The aggressive use of large language models (LLMs) across enterprise environments in 2024 is creating new challenges for CISOs. LLMs have their own cybersecurity challenges, especially when it comes to data breaches. The cloud has its own challenges, and cloud platform providers constantly make changes without notifying tenants. What happens when both LLM and cloud cybersecurity issues collide? Nothing good comes of it.
Multiple cloud LLMs, shadow LLMs increase risk
The biggest problem is when companies host multiple LLM iterations in one or more cloud environments. No matter what action CISOs and CIOs take with LLM, they accept the risks of the LLM cloud. Whether a company hosts LLM in the cloud, on-device, or on-premises may have little impact on the threat landscape. Even if a company hosts that end locally, the other end of the LLM will almost certainly be in the cloud, especially if that vendor is handling the training. This means LLM exposure to the cloud will be widespread regardless of the CISO's decision.
This is all focused on the authorized and licensed LLM version. Despite corporate policies and rules, shadow IT extends entirely to LLMs. Employees and department heads can easily access public models such as his ChatGPT and BingChat/Co-Pilot whenever needed. You can then use those published models to create images, perform analysis, create reports, write code, and even decide which of these 128 potential locations to build your next store. You can also make business decisions such as “Should I buy and use it?”
When employees and contractors use these public models, especially for analytics, they feed internal data into them. The public model can then learn from that data and divulge sensitive trade secrets to rivals who ask similar questions.
George Chezhemov, cybersecurity strategist at BigID, said it is difficult to “mitigate the risk of unauthorized use of LLMs, especially the inadvertent or intentional entry of proprietary, sensitive, or sensitive non-public data into LLMs.” I am. Cloud Security He added that his platform helps with access control and user authentication, encryption of sensitive data, data loss prevention, and network security, among other things. Other tools are available for data discovery and surfacing sensitive information in structured, unstructured, and semi-structured repositories. “
Because it's impossible to protect data that an organization has lost track of, has excessive permissions for, or doesn't even know exists, data discovery is an integral part of data risk remediation strategies, including: Should be the first step. We are trying to address AI/LLM risks,” says Chezhemov.
Brian Levine, managing director of cybersecurity and data privacy at Ernst & Young, believes that the use of shadow LLMs by end users, including employees, contractors, and privileged third parties, poses a major security risk. It points out that this is a problem and can be difficult to control. . “When an employee is using a work device, existing tools identify when the employee has accessed known unauthorized LLM sites or apps and block access to such sites. “You can do that,” he says. “But when employees use unauthorized AI on their devices, companies face a greater challenge because they cannot reliably distinguish between AI-generated content and user-generated content. Because it’s difficult right now.”
Currently, companies rely on security controls within licensed LLMs, assuming they do not deploy their own LLMs written by their own personnel. “It is important that enterprises have adequate third-party risk management in place for AI vendors and products. As threats to AI evolve, so do the ways to counter those threats,” Levine says. . “Currently, many of the compensation controls reside within the AI/LLM algorithms themselves or must rely on users and their corporate policies to detect threats.”
Security testing and decision-making should consider AI
Ideally, security teams should ensure that AI awareness is baked into all security decisions, especially in environments where zero trust is considered. “Traditional EDR, XDR, and MDR tools are primarily designed to detect and respond to security threats on IT infrastructure and endpoints,” he says. . As such, LLMs, cloud-based or on-premises, are ill-equipped to address the security challenges posed by AI applications.
“Security testing must now focus on AI-specific vulnerabilities, ensuring data security, and complying with data protection regulations,” Chezhemov adds. “For example, there are additional risks and concerns around instant hijacking, intentional subversion of coordination, data leakage, etc. Continuous re-evaluation of AI models is required to address drift and bias.”
Chedzhemov recommends that secure development processes should incorporate AI security considerations throughout the development lifecycle to foster closer collaboration between AI developers and security teams. “Risk assessments must take into account the unique challenges associated with AI, such as data leakage and output bias,” he says.
Hasty integration of LLM into cloud services creates attack opportunities
Itamar Golan, CEO of Prompt Security, points out that the current highly tense business climate is a major concern. For many companies developing these models, the urgency encourages all sorts of security shortcuts in the coding. “This urgency has pushed many security validations to the back burner, allowing engineers and data scientists to build GenAI apps without restrictions. In order to deliver great functionality as quickly as possible, these LLMs are and computing resources are increasingly being integrated into internal cloud services,” said Golan.
“These integrations are often not least privileged or configured properly, creating a direct attack vector from the externally exposed chat interface to the crown jewel of a cloud environment. We believe it will be several months before we see large-scale attacks being carried out through GenAI interfaces, leading to account takeovers, unauthorized data access, etc.Natural language and new frameworks Due to the unstructured nature of GenAI and the architecture surrounding GenAI applications, we found that current security stacks are not sufficient to protect against this type of prompt injection attempt.”
Attackers target LLM
Another concern with LLM is that it makes the system a very attractive target for attackers. Bob Rudis, vice president of science at GreyNoise Intelligence, believes there is a good chance these attacks will work. “GPU/AI compute nodes, both provisioned on-premises and in the cloud, can freeload these resources in the same way that huge CPUs and high-end endpoint GPUs have been used by bad actors to mine cryptocurrencies. will be a prime target for attackers attempting to do so. Attackers will be willing to use unsecured infrastructure to train and run their models. Additionally, they will use this infrastructure to “The data stolen from internal email, SharePoint, and file servers can be mined and used in sophisticated phishing campaigns,” Ludis said. “Advertisers will also quickly identify which GPU/AI computing systems an organization relies on for business-critical functions and figure out how to cripple those systems with extortion or ransomware campaigns. This may not be the traditional method, given that there are many ways to reduce computing power without completely disabling the environment.
Igor Baikhalov, Semperis' chief scientist, offers a different perspective. He argues that all types of sensitive intellectual property within a company must be protected. LLMs that include generative AI are just stupid converters that are prone to hallucinatory attacks. If sensitive data is exposed, security concerns arise, as with any SaaS product, the protection of sensitive data that is subject to training And of course it has to be about securing access to the applications themselves,” he says. “The same principles apply whether deployed on-premises, on-chip, or in the cloud.”
