Cyber Risk Series – AI & LLM Edition: How Secure Are Your Generative Sheep?

In a time when AI and LLMs are transforming both opportunities and threat landscapes, Sumedh will examine how CISOs and cybersecurity leaders can address the emerging complexities of AI security. Attendees will gain insights into risk-informed approaches that allow organizations to harness AI’s potential while safeguarding against evolving vulnerabilities.

Sumedh Thakar
President and CEO
Qualys

As AI and large language models (LLMs) become integral to business operations, understanding their unique risks is critical. In this session, I’ll draw from my experience building production LLM systems at Exabeam, insights from my work with OWASP, and lessons from my award-winning O’Reilly book to uncover the vulnerabilities lurking in today’s generative AI. We’ll examine key security gaps and discuss actionable strategies to mitigate threats in an evolving landscape.

Steve Wilson
Chief Product Officer
Exabeam
OWASP Project Lead

The landscape of cybersecurity has undergone a profound shift as we embrace the potential of AI to revolutionize industries. In this talk, we delve into the critical imperatives for securing our digital ecosystems in the age of AI and explore the urgent need to transform these architectures to accommodate AI-driven workloads. From edge devices to cloud infrastructure, our systems must evolve to handle the demands of AI algorithms while also maintaining robust security. We’ll discuss NVIDIA’s significant role in fortifying cybersecurity, including NVIDIA Morpheus, digital fingerprinting, and behavior analytics.

Emergent technologies like generative AI can sometimes take security professionals out of their comfort zone and challenge preconceived notions about what it means to secure a system or capability. The new challenges that come with securing AI have also forced us to revisit risk and resilience in a threat landscape that has quickly shifted into novel attack spaces.

Effectively managing enterprise cybersecurity risks has historically been facilitated by the adoption of robust risk management frameworks, tools, and processes that directly link risks to actions. For this talk, we will illustrate how the concepts that have traditionally afforded us the ability to mitigate and respond to risk through security are the same concepts we can apply to secure capabilities enabled by emergent technologies, including AI. Along the way, we will examine what it is that makes us uncomfortable with AI and discuss concrete steps to take that will make us more comfortable with deploying these capabilities confidently and securely.

The session provides actionable insights for organizations looking to implement robust security practices in their AI development practices while balancing innovation with risk mitigation. We explore integrating AI development and security lifecycles, offering a practical framework for risk management. We examine how secure development lifecycle (SDL) principles can be adapted for AI systems. The discussion covers distinct risk considerations from both AI model providers’ and consumers’ perspectives. We’ll analyze appropriate controls and risk mitigation strategies at different stages.

As organizations adopt LLMs rapidly, security challenges arise, especially when development teams deploy these models without notifying security teams. Total AI enhances visibility, offers proactive scanning, and categorizes AI vulnerabilities, helping organizations secure their infrastructures and manage risks effectively. A demo showcases how users can manage AI assets and address vulnerabilities.