logo
allArticlesConferencesPresentations

Preventing an OWASP Top 10 in the world of AI

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Aaron Ansari

Summary

The importance of secure design, logging and monitoring, and broken authentication in AI technology
  • API breaches can lead to manipulation of AI engines, which can be dangerous in financial and loan decisions
  • Insecure design and injection can compromise AI engines
  • Broken authentication can lead to unauthorized access and manipulation of AI engines
  • Logging and monitoring are crucial for compliance and abuse prevention
  • Human involvement and fine-tuning are necessary for effective decision-making in AI technology
API breaches can allow for the manipulation of AI engines, which can be dangerous in financial and loan decisions. For example, if an AI engine is involved in loan decisions and a printout comes back saying that the loan is not approved, a human being has no idea why the loan was not approved. This lack of transparency can be dangerous and lead to compliance issues.

Abstract

Abstract:According to McKinsey & Company, by 2030, companies who fully absorb AI could double their cash flow. As AI continues to be deployed into complex settings (healthcare, transportation and financial services), policy makers have warned against the potential abuses of AI and ML for cybercriminals’ gain. At the same time, the cybersecurity community has highlighted the benefits of using these algorithms to identify and defend against threats by automating the detection of and response to attempted attacks.To prevent a future where OWASP releases a top 10 for AI threats, we need to broaden the conversation around how AI systems can themselves be secured, not just about how they weaken or augment data and network security. In this session, the speaker will offer the benefits of utilizing this emerging technology while illustrating some of its vulnerabilities. He will demonstrate how a simple AI chatbot, like those used by so many companies today, can be easily manipulated. He will also offer suggestions for protecting the algorithms from being compromised. The conversation will include practical ideas on how an organization should structure its AI program including: Whether to utilize Human In The Loop (HITL) to ensure that a person controls when to start or stop any action performed by an AI system; How best to lock down AI based on data classification policies; and Why it is important to analyze log data in real time to provide AI threat monitoring, event correlation and incident response.
Materials:
Tags:
AI
chatbots
cybersecurity
data classification
HITL

Post a comment

Related work

Human Expression and the Future of Empathetic AI

Conference:  Transform X 2022
Authors: Alan Cowen
2022-10-19

How to Design, Launch, and Monitor Resilient ML Systems

Conference:  Transform X 2022
Authors: Dan Shiebler
2022-10-19

How to Map Networked Devices Using Graph-Based AI to Preempt Cyber Threats

Conference:  RSA Conference 2023
Authors: Divyansh Jain
2023-04-24

Extend EDR Visibility by Logging Everything: Demo with Free Integrations

Conference:  RSA Conference 2022
Authors:
2022-06-06

The Future of Data-Driven Innovation in AI With Jerry Yang

Conference:  Transform X 2021
Authors: Jerry Yang
2021-10-07

The Future of AV Sensors - Enabling the Autonomous Vehicles of Tomorrow

Conference:  Transform X 2021
Authors: Austin Russell
2021-10-07