ZDNet on Nostr: Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO ...
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO
==========
Generative artificial intelligence (GenAI) programs are vulnerable to attacks, including specially crafted prompts and data leaks. Elia Zaitsev, CTO of CrowdStrike, warns that GenAI is a new attack vector that opens up a new attack surface. Many people are rushing to use this technology without proper controls and methods for secure computing. GenAI can be made malicious despite guardrails. The lack of role-based access controls on large language models (LLMs) poses a risk of exposing sensitive data. GenAI programs are part of a broader category of malware-less intrusions. Techniques to mitigate risk include validating user prompts and responses, not allowing direct access to data stores, and using retrieval-augmented generation (RAG) to access databases. Privacy and data security are major concerns when building and using GenAI technology.
#GenerativeAi #Cybersecurity #AttackVector #DataLeaks #Guardrails #EnterpriseUsers #SensitiveData #MalwarelessIntrusions #LargeLanguageModels #RolebasedAccessControls #Privacy #DataSecurity
https://www.zdnet.com/article/generative-ai-is-new-attack-vector-endangering-enterprises-says-crowdstrike-cto/
==========
Generative artificial intelligence (GenAI) programs are vulnerable to attacks, including specially crafted prompts and data leaks. Elia Zaitsev, CTO of CrowdStrike, warns that GenAI is a new attack vector that opens up a new attack surface. Many people are rushing to use this technology without proper controls and methods for secure computing. GenAI can be made malicious despite guardrails. The lack of role-based access controls on large language models (LLMs) poses a risk of exposing sensitive data. GenAI programs are part of a broader category of malware-less intrusions. Techniques to mitigate risk include validating user prompts and responses, not allowing direct access to data stores, and using retrieval-augmented generation (RAG) to access databases. Privacy and data security are major concerns when building and using GenAI technology.
#GenerativeAi #Cybersecurity #AttackVector #DataLeaks #Guardrails #EnterpriseUsers #SensitiveData #MalwarelessIntrusions #LargeLanguageModels #RolebasedAccessControls #Privacy #DataSecurity
https://www.zdnet.com/article/generative-ai-is-new-attack-vector-endangering-enterprises-says-crowdstrike-cto/