Real-life Examples. Benefits, Risk & Security Implications of AI – Frank Catucci – ASW #234
With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti’s CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures.
Segment Resources:
- On-demand webinar on the topic of generative AI - https://www.scmagazine.com/cybercast/generative-ai-understanding-the-appsec-risks-and-how-dast-can-mitigate-them
- Invicti Research - https://www.invicti.com/blog/web-security/analyzing-security-github-copilot-suggestions/
- https://github.com/svenmorgenrothio/Prompt-Injection-Playground
This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!
Sponsored By
Announcements
Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!
Guest
Frank Catucci is a global application security technical leader with over 20 years of experience, designing scalable application security specific architecture, partnering with cross-functional engineering and product teams. Frank is a past OWASP Chapter President and contributor to the OWASP bug bounty initiative and most recently was the Head of Application & Product Security at Data Robot. Prior to that role, Frank was the Sr. Director of Application Security & DevSecOps and Security Researcher at Gartner, and was also the Director of Application Security for Qualys. Outside of work and hacking things, Frank and his wife maintain a family farm. He is an avid outdoors fan and loves all types of fishing, boating, watersports, hiking, camping and especially dirt bikes and motorcycles.
