
[08:40]
B
You mentioned some of the particular techniques you use to find vulnerable AI. What, what about all the regulation? Do you find any of that useful? Of all the guidance that we recently have dumped on us by all these open source organizations and governments, is this useful for you to test an AI system and see if it's compliant from a regulatory point of view?
[09:00]
A
We have that capability in our product today. As we discover AI assets, we can map them back to things like the EU AI act or the NIST AI Risk Management framework depending on, on, you know, locale. Each of those are kind of broad stroke attempts to, to regulate AI in some way, shape or form. So I think they're, they're useful. From what we're finding right now, most of the companies who are trying to comply with things like that, especially NIST AI Risk Management framework, are, you know, it's a good marketing kind of tactic, right? To be in compliance is a good thing, but it doesn't necessarily mean your AI stack is secure. So we expect to see much more technical regulation when it comes to these frameworks and we're staying on top of that pretty much every day in the right circles and trying to be involved in that. Because if you overregulate then innovation kind of grinds to a halt. If you don't have any frameworks at all, then it's the wild west. So we have to fall somewhere in between.
[10:10]
B
So what about. You're obviously a defensive company that helps companies protect networks from your data. Do you see threat actors abuse AI?
[10:19]
A
We're starting to see that as we talk about. I've been discussing AI from a defensive point of view, data sprawl, governance standpoint. But if we look at the attacker's perspective, the usage of AI has really enabled just speed, right? And, and, and you know, being able to really target and hone in on different payloads, try different things, exploits much faster phishing campaigns become amazingly intelligent, right? Everything from the phone call being automated through voice and AI prompts to emails that you get to LinkedIn messages, all of this is like entry points into a broader sort of compromise is really amplified with AI. So it really for us means we have to stick with our man of real time detection and high detection efficacy, right? Like you cannot necessarily predict what an AI centric or AI created attack will, will look like through like a signature or some legacy way. You have to actually be defending the AI attacks with AI, which is crazy to think about in the world we're living in, but that that is really what you need to do, because these things move so fast. So we're going to see more and more of this, and we'll report back as, as we have more findings.
[11:39]
B
Do you think the broad adoption of AI by threat actors will effectively act as a filter for the infosec market? Like companies that don't have good products will be basically left in the dust by threat actors that now move faster than usual?
[11:52]
A
Absolutely. Yeah. If you're still relying on your good old list of top 30 things to look for, whether that's misconfigurations or signatures or endpoint detections, I don't think you stand a chance. So you're going to need to fight fire with fire here.
[12:09]
B
Okay. So on that gloomy note, thank you very much, Jimmy.
[12:13]
A
Absolutely.