Secure AI Summit 2024 (Powered by Cloud Native)

The rapid advancement of Generative AI has lowered the barrier for creating sophisticated malware, making less experienced hackers capable of propagating attacks in a matter of minutes. This new type of threat highlights the need to develop suitable tools to reduce detection time to a similar timeframe. This talk introduces Kestrel as a Service (KaaS), empowering threat hunters with reusable threat hunting flows from the Kestrel language, effortlessly deployable in the cloud. Augmented by predictive AI model plugins, Kestrel optimizes threat detection, accelerating response times in case of attacks. Kestrel provides a layer of abstraction to stop the repetition involved in cyber threat hunting. Kestrel contains two main components, 1) A threat hunting language for a human to express what to hunt and 2) A machine interpreter that deals with how to hunt. The key objective is to use these components to hunt faster.

Achieving and maintaining a Zero Trust architecture in cloud-native environments remains a complex challenge. K8sGPT, a cutting-edge AI-powered tool, is revolutionizing system management and streamlining the path to Zero Trust. By providing detailed guidance, integrating with system events, and working alongside tools like Istio and Kyverno, K8sGPT simplifies policy enforcement and network security, empowering operators to implement a robust Zero Trust model confidently.

While AI presents an opportunity to innovate across domains, we are learning that it also presents unknown threat vectors that are constantly evolving. So what does threat-modeling look like for today's AI applications? Some frameworks are emerging like the OWASP LLM risks or MITRE ATLAS framework that lists attack TTPs for AI applications. However these are just baseline frameworks that need customizing for each organization. Furthermore, secure behavior of AI applications needs continuous verification as they are by nature, indeterministic and are often built on top of 3rd party models which are untrusted black boxes. AI apps should be actively breached to test how secure organizational data, IP, and internal APIs are when connected through them, much like the way the resilience of dynamic microservices is actively tested using chaos experiments. This talk will describe how to bring proactive Chaos-testing to AI security using Secops-Chaos - an open source framework that helps encode TTPs as security focused chaos experiments, with hands-on demos of how to map some of the MITRE ATLAS TTPs to AI apps running as containers within Kubernetes environments.

Today GRC team struggles to instill the culture of Continuous Control Monitoring. Typically, they utilize mechanisms such as security questionnaire, email or Sharepoint to gather evidence. These aids help them in assessing compliance, preparing for audits and managing vendor risk assessments. However, they encounter difficulties in collecting data and evidence due to lack of standardization, technical complexity, repetitiveness and insufficient time and resources. We can support our hard working GRC teams and equip them the necessary tools by employing LLM in the following way: - Creating a machine readable controls framework in YAML from the policy document. - Generating a dynamic graph of policies, controls and frameworks based on the YAML - Designing a dynamic evaluation questionnaire for users to assess the effectiveness of these policies - Deploying this questionnaire using well known tools like Google forms for continuous controls monitoring - Implementing CEL (Common Expression Language) to calculate the compliance score dynamically based on the evaluation responses. - Integrating the final results into reports and dashboards for the steering governance committee.