Tag: GenAI

Posted on

Generative AI (GenAI): Security

Generative AI (GenAI): Security

Generative artificial intelligence (generative AI) is a new buzzword across the industries. Generative AI is an artificial intelligence technology that can produce various types of content, including text, imagery, audio, and synthetic data.

All organizations are investing large amounts of their budget in GenAI technology. Recently Amazon completed a $4 billion investment in generative AI development. As per a recent study barely scratching the Generative AI use case and opportunity.

Before implementing any Generative AI solution make sure you completely understand the organization’s business problem to implement Gen AI solution, because any generative AI solution takes a lot of money, time, and brain power.

Evolution of LLMs

Generative AI has just blown up within the last year or two years, but it has been around for decades. Generative AI is based on large language models (LLM).  LLM has been evolving for a while technically five to ten years approx. All companies (like AWS, Microsoft, and Open AI) are presenting their standard based on their business requirements. Here is the evolution story of LLMs & GenAI.

AI Attacks

There are four types of AI attacks.

  1. Poisoning – This AI attack can lead to the loss of reputation and capital. This is a classic example of thrill-seekers and hacktivists injecting malicious content which subsequently disrupts the retraining process.
  2. Inference – This AI attack can result in the leakage of sensitive information. This attack aims to probe the machine learning model with different input data and weigh the output.
  3. Evasion – This AI attack can harm physical safety. This type of attack is usually carried out by Hacktivists aiming to get the product of a competitive company down and has the potential to seriously harm the physical safety of people.
  4. Extraction – This AI attack can lead to insider threats or cybercriminals. Based on this the attacker can extract the original model and create a stolen model to find evasion cases and fool the original model.

Type of AI Malware

  • Black Mamba – Black Mamba utilizes a benign executable that reaches out to a high-reputation API (OpenAI) at runtime, so it can return synthesized, malicious code needed to steal an infected user’s keystrokes. It has the below properties.
    • ChatGPT Polymorphic Malware
    • Dynamically Generates Code
    • Unique Malware code
  • Deep Locker – The Deep Locker class of malware stands in stark contrast to existing evasion techniques used by malware seen in the wild. It hides its malicious payload in benign carrier applications, such as video conference software, to avoid detection by most antivirus and malware scanners. It has the below properties.
    • Targeted identification
    • Logic detonation Mechanism
    • Facial and voice recognition
  • MalGAN – Generative Adversarial Networks serve as the foundation of Malware GAN and are used to create synthetic malware samples. For Mal-GAN’s complex design to function, it is made up of three essential parts: the generator, substitute detector, and malware detection system based on machine learning. It has the below properties.
    • Generative Adversarial Malware
    • Bypass ML-based Detections
    • Feed-forward Neural Networks

AI Security Threats

  • Deepfake Attacks
  • Mapping and Stealing AI Models
  • Spear Phishing (Deep Phishing)
  • Advanced Persistent Threats (APTs)
  • DDoS and Scanning of the Internet.
  • Data poisoning AI Models
  • PassGAN and MalGAN
  • Auto Generation of Exploit code
  • Ransom Negotiation Automation
  • Social Engineering

AI Security Defense Strategy

As we learned in AI several AI malware and threats are impacting different parts of the AI ecosystem. Our AI must be smart enough that it detects its threats and mitigates risk. ML-based malware detectors detect risk and generate insights into its severity. Here are a few approaches should implement to protect your AI systems.

  • Intelligent Automation
    • Automated response and Mitigation
    • Indicators of Compromise (IOCs) extraction and correlation
    • Behavioral and anomaly detection
  • Precision Approach
    • High Accuracy and Precision
    • Identify, Understand, and Neutralize
    • Prioritize Risk
  • Define the Area for defense
    • Identify the most vulnerable area.
    • Apply a broad spectrum of defense.
    • System resiliency

AI involvement in security

  • Malware detection – AI systems help prevent phishing, malware, and other malicious activities, ensuring a high-security posture and analyzing any unusual behavior.
  • Breach risk prediction – Identify the most vulnerable system and protect against any data leak.
  • Prioritize critical defense – AI-powered risk analysis can produce incident summaries for high-fidelity alerts and automate incident responses, accelerating alert investigations.
  • Correlating attack patterns – AI models can help balance security with user experience by analyzing the risk of each login attempt and verifying users through behavioral data, simplifying access for verified users
  • Adaptive response – AI model automated response and generate an alert if the system identifies any threats. This creates the first layer of security defense.
  • Applied Machine learning – AI models are self-train. If models identify any new risk pattern apply new security models to all protected systems.
Posted on

Generative AI for Public Sector: An API Opportunity

The disruptive power of AI extends to every industry, opening up unlimited possibilities for new business opportunities. It turns imagination into reality, insights into action, and possibility into discovery. Generative AI is a type of AI that produces content such as text, audio, code, videos, images, or any other content based on prompts input by the user. Generative AI models use complex computing processes like deep learning to analyze patterns from large sets of historical data to create new business opportunities.

Generative AI is a one of the most promising technologies that can help the public sector to improve productivity and service quality. However, it is important to ensure that the technology is used responsibly and ethically.

Generative AI can enable the public sector to improve productivity and service quality. Generative AI has a wide range of applications in the public sector. It can be used to extract information and automate paper-based processing. It can also be used to automate repetitive and mundane tasks, enabling staff to take on higher value work, optimize resource allocation, and enhance decision making. It also uses to summarize large amounts of information from different sources, such as public health data and economic indicators, to identify patterns, trends, and correlations for Government to take decision in favor public.

Here are a few examples of tasks that Generative AI can perform in the public sector:

  • Providing support to clients such as chatting, responding, and delegating task to correct department.
  • Writing and editing documents and emails
  • Coding tasks, such as debugging and generating templates and common solutions.
  • Summarizing information.
  • Research, translation, and learning

To ensure the responsible use of GenAI tools and maintain public trust , the public sector should align with the “FASTER” principles:

  • Fair: Content should comply with human rights, accessibility, procedural and unbiased obligations
  • Accountable: Content generated by these tools should make sure it is factual, legal, ethical, and compliant with the legal terms of use.
  • Secure: In pub-sec security is paramount goal. Content generated by Generative AI should appropriate for the security classification of the information and privacy & personal information are protected. Compliance with PII data.
  • Transparent: In Government sector, it is very important that your all procedural is transparent, and users know that they are interacting with an AI tool.
  • Educated: It is very important to document the strengths, limitations, and responsible use of the Generative AI tools. It should also highlight; how to create effective prompts and to identify potential weaknesses in the outputs.
  • Relevant: Generative AI tools should support user and organizational needs, contributes to improved outcomes and become relevant to society and business.

Since Generative AI has a wide range of benefits in the public sector, there are also some challenges associated with its use.

Here are Some of these challenges:

  1. Ethical dilemmas: Generative AI can be used to create deepfakes by manipulating videos and images. That can be used to spread misinformation and create confusion among public.
  2. Dependency on technology: Generative AI is dependent on the latest technology and underline system. It is based on how secure your data technology and how your data is communicating with AI models.
  3. Equity and accessibility issues: Generative automated certain task that led some job displacement. Which lead to accessibility and equity concern.
  4. Staff resistance to change: If Pub-Sec staff perceive Generative AI as a threat to their job then they may be resistance to change into Generative AI process.
  5. Project delays and failures: Generative AI projects are complex and time consuming. This may be delay or failure of project implementation.
  6. Regulatory issues: In Public Sector, data are fragmented which raises compliance and regulatory issue. This may be concerns about data privacy, security, and ownership.
  7. Cybersecurity risks: AI in the public sector raises cybersecurity risks. This may be concern about hacking, data breaches and other cyber threats.

API is helping GenAI to import the AI model and enable data for Generative AI. We can mitigate some of these risks by implementing API based approach for Generative AI in public sector.

Here are the few challenges in pub-sec Generative AI which is mitigated by API implementation.

  • Security: According to recent finding Generative AI makes it easier for hacker to find and exploit vulnerabilities. If your Generative AI models are communicating with your organization data through API, it will mitigate vulnerabilities risk many folds. Government sector can implement strict control of their data in a number of ways like MFA or API access permission.
  • Data control: Through API implementation in Generative AI, pub-sec can eliminate any data leakage and data abuse. Through API governance they can monitor data usage by Generative AI models. Government sector can also implement API rate limiting or IP restriction for any API to get tighter control on their sensitive data.
  • Fairness and relevancy:  Accuracy of Generative AI model or LLM are based on independent and relevancy of data. Generative AI models in pub-sec only work when Generative AI model follows compliances and relevant to use-case. API implementation does make sure data is relevant and independent for LLM. API also restrict any unwanted data for AI models and reduce processing time to cleansing unwanted data.   
  • Data Separation: APIs keep data separated from Generative AI Models or LLM (Large Language Model) implementation. This enable LLM to work on different set of data at the same time and enable faster innovation within government sector.
  • Fast delivery: APIs enable faster delivery of generative AI models. During your development of LLM models you focus only on models not on data deliveries. This may enable two stream of development team. One team focus only on data delivery and second team can focus only on Large language models development. This may empower to team for faster project deliveries.

Public sector adoption on Generative AI is still in the early stages, but it needs to accelerate. This will enable faster public project deliveries and AI bot assistances.