Cloud Security Podcast by Google EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons
11 snips
Nov 11, 2024 Ante Gojsalic, Co-Founder & CTO at SplxAI, dives into the intricacies of securing generative AI applications. He outlines the unique challenges of penetration testing in this realm, such as non-determinism and the complex interplay of data and applications. Ante discusses the most concerning current attack surfaces and shares his insights on common security mistakes companies make. He emphasizes the importance of blending automated pentesting with human expertise and offers practical strategies for learning about AI security. Tune in for crucial tips on navigating this evolving landscape!
AI Snips
Chapters
Transcript
Episode notes
Data in Generative AI Apps
- Data is intertwined with Generative AI apps, unlike traditional apps where data can be separated for testing.
- This makes it impossible to test Generative AI apps without real or representative data.
Multimodality Complications
- Multimodality in Generative AI apps means the same input can yield different results depending on the modality (text, image, voice).
- A jailbreak might work via image input but not text input on the same chatbot.
Generative AI Attack Surface
- Programmatic agents within Generative AI apps, with access to code execution and web scraping, pose a significant attack surface.
- Indirect prompt injection through these agents presents new security challenges.