Secure AI Summit 2024 (Powered by Cloud Native)

While AI presents an opportunity to innovate across domains, we are learning that it also presents unknown threat vectors that are constantly evolving. So what does threat-modeling look like for today's AI applications? Some frameworks are emerging like the OWASP LLM risks or MITRE ATLAS framework that lists attack TTPs for AI applications. However these are just baseline frameworks that need customizing for each organization. Furthermore, secure behavior of AI applications needs continuous verification as they are by nature, indeterministic and are often built on top of 3rd party models which are untrusted black boxes. AI apps should be actively breached to test how secure organizational data, IP, and internal APIs are when connected through them, much like the way the resilience of dynamic microservices is actively tested using chaos experiments. This talk will describe how to bring proactive Chaos-testing to AI security using Secops-Chaos - an open source framework that helps encode TTPs as security focused chaos experiments, with hands-on demos of how to map some of the MITRE ATLAS TTPs to AI apps running as containers within Kubernetes environments.