Secure AI Summit 2024 (Powered by Cloud Native)

This presentation will explore the common journey of software development companies in securely adopting AI technology within a cloud-native environment. It will unpack the challenges that development and platform teams face as they integrate AI into their systems. After initial resistance to using external LLM APIs, confidence grew and companies began building solutions with non-public data and open-source models. However, questions persist: Is my new shiny AI/LLM app secure and safe? This session will discuss practical approaches to challenges such as data privacy in Retrieval-Augmented Generation architectures, the complexities of AI-agent architectures where actions are performed across integrated systems, and the general security hardening of AI/LLM applications. We will share insights from our practice, which began by defining a threat model for AI-based systems aligned with the OWASP Top 10 for LLM Applications, and progressed to incorporating solutions into our cloud-native platform. Both offensive and defensive approaches were implemented, including the integration of tools like garak (LLM Vulnerability Scanner) and NVIDIA NeMo Guardrails into our cloud-native stack.