Back

Showing 6 episodes for Artificial Intelligence

#173
May 17, 2024

EP173 SAIF in Focus: 5 AI Security Risks and SAIF Mitigations

Guest:

27:23

Topics covered:

  • What are the unique challenges when securing AI for cloud environments, compared to traditional IT systems?
  • Your talk covers 5 AI risks, why did you pick these five? What are the five, and are these the worst?
  • Some of the mitigation seem the same for all risks. What are the popular SAIF mitigations that cover more of the risks?
  • Can we move quickly and securely with AI? How?
  • What future trends and developments do you foresee in the field of securing AI for cloud environments, and how can organizations prepare for them?
  • Do you think in 2-3 years AI security will be a separate domain or a part of … application security? Data security? Cloud security?
#171
May 6, 2024

EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side

Guest:

29:29

Topics covered:

  • Given your experience, how afraid or nervous are you about the use of GenAI by the criminals (PoisonGPT, WormGPT and such)?
  • What can a top-tier state-sponsored threat actor do better with LLM? Are there “extra scary” examples, real or hypothetical?
  • Do we really have to care about this “dangerous capabilities” stuff (CBRN)? Really really?
  • Why do you think that AI favors the defenders? Is this a long term or a short term view?
  • What about vulnerability discovery? Some people are freaking out that LLM will discover new zero days, is this a real risk?
#168
April 15, 2024

EP168 Beyond Regular LLMs: How SecLM Enhances Security and What Teams Can Do With It

Guest:

  • Umesh Shankar, Distinguished Engineer, Chief Technologist for Google Cloud Security
  • Scott Coull, Head of Data Science Research, Google Cloud Security
27:23

Topics covered:

  • What does it mean to “teach AI security”? How did we make SecLM? And also: why did we make SecLM?
  • What can “security trained LLM” do better vs regular LLM?
  • Does making it better at security make it worse at other things that we care about?
  • What can a security team do with it today?  What are the “starter use cases” for SecLM?
  • What has been the feedback so far in terms of impact - both from practitioners but also from team leaders?
  • Are we seeing the limits of LLMs for our use cases? Is the “LLM is not magic” finally dawning?
#163
March 11, 2024

EP163 Cloud Security Megatrends: Myths, Realities, Contentious Debates and Of Course AI

Guest:

  • Phil Venables, Vice President, Chief Information Security Officer (CISO) @ Google Cloud
29:29

Topics covered:

  • You had this epic 8 megatrends idea in 2021, where are we now with them?
  • We now have 9 of them, what made you add this particular one (AI)?
  • A lot of CISOs fear runaway AI. Hence good governance is key! What is your secret of success for AI governance? 
  • What questions are CISOs asking you about AI? What questions about AI should they be asking that they are not asking?
  • Which one of the megatrends is the most contentious based on your presenting them worldwide?
  • Is cloud really making the world of IT simpler (megatrend #6)?
  • Do most enterprise cloud users appreciate the software-defined nature of cloud (megatrend #5) or do they continue to fight it?
  • Which megatrend is manifesting the most strongly in your experience?
#155
January 15, 2024

EP155 Cyber, Geopolitics, AI, Cloud - All in One Book?

Guest:

  • Derek Reveron, Professor and Chair of National Security at the US Naval War College
  • John Savage, An Wang Professor Emeritus of Computer Science of Brown University
29:59

Topics covered:

  • You wrote a book on cyber and war, how did this come about and what did you most enjoy learning from the other during the writing process?
  • Is generative AI going to be a game changer in international relations and war, or is it just another tool?
  • You also touch briefly on lethal autonomous weapons systems and ethics–that feels like the genie is right in the very neck of the bottle right now, is it too late?
  • Aside from this book, and the awesome course you offered at Brown that sparked Tim’s interest in this field, how can we democratize this space better? 
  • How does the emergence and shift to Cloud impact security in the cyber age?
  • What are your thoughts on the intersection of Cloud as a set of technologies and operating model and state security (like sovereignty)? Does Cloud make espionage harder or easier? 
#150
November 27, 2023

EP150 Taming the AI Beast: Threat Modeling for Modern AI Systems with Gary McGraw

29:29

Topics covered:

  • Gary, you’ve been doing software security for many decades, so tell us: are we really behind on securing ML and AI systems? 
  • If not SBOM for data or “DBOM”, then what? Can data supply chain tools or just better data governance practices help?
  • How would you threat model a system with ML in it or a new ML system you are building? 
  • What are the key differences and similarities between securing AI and securing a traditional, complex enterprise system?
  • What are the key differences between securing the AI you built and AI you buy or subscribe to?
  • Which security tools and frameworks will solve all of these problems for us?