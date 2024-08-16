This year's Black Hat USA conference showcased the latest attack methods and news from vendors to help security teams better protect their organizations.

Here, I'll highlight two important themes from the conference that are essential for risk management, including useful related security product updates.

1. The emergence of AI-related risk With the recent popularity of artificial intelligence, organizations are aggressively exploring or adopting AI -- including machine learning and generative AI (GenAI) -- for a potential competitive advantage to their business. In fact, recent research from TechTarget's Enterprise Strategy Group showed GenAI initiatives are one of the top IT investments for 2024. Like cloud computing, this wave of new technology is coming at us fast and is being embraced broadly by organizations. While GenAI and specifically the use of large language models (LLMs) can provide tremendous efficiencies for organizations -- such as supercharging previously manual, mundane back-office tasks, increasing developer productivity and automating externally facing customer interactions -- the technology comes with its own set of risks that need to be addressed immediately. Similar to the disruption with cloud environments a number of years ago, GenAI adoption and the use of LLMs is poised to spur innovation. However, this creates an additional attack surface that requires continuous visibility and security controls to provide protection against unauthorized use, tampering and attacks. Without this protection, this new attack surface can rapidly proliferate, exposing organizations to attack. When implementing any new technology, security teams need to consider the implications of potential risk exposure these additional attack surfaces present. Ensuring all attack surfaces are secure and compliant is a no-brainer but should be paramount, particularly in industries like financial services and healthcare. Fortunately, a number of security vendors, including Apiiro, Cequence Security, Orca Security, Qualys and Wiz, announced AI-related security capabilities just prior to and during the Black Hat conference that will enable security teams to address and protect this emerging attack surface. These include the following: Discovery capabilities that provide visibility of GenAI and LLMs workloads in the environment.

Acting as guardrails by ensuring developers use organization-approved and vetted LLMs.

Posture enforcement ensuring LLMs adhere to compliance and data protection standards.

Evaluating LLM models for attacks such as prompt injection, sensitive information disclosure and model theft.