0:05 [Music]
0:07 now for our next session we're excited
0:10 to have Nvidia joining us Nvidia of
0:12 course an industry Pioneer one of the
0:17 biggest names in Ai and Laura selitos is
0:19 the principal Cloud security architect
0:21 at Nvidia and she will be in she'll be
0:24 discussing with us Security in the age
0:27 of AI delving into the urgent need of
0:29 Enterprise architecture to be
0:32 transformed form Med to accommodate Aid
0:35 driven workloads Laura will also be
0:37 touching on the company's role in
0:40 strengthening cyber security including
0:43 Nvidia Morpheus digital fingerprinting
0:47 and behavior analytics so without
0:50 further Ado take it away
0:52 Laura all right thank you everybody for
0:54 attending today my name is Laura SOS I
0:56 am a principal security architect at
0:59 Nvidia today I want to dig into Security
1:00 in the age of AI
1:02 um specifically digging into the
1:04 security perspective of this rapidly
1:05 changing AI
1:08 landscape we are seeing an explosion of
1:10 data happening every single day in our
1:12 data centers across Global traffic we
1:15 are seeing more connected things more
1:17 connected users and just overall more
1:18 data being
1:21 generated as a consequence of this when
1:23 we start seeing breaches we are seeing
1:25 an average total cost going up we are
1:27 starting to see the average data contain
1:30 these breaches exponentially increasing
1:33 as well as a massive uptick in victims
1:35 of these attacks I'm not sure about
1:37 people on this call but for myself for
1:40 others we are starting to see more and
1:42 more direct impacts of these breaches
1:45 whether it's your own personal Pi pii
1:48 information or if it is part of a
1:50 corporate um breach that you're involved
1:53 with the the overall landscape is
2:00 day two years ago we had a major moment
2:02 in history where things change this
2:04 started a new era that we have honestly
2:07 never seen before Jensen mentioned that
2:10 this is the AI moment or the iPhone
2:13 moment for AI this is a major thing that
2:15 happened specifically around the
2:17 introduction of chat gbt the reason it
2:19 was such a massive Splash in the
2:22 industry is because it only took two
2:25 months to reach over 100 million Global
2:27 users this is something we've never seen
2:30 before this is not just a new moment in
2:32 the landscape it is a new moment for
2:35 users for individuals we are starting to
2:38 need to ask the question of of why did
2:40 this become so successful why were
2:42 people able to join something so quickly
2:44 you know um this is where when we dig
2:48 into the success of chat GPT we get the
2:50 answer of accessibility back in the day
2:53 you need to you needed to leverage um
2:55 CLI or command line interface to be able
2:58 to grab this information you needed to
3:00 have some sort of expertise in
3:02 programming even if it was basic coding
3:05 abilities but now we've introduced human
3:07 language interface this is where I can
3:10 just talk plain English to a chat bot
3:12 and get results back this is where I can
3:15 start interrogating it to get my data I
3:18 can ask it to help me solve this problem
3:20 um can you connect these two different
3:23 data sources and generate a chart for me
3:24 this is where we are starting to see a
3:27 very different era emerge and with every
3:30 new era we start to deal with new types of
3:31 of
3:34 risks because AI at the end of the day
3:36 really means that everybody is now a
3:39 programmer if we were wh about 15 years
3:42 ago there was this very small technology
3:44 called cloud computing um that many said
3:46 would never take off uh in this scenario
3:49 of cloud computing we put the developer
3:51 in control of the end to- endend stack
3:53 um this was a massive paradigm shift for
3:55 us that we were not used to and what
3:57 we're now doing with artificial
3:59 intelligence and what we're now seeing
4:02 with chat chat gbt and other types of
4:05 llms is that everybody from my parents
4:08 who are not in it to our HR Personnel to
4:10 our marketing Personnel sales to our
4:13 most advanced Engineers now everybody is
4:15 a programmer in this ecosystem and
4:18 everybody is now interacting with data
4:21 in ways that we have never encountered
4:25 before so when I look at this problem it
4:27 it really breaks down to where is cyber
4:30 security in this new landscape the way I
4:32 talk about it is in two different areas
4:37 security of AI and AI for security a lot
4:38 of people on this call will see the
4:41 similarities to cloud computing right
4:42 this is what we would say in terms of
4:45 security of the cloud or Security in the
4:47 cloud this is really just an advancement
4:50 on that theme cyber security at the end
4:53 of the day is a data problem the data is
4:56 there can we find it can I find the a
4:58 the adversary in High Velocity data
5:00 streams can can I find it in
5:02 heterogeneous data sets across my entire
5:05 organization can I find it in real time
5:07 can I find it near real time can I find
5:10 it as close to the point of exploitation
5:13 as possible can I do it while I have I'm
5:15 dealing with a shorting uh a staff
5:18 shortage um where I don't have as many
5:20 people or analysts able to dig into
5:22 these queries or these problems can I do
5:24 it while my my limited Staffing
5:27 Resources are hit over and over by an
5:29 exponential increase in alerts they are
5:32 nav ating and dealing with alert fatigue
5:35 all four of these problems just exponent
5:38 exponentially increases on us and we
5:40 have to defend our Enterprise to enable
5:43 this new era of artificial intelligence
5:45 while still enabling our business to achieve
5:47 achieve
5:49 Innovation Market opportunity that we're
5:52 seeing is over a six times increase from
5:56 2022 to 2023 and this is still growing I
5:58 don't have the numbers yet for 2024 but
6:01 we are seeing a massive uptick what this
6:03 means is that we're starting to see over
6:06 70% of cyber security operations that
6:08 are starting to incorporate generative
6:11 AI Technologies even Simple Solutions
6:13 like summarization and Analysis will end
6:16 up saving hours if not days a year this
6:20 really enables our our teams to start
6:22 going after more advanced threats this
6:25 is that explosion we were talking about
6:28 with the chat GPT graph where we saw
6:30 over 100 million Global users in two
6:32 months this is that explosion that we're
6:34 starting to see um and we're starting to
6:38 to see it in our work environments every
6:41 day and as a result of that adoption
6:42 from our cyber Security Professionals
6:44 and in our industry we're starting to
6:47 learn more and more um we've learned the
6:48 hard lesson that we can't just throw ml
6:51 at the problem um you know if we're
6:53 trying to throw ml at anomaly detection
6:55 we've seen that everything starts
6:58 looking like an anomaly um starts adding
7:00 more noise for our analysts to dig
7:03 through um we are all using computers
7:05 different every single day so there is
7:07 no standard pattern that we're able to
7:09 replicate and investigate into there are
7:12 some don't get me wrong and of those
7:14 reputable patterns those are easy for us
7:16 to encode into our threat detection
7:18 tools but overall the more difficult
7:22 problems these these um more um Advanced
7:25 uh anomaly detections it's a very very
7:27 difficult problem to solve and it it is
7:29 honestly creating a lot of noise noise
7:31 for our
7:33 analysts but that doesn't mean that
7:35 there isn't hope when I dig into this
7:37 problem I try to break it up into three
7:39 categories looking at it from the point
7:42 of view of an attacker a Defender and a
7:45 user um every attacker tool I try to to
7:47 imagine is just a precursor to a really
7:49 cool defensive tool that we get to use
7:51 in the future the difference an attacker
7:53 only has to be successful one time
7:55 whereas the defender needs to be right
7:58 every single time so we obviously have
7:59 more challenges on the defender side
8:01 side but we can use this as an
8:03 opportunity to advance our skills and
8:06 learn from each other it comes down to a
8:09 problem and a challenge of time scale
8:12 Horizon and Effectiveness so I'm sure
8:15 everybody on this call is familiar with
8:18 the age-old um scam of the Nigerian
8:20 prince who has large sums of money that
8:22 they just want to share with you they
8:25 just need help uh transferring it around
8:28 and you will get a cut um this is a
8:30 issue of quality of scale time Horizon
8:34 Effectiveness right if we take this uh
8:38 scam example and leverage generative AI
8:42 to improve it we're able to customize
8:44 the um the the spam attack we're able to
8:47 make it more personalized customizable
8:49 more of a quality attack on the flip
8:51 side we can also use generative AI to
8:54 detect some of those so again we're
8:55 we're able to use this tool on both
9:01 wanting to dig a little bit more into
9:03 what does it look like for the new age
9:06 attacker we are starting to see more and
9:08 more low to no code tools being
9:11 leveraged there is a much lower barrier
9:14 to enter into this type of attack
9:17 surface what this means is that what
9:18 used to be an average attacker can now
9:21 achieve expert level attacks this is
9:24 making it not only more difficult um
9:26 from a defensive side but it is also
9:29 decreasing the amount of time that these
9:31 attack can happen um we're we're
9:35 starting to see higher scale um as an
9:38 output from these attackers but also um
9:40 a decrease in time from when they're
9:46 sophistication transitioning over to
9:49 what this means for our end users let's
9:51 put ourselves in the user shoes when I'm
9:52 talking about our users I'm talking
9:54 about our spouses our friends our
9:57 parents grandparents really people that
10:00 are not technologists the advice I have
10:03 always given to to family to friends is
10:05 don't click on links please don't
10:08 download attachments right this is the
10:10 the commonality we've had for our users
10:13 um for for decades that is starting to
10:16 change now um an example of of how it's
10:18 changing is an example our red team has
10:21 dug into here where um this is an
10:25 example of a plug-in that was added to
10:28 um one of our chat gpts that is
10:30 resulting in ex filtration of sensitive
10:32 data the attacker in the scenario would
10:34 have put malicious instructions on a
10:36 website essentially resulting in an
10:38 indirect prompt injection attack the
10:40 browser plug-in that they have added
10:42 accesses that website chat gbt will
10:44 start following the website's
10:46 instruction and this example maybe
10:48 retrieving the user's email summarizes
10:50 it encodes it into the URL appends that
10:53 into the attacker controlled URL asks
10:55 chat gbt to go retrieve it and now the
10:57 attacker has your personal
11:00 information this is is a very highle
11:04 easy example of where the user did not
11:06 click on any links they did not download
11:08 anything malicious it's turning into a
11:10 world where we need to start educating
11:13 end users to even just not ask bad
11:15 questions don't ask the wrong questions
11:18 of your co-pilot because it could result
11:20 in you having an exploitation by
11:22 accident um so we're really having a
11:25 paradigm shift of Education with our end
11:28 users where we're having to have more
11:30 suspicion and not not trust your
11:33 co-pilots necessarily or the data based
11:36 on the questions we're
11:38 asking now looking at the new age
11:40 Defender I want to break this down into
11:42 two parts what's really being what's
11:43 been done in the past and being done a
11:45 little bit today and where do we need to
11:48 get to so I'm sure everybody on this
11:50 call is familiar with datadriven
11:53 dashboards in a sock environment right
11:55 we we we work with leading vendor tools
11:57 to have our centralized repository of
12:00 data we create dashboards to try and
12:04 identify and um monitor Trends over time
12:07 of those different data sources so that
12:10 we can start acting on it this starts
12:12 coming into a scale and time Horizon
12:14 problem of Tomorrow there's a new thread
12:15 actor that we didn't have its ability
12:17 into so we're always doing this catch-up
12:21 game this is that data driven sock of
12:24 yesterday what we need to get to is more
12:27 of a context driven sock this is where
12:29 we can interrogate and Leverage human
12:33 language interfaces to be able to get to
12:34 the question or the context that we're
12:37 looking for this is honestly like in the
12:40 earlier slide we talked about the
12:44 explosion of adoption for chat gbt this
12:46 is how they were able to get to the 1
12:48 million users in two months by
12:51 leveraging human language um I I can
12:55 just ask this um type of interface to
12:57 summarize the details of the user
12:59 activity session based on Authentication
13:01 LS for this user throw that in a chart
13:03 for me help me do that analysis very
13:07 quickly on the spot um the the new age
13:09 Defender is no longer just a programmer
13:12 they are a prompt engineer this is where
13:14 they are Advanced and able to ask
13:16 explicit questions and interrogate the
13:19 system with data and then if they're
13:20 able to get to something consistent then
13:22 we chart it then we put it on our
13:25 interactive dashboards to
13:27 monitor but I really want to take that
13:29 one step further patching systems
13:32 patching is not easy and honestly I
13:35 don't know about you but I've seen teams
13:37 spend more time justifying not needing
13:39 to do the patch versus actually
13:42 implementing the patch um we have a
13:45 policy of no critical high cves this as
13:46 you can imagine results in some
13:49 frustrations some slowdowns and some
13:52 block launches this is actually where we
13:54 had an opportunity for growth internally
13:56 where our Morpheus team jumped in to try
13:59 and reach speed of light to remove some
14:01 of those slowdowns some of those block
14:05 launches by the introduction of a agent
14:07 that introduced self- testing for
14:10 automated validation of these CVS that
14:12 were discovered the reason that the
14:14 Morpheus team was able to do this is
14:16 learning from how we did standard
14:18 container vulnerability reporting and
14:21 Analysis so what is this container
14:24 vulnerable to what is the is the
14:26 vulnerability exploitable um is the
14:28 vulnerability exploitable under these
14:31 contexts so in the past where we ask
14:33 these questions as an analyst and we dig
14:36 into it and 200 different Google
14:37 searches later across the board we can
14:39 get to a yes or no answer and then
14:41 potentially a
14:44 release agent Morpheus is allowing the
14:46 automation of that analysis through
14:49 artificial intelligence it's allowing us
14:53 to use generative AI rag powered by Nims
14:56 and and other Technologies to do that
14:58 initial analysis so now when we report
15:01 on the cves it's a much smaller more
15:05 targeted more contextually aware list
15:07 that our teams can then start working
15:10 off of really the goal that um the agent
15:12 Morpheus blueprint is trying to tackle
15:15 is how can we leverage AI but also use
15:18 it iteratively to increase the speed for
15:20 releases of our products while not
15:23 compromising the security of
15:27 them the question is how can I then
15:29 apply these learnings in a more PR
15:31 practical method the answer is that
15:33 whether you are a cyber professional a
15:36 technologist a ceso you need to start
15:39 using AI today you need to start pushing
15:41 on these boundaries continuously
15:43 improving if you don't then you're
15:46 already going to be behind the amount
15:48 that we have learned just because we
15:50 didn't wait for things to be perfect we
15:53 just started doing iterative development
15:55 and Innovation we have learned from that
15:57 as we've gone through that process and
15:59 we've been able to create more
16:03 Innovative Paradigm shifts so when we
16:04 start talking about pushing those
16:06 boundaries here's an example that we've
16:09 seen over time so if we go back to the
16:11 9s this is you know we joke about the
16:14 Golden Era of security right this is
16:15 where we get into perimeter based
16:17 security you just put up a firewall and
16:20 you're good right this was challenged
16:21 boundaries were pushed we get into the
16:24 2000s and this is when Cloud was born
16:27 this is where we changed our model from
16:30 uh into application Centric security
16:33 zero trust was born but then as we
16:35 started shifting everything into the
16:37 cloud we realized there was a large cost
16:40 to it so this is where the next
16:44 iteration 202010 time frame we see the
16:45 introduction of microservices
16:47 architecture this is where we start
16:50 breaking up those very large expensive
16:52 applications into these little micro
16:56 apps um with the goal of saving costs um
16:59 pushing for re reusability and then this
17:01 change our security model to more of a
17:04 data Centric security model this is
17:05 where we start seeing the emergence of
17:09 attribute-based Access Control now let's
17:11 fast forward to today this is where we
17:14 start seeing and introducing the idea of
17:16 context Centric security let me give you
17:19 an example of this um when Jensen went
17:22 on stage for GTC last year um as well as
17:25 this year to give a keyn note on product
17:27 announcements the product team usually
17:30 has material created in advance and of
17:33 that material some of that material can
17:35 be released before Jensen's talk and
17:37 some of it needs to be released after
17:40 Jensen's talk um this is where we start
17:42 getting into a data classification
17:44 problem right in terms of based on
17:47 different kinds of context that
17:49 permission level changes at runtime or
17:51 at data
17:53 access so now I have to literally
17:56 classify every word and every phrase in
17:59 a document it's the easy answer for that
18:01 I'm sure many professionals are starting
18:03 to to see this default answer where
18:05 we'll just say system high uh High
18:08 classification for all of it so we have
18:10 all the data in our organization is now
18:13 top secret um that's not scalable that
18:15 doesn't work um that does not enable the
18:17 business to be successful and to
18:19 innovate so we have to go back to the
18:22 drawing board to understand how can we
18:25 solve this St data classification this
18:27 content context Centric security
18:30 challenge at scale for organization and
18:32 to be fully transparent we have not
18:34 solved this we have made progress and I
18:36 want to share that with you today but
18:38 this is something that we have to
18:40 continue to iterate on top
18:43 of so this is a very similar chart to
18:45 what we were just looking at this is
18:47 starting to get more into um procedural
18:51 based access to systematic um I can lock
18:53 down my SharePoint and everything else
18:55 but how do I now do that as I get into
18:59 runtime and access and this problem h ly
19:00 starts getting harder and harder in the
19:02 new era of security that we're finding ourselves
19:03 ourselves
19:06 in I want to start giving more real
19:09 world examples to what I'm talking about
19:11 to give some context so in an
19:13 organization we have Google Drive
19:15 SharePoint we we have several different
19:18 types of repository with data
19:20 classification and access layered on top
19:23 of it um but what happens if you do not
19:26 have it 100% locked down you can just
19:29 slap guard rails on it right um I can
19:30 put a little bit of tape over my
19:33 fundamental problem unfortunately we
19:36 don't see that working um there are
19:39 benefits to guard rails but it does not
19:42 solve the problem it is um one of the
19:44 the layers um of security in depth that
19:46 we want to look at but here's an example
19:48 of how we got around it this is an
19:51 example that our red team did internally
19:54 um to get around some of those um to be
19:56 able to simulate a um indirect prompt
19:59 injection attack in this example here um
20:01 the red team created a new Nvidia leave
20:05 policy based on the Death Star um we
20:08 then shared it with the entire company
20:10 um specifically to disabling notify
20:13 users so this uh passively was shared
20:15 out um and it meant that it was picked
20:19 up by our internal HR expert bots so
20:22 what does that mean it means that the
20:24 impact of this is that when users
20:27 interrogated these uh um HR expert
20:30 agents to ask about our company's
20:32 current Le policy and time off they were
20:35 given um very
20:39 uh Death Star related responses that had
20:41 nothing to do with our actual policy so
20:45 a fun example um that um we were playing
20:46 around with but it shows the potential
20:49 impact in a real world scenario so this
20:52 shows us that the the context of use
20:54 matters as well as where the data is
20:57 coming from matters so now every single
20:59 line of every single document in my
21:03 Enterprise requires access
21:05 control the traditional model that we're
21:08 familiar with is the data Centric
21:11 security data repository access controls
21:13 across this that we're seeing on this um
21:16 slide um now the problem is when we
21:18 break this down to how do I do this
21:20 based on derivative classifications and
21:22 derivative documents that come out of my
21:24 Enterprise and and this is where the
21:27 whole concept of context-based Access
21:30 Control comes into play
21:33 so if we had taken that original uh that
21:36 traditional um data Access Control stack
21:39 and through chatbots or co-pilots on it
21:42 we ran into a big problem um it was so
21:44 much data and honestly we were just
21:46 getting garbage coming out of it um and
21:48 we struggled to answer the questions of
21:51 how do we make this relevant how do we
21:52 access control it how do we improve the
21:53 data coming out of
21:57 it the answer we got to about a year ago
21:59 we de started we decided to start
22:02 deploying internal Bots we called this
22:05 concept expert agents so we had expert
22:08 agents for marketing material financial
22:12 data HR and payroll and sales um this
22:14 allowed us to do system high level
22:16 access provisioning but at the
22:19 individual expert bot levels it's a
22:22 little bit of a hack but it it allowed
22:24 us um to start solving a bit of the
22:26 problem because we don't have a solution
22:29 to context-based security yet
22:31 um this actually helped make our Bots
22:33 more valuable to us though because it
22:35 made them more specific more intelligent
22:38 more accurate and in addition it had the
22:44 challenges now the question once we have
22:47 these expert agents is how do I then
22:50 look across all of them um I you know
22:52 how do I allow my user to ask questions
22:55 of them this is where we have access
22:57 control at the agent level on top of
23:00 that for agentic work workflows which is
23:01 again very difficult to start doing
23:03 security around but the way we've
23:04 approached it is really for security
23:07 controls we've obviously broken down the
23:10 Enterprise into these experts we've done
23:13 guard rails at those agent levels um
23:14 then we have limitations based on what
23:16 you can access for each of those agents
23:24 railing so I want to take a step back
23:26 and understand what as Security
23:29 Professionals can we do today
23:31 we need to stop saying no we need to
23:33 understand how we can start phrasing it
23:37 as this is how we get to Yes um that's
23:41 how we as a um as an industry as
23:44 professionals are able to learn as we
23:47 iterate and innovate into these domains
23:50 if we waited till everything was perfect
23:51 we would not have had these Lessons
23:54 Learned um we've had to have different
23:56 kinds of internal Bots um at Nvidia
23:59 blocked we've had hard convers ations um
24:02 that if we hadn't started doing over a
24:04 year ago we would not have the solutions
24:07 we have in place today so this is where
24:09 we're really trying to push boundaries
24:12 we're iterating um as much at the speed
24:14 of light as possible and we're learning
24:16 a lot in terms of how does this map to
24:19 what we already know AI Solutions we're
24:21 starting to see are just iterations on
24:23 cloud computing they're just a new app
24:25 our goal is to make sure that we're
24:27 upgrading and evolving our sdlc
24:28 practices to make make sure that they're
24:31 inclusive of generative AI systems you
24:33 can't skip it and we found that AI is
24:35 not just going to solve this problem for
24:37 us it'll enhance us it'll help us but
24:39 it's not going to just completely solve
24:42 it really the approach comes down to you
24:43 need to figure out what your
24:47 organization's approach to content is um
24:48 where is all your data coming from is it
24:52 clean um can we leverage the concept of
24:54 of software build materials es bombs in
24:57 the future um this is something that us
24:59 um as Nvidia as organization is putting
25:03 a lot of um emphasis on we want full
25:05 transparency from ourselves that we're
25:06 giving to customers as well as the
25:08 vendors we're working with we want es
25:10 bombs we we want model cards data cards
25:12 we want to have that full transparency
25:15 of data so that we can understand start
25:18 labeling start having that kind of
25:20 Access Control around
25:23 it there's a lot of unknown ahead of us
25:26 as this explosion of AI is happening um
25:28 there's a lot to learn both from our av
25:30 necessaries as well as our Defenders as
25:31 well as our partners in the industry
25:33 that's why I'm a huge proponent of
25:35 transparency of sharing information as
25:38 well as sharing information about um
25:39 models that we're building through model
25:42 cards and as I've said earlier if you
25:45 wait until everything is perfect before
25:47 you start leveraging AI you're going to
25:49 be so far behind so we need to be able
25:52 to um embrace the change of it work to
25:54 be able to support these breakthroughs
25:56 share this this information with the
25:58 industry to help each other out um thank
26:01 you very much for your time I appreciate
26:03 this collaboration and I'm excited to
26:05 learn from the other talks today thank you
