I just got back from San Francisco where I attended the RSA Conference along with 50,000 (not a typo!) of my fellow cybersecurity practitioners.
I can’t be sure, but I’m willing to bet that over the course of those four days, San Francisco was the most cybersecure location on Planet Earth.
Unfortunately, we were a little bit late making reservations – hotel rooms that week near the Moscone Center were very hard to come by. And pricey.
After much negotiating with my team, we settled on a hotel about a mile from the convention center. Let’s just say it was not quite a five-star establishment.
Yes, there was a tiny private bathroom in my room. But not much else…
No closet.
No dresser.
No desk.
No chair.
There was literally no place, other than the floor, to sit down.
Rob, you could have sat on the bed.
You mean on one of the bunk beds?
That’s right. My room had two matching bunk beds, both with the top bunk so low that it was impossible for someone my height to sit up straight.
Maybe it was my fault. Maybe I should have asked when making the reservation whether there would be any flat surfaces available: By the way, I like to sit down occasionally. Are your beds bunk or normal?
But I guess I just assumed places to sit were a given.
When it comes to cybersecurity and AI, there is likewise a lot of assuming going on.
People often expect the same security controls to be in place with AI as with other, more established technologies. But because AI is so new, a lot of controls don’t yet exist. Behaving as if they do exist can be problematic.
The good news is that among the many interesting sessions at the RSA conference, several of them included practical advice on this very topic. Here are some things that emerged…
#1. Validate inputs at every trust boundary.
A “trust boundary” refers to the invisible line in your systems where you stop fully trusting what comes in from the outside and instead treat that as potentially risky or unverified.
In your house, the trust boundaries are typically the exterior doors and windows. Everyone and everything inside is safe from wolves and other predators, but once you go beyond those boundaries, bad things can happen.
Within your business, the trust boundaries are the points at which internal systems connect to something else (e.g., data, files, URLs).
Connecting to these kinds of things isn’t inherently bad – in fact, it’s a necessary aspect of running a modern business.
The problem is that unlike a human who (hopefully) ignores potentially dangerous instructions, AI can be prodded to follow a malicious prompt or use poisoned resources, either of which can lead to serious situations.
So where AI is involved in crossing any trust boundaries, it’s important to pre-scan and remove content or instructions that could be harmful in this way.
#2. Remember that LLMs are non-deterministic.
Two plus two is four – every time. The same input results in the same output. That’s “deterministic.”
AI is non-deterministic; LLMs don’t follow a fixed, repeatable path.
Environmental differences on the server, request volume at the time of query, model updates since the last query … depending on what’s going on, these things and others like them can lead to inconsistent results.
This is why it’s important to keep humans in the loop (or HiTL, as we say at cybersecurity conferences). Otherwise, a previously trusted input could give the LLM instructions you don’t want, ignoring whatever security controls you have in place.
#3. Log everything.
When something goes wrong – the AI has some kind of crazy output or does something you don’t expect – you need to trace back what data or instructions went into the system so you can identify and debug for future use.
But you’ll never figure it out if you’re not diligent about logging exactly what was done and when. That’s the only way you can reliably make your way back to what caused the problem in the first place.
AI Still Needs Adult Supervision
Those are just three themes from the conference. There were many others that, in the interest of space, I will have to save for another day.
But the overall message was simply this: AI is new and largely untested. It can save a lot of time, money, and effort, but from a cybersecurity perspective, it can also do a lot of damage quickly.
When it comes to AI in your business, as with bunk beds, remember to watch your head.
—
Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.
