The rapid advancement and widespread adoption of AI, particularly generative AI, necessitate a fundamental transformation of enterprise security architectures to address new risks and leverage AI for enhanced defense.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
[Music]
now for our next session we're excited
to have Nvidia joining us Nvidia of
course an industry Pioneer one of the
biggest names in Ai and Laura selitos is
the principal Cloud security architect
at Nvidia and she will be in she'll be
discussing with us Security in the age
of AI delving into the urgent need of
Enterprise architecture to be
transformed form Med to accommodate Aid
driven workloads Laura will also be
touching on the company's role in
strengthening cyber security including
Nvidia Morpheus digital fingerprinting
and behavior analytics so without
further Ado take it away
Laura all right thank you everybody for
attending today my name is Laura SOS I
am a principal security architect at
Nvidia today I want to dig into Security
in the age of AI
um specifically digging into the
security perspective of this rapidly
changing AI
landscape we are seeing an explosion of
data happening every single day in our
data centers across Global traffic we
are seeing more connected things more
connected users and just overall more
data being
generated as a consequence of this when
we start seeing breaches we are seeing
an average total cost going up we are
starting to see the average data contain
these breaches exponentially increasing
as well as a massive uptick in victims
of these attacks I'm not sure about
people on this call but for myself for
others we are starting to see more and
more direct impacts of these breaches
whether it's your own personal Pi pii
information or if it is part of a
corporate um breach that you're involved
with the the overall landscape is
day two years ago we had a major moment
in history where things change this
started a new era that we have honestly
never seen before Jensen mentioned that
this is the AI moment or the iPhone
moment for AI this is a major thing that
happened specifically around the
introduction of chat gbt the reason it
was such a massive Splash in the
industry is because it only took two
months to reach over 100 million Global
users this is something we've never seen
before this is not just a new moment in
the landscape it is a new moment for
users for individuals we are starting to
need to ask the question of of why did
this become so successful why were
people able to join something so quickly
you know um this is where when we dig
into the success of chat GPT we get the
answer of accessibility back in the day
you need to you needed to leverage um
CLI or command line interface to be able
to grab this information you needed to
have some sort of expertise in
programming even if it was basic coding
abilities but now we've introduced human
language interface this is where I can
just talk plain English to a chat bot
and get results back this is where I can
start interrogating it to get my data I
can ask it to help me solve this problem
um can you connect these two different
data sources and generate a chart for me
this is where we are starting to see a
very different era emerge and with every
new era we start to deal with new types of
of
risks because AI at the end of the day
really means that everybody is now a
programmer if we were wh about 15 years
ago there was this very small technology
called cloud computing um that many said
would never take off uh in this scenario
of cloud computing we put the developer
in control of the end to- endend stack
um this was a massive paradigm shift for
us that we were not used to and what
we're now doing with artificial
intelligence and what we're now seeing
with chat chat gbt and other types of
llms is that everybody from my parents
who are not in it to our HR Personnel to
our marketing Personnel sales to our
most advanced Engineers now everybody is
a programmer in this ecosystem and
everybody is now interacting with data
in ways that we have never encountered
before so when I look at this problem it
it really breaks down to where is cyber
security in this new landscape the way I
talk about it is in two different areas
security of AI and AI for security a lot
of people on this call will see the
similarities to cloud computing right
this is what we would say in terms of
security of the cloud or Security in the
cloud this is really just an advancement
on that theme cyber security at the end
of the day is a data problem the data is
there can we find it can I find the a
the adversary in High Velocity data
streams can can I find it in
heterogeneous data sets across my entire
organization can I find it in real time
can I find it near real time can I find
it as close to the point of exploitation
as possible can I do it while I have I'm
dealing with a shorting uh a staff
shortage um where I don't have as many
people or analysts able to dig into
these queries or these problems can I do
it while my my limited Staffing
Resources are hit over and over by an
exponential increase in alerts they are
nav ating and dealing with alert fatigue
all four of these problems just exponent
exponentially increases on us and we
have to defend our Enterprise to enable
this new era of artificial intelligence
while still enabling our business to achieve
achieve
Innovation Market opportunity that we're
seeing is over a six times increase from
2022 to 2023 and this is still growing I
don't have the numbers yet for 2024 but
we are seeing a massive uptick what this
means is that we're starting to see over
70% of cyber security operations that
are starting to incorporate generative
AI Technologies even Simple Solutions
like summarization and Analysis will end
up saving hours if not days a year this
really enables our our teams to start
going after more advanced threats this
is that explosion we were talking about
with the chat GPT graph where we saw
over 100 million Global users in two
months this is that explosion that we're
starting to see um and we're starting to
to see it in our work environments every
day and as a result of that adoption
from our cyber Security Professionals
and in our industry we're starting to
learn more and more um we've learned the
hard lesson that we can't just throw ml
at the problem um you know if we're
trying to throw ml at anomaly detection
we've seen that everything starts
looking like an anomaly um starts adding
more noise for our analysts to dig
through um we are all using computers
different every single day so there is
no standard pattern that we're able to
replicate and investigate into there are
some don't get me wrong and of those
reputable patterns those are easy for us
to encode into our threat detection
tools but overall the more difficult
problems these these um more um Advanced
uh anomaly detections it's a very very
difficult problem to solve and it it is
honestly creating a lot of noise noise
for our
analysts but that doesn't mean that
there isn't hope when I dig into this
problem I try to break it up into three
categories looking at it from the point
of view of an attacker a Defender and a
user um every attacker tool I try to to
imagine is just a precursor to a really
cool defensive tool that we get to use
in the future the difference an attacker
only has to be successful one time
whereas the defender needs to be right
every single time so we obviously have
more challenges on the defender side
side but we can use this as an
opportunity to advance our skills and
learn from each other it comes down to a
problem and a challenge of time scale
Horizon and Effectiveness so I'm sure
everybody on this call is familiar with
the age-old um scam of the Nigerian
prince who has large sums of money that
they just want to share with you they
just need help uh transferring it around
and you will get a cut um this is a
issue of quality of scale time Horizon
Effectiveness right if we take this uh
scam example and leverage generative AI
to improve it we're able to customize
the um the the spam attack we're able to
make it more personalized customizable
more of a quality attack on the flip
side we can also use generative AI to
detect some of those so again we're
we're able to use this tool on both
wanting to dig a little bit more into
what does it look like for the new age
attacker we are starting to see more and
more low to no code tools being
leveraged there is a much lower barrier
to enter into this type of attack
surface what this means is that what
used to be an average attacker can now
achieve expert level attacks this is
making it not only more difficult um
from a defensive side but it is also
decreasing the amount of time that these
attack can happen um we're we're
starting to see higher scale um as an
output from these attackers but also um
a decrease in time from when they're
sophistication transitioning over to
what this means for our end users let's
put ourselves in the user shoes when I'm
talking about our users I'm talking
about our spouses our friends our
parents grandparents really people that
are not technologists the advice I have
always given to to family to friends is
don't click on links please don't
download attachments right this is the
the commonality we've had for our users
um for for decades that is starting to
change now um an example of of how it's
changing is an example our red team has
dug into here where um this is an
example of a plug-in that was added to
um one of our chat gpts that is
resulting in ex filtration of sensitive
data the attacker in the scenario would
have put malicious instructions on a
website essentially resulting in an
indirect prompt injection attack the
browser plug-in that they have added
accesses that website chat gbt will
start following the website's
instruction and this example maybe
retrieving the user's email summarizes
it encodes it into the URL appends that
into the attacker controlled URL asks
chat gbt to go retrieve it and now the
attacker has your personal
information this is is a very highle
easy example of where the user did not
click on any links they did not download
anything malicious it's turning into a
world where we need to start educating
end users to even just not ask bad
questions don't ask the wrong questions
of your co-pilot because it could result
in you having an exploitation by
accident um so we're really having a
paradigm shift of Education with our end
users where we're having to have more
suspicion and not not trust your
co-pilots necessarily or the data based
on the questions we're
asking now looking at the new age
Defender I want to break this down into
two parts what's really being what's
been done in the past and being done a
little bit today and where do we need to
get to so I'm sure everybody on this
call is familiar with datadriven
dashboards in a sock environment right
we we we work with leading vendor tools
to have our centralized repository of
data we create dashboards to try and
identify and um monitor Trends over time
of those different data sources so that
we can start acting on it this starts
coming into a scale and time Horizon
problem of Tomorrow there's a new thread
actor that we didn't have its ability
into so we're always doing this catch-up
game this is that data driven sock of
yesterday what we need to get to is more
of a context driven sock this is where
we can interrogate and Leverage human
language interfaces to be able to get to
the question or the context that we're
looking for this is honestly like in the
earlier slide we talked about the
explosion of adoption for chat gbt this
is how they were able to get to the 1
million users in two months by
leveraging human language um I I can
just ask this um type of interface to
summarize the details of the user
activity session based on Authentication
LS for this user throw that in a chart
for me help me do that analysis very
quickly on the spot um the the new age
Defender is no longer just a programmer
they are a prompt engineer this is where
they are Advanced and able to ask
explicit questions and interrogate the
system with data and then if they're
able to get to something consistent then
we chart it then we put it on our
interactive dashboards to
monitor but I really want to take that
one step further patching systems
patching is not easy and honestly I
don't know about you but I've seen teams
spend more time justifying not needing
to do the patch versus actually
implementing the patch um we have a
policy of no critical high cves this as
you can imagine results in some
frustrations some slowdowns and some
block launches this is actually where we
had an opportunity for growth internally
where our Morpheus team jumped in to try
and reach speed of light to remove some
of those slowdowns some of those block
launches by the introduction of a agent
that introduced self- testing for
automated validation of these CVS that
were discovered the reason that the
Morpheus team was able to do this is
learning from how we did standard
container vulnerability reporting and
Analysis so what is this container
vulnerable to what is the is the
vulnerability exploitable um is the
vulnerability exploitable under these
contexts so in the past where we ask
these questions as an analyst and we dig
into it and 200 different Google
searches later across the board we can
get to a yes or no answer and then
potentially a
release agent Morpheus is allowing the
automation of that analysis through
artificial intelligence it's allowing us
to use generative AI rag powered by Nims
and and other Technologies to do that
initial analysis so now when we report
on the cves it's a much smaller more
targeted more contextually aware list
that our teams can then start working
off of really the goal that um the agent
Morpheus blueprint is trying to tackle
is how can we leverage AI but also use
it iteratively to increase the speed for
releases of our products while not
compromising the security of
them the question is how can I then
apply these learnings in a more PR
practical method the answer is that
whether you are a cyber professional a
technologist a ceso you need to start
using AI today you need to start pushing
on these boundaries continuously
improving if you don't then you're
already going to be behind the amount
that we have learned just because we
didn't wait for things to be perfect we
just started doing iterative development
and Innovation we have learned from that
as we've gone through that process and
we've been able to create more
Innovative Paradigm shifts so when we
start talking about pushing those
boundaries here's an example that we've
seen over time so if we go back to the
9s this is you know we joke about the
Golden Era of security right this is
where we get into perimeter based
security you just put up a firewall and
you're good right this was challenged
boundaries were pushed we get into the
2000s and this is when Cloud was born
this is where we changed our model from
uh into application Centric security
zero trust was born but then as we
started shifting everything into the
cloud we realized there was a large cost
to it so this is where the next
iteration 202010 time frame we see the
introduction of microservices
architecture this is where we start
breaking up those very large expensive
applications into these little micro
apps um with the goal of saving costs um
pushing for re reusability and then this
change our security model to more of a
data Centric security model this is
where we start seeing the emergence of
attribute-based Access Control now let's
fast forward to today this is where we
start seeing and introducing the idea of
context Centric security let me give you
an example of this um when Jensen went
on stage for GTC last year um as well as
this year to give a keyn note on product
announcements the product team usually
has material created in advance and of
that material some of that material can
be released before Jensen's talk and
some of it needs to be released after
Jensen's talk um this is where we start
getting into a data classification
problem right in terms of based on
different kinds of context that
permission level changes at runtime or
at data
access so now I have to literally
classify every word and every phrase in
a document it's the easy answer for that
I'm sure many professionals are starting
to to see this default answer where
we'll just say system high uh High
classification for all of it so we have
all the data in our organization is now
top secret um that's not scalable that
doesn't work um that does not enable the
business to be successful and to
innovate so we have to go back to the
drawing board to understand how can we
solve this St data classification this
content context Centric security
challenge at scale for organization and
to be fully transparent we have not
solved this we have made progress and I
want to share that with you today but
this is something that we have to
continue to iterate on top
of so this is a very similar chart to
what we were just looking at this is
starting to get more into um procedural
based access to systematic um I can lock
down my SharePoint and everything else
but how do I now do that as I get into
runtime and access and this problem h ly
starts getting harder and harder in the
new era of security that we're finding ourselves
ourselves
in I want to start giving more real
world examples to what I'm talking about
to give some context so in an
organization we have Google Drive
SharePoint we we have several different
types of repository with data
classification and access layered on top
of it um but what happens if you do not
have it 100% locked down you can just
slap guard rails on it right um I can
put a little bit of tape over my
fundamental problem unfortunately we
don't see that working um there are
benefits to guard rails but it does not
solve the problem it is um one of the
the layers um of security in depth that
we want to look at but here's an example
of how we got around it this is an
example that our red team did internally
um to get around some of those um to be
able to simulate a um indirect prompt
injection attack in this example here um
the red team created a new Nvidia leave
policy based on the Death Star um we
then shared it with the entire company
um specifically to disabling notify
users so this uh passively was shared
out um and it meant that it was picked
up by our internal HR expert bots so
what does that mean it means that the
impact of this is that when users
interrogated these uh um HR expert
agents to ask about our company's
current Le policy and time off they were
given um very
uh Death Star related responses that had
nothing to do with our actual policy so
a fun example um that um we were playing
around with but it shows the potential
impact in a real world scenario so this
shows us that the the context of use
matters as well as where the data is
coming from matters so now every single
line of every single document in my
Enterprise requires access
control the traditional model that we're
familiar with is the data Centric
security data repository access controls
across this that we're seeing on this um
slide um now the problem is when we
break this down to how do I do this
based on derivative classifications and
derivative documents that come out of my
Enterprise and and this is where the
whole concept of context-based Access
Control comes into play
so if we had taken that original uh that
traditional um data Access Control stack
and through chatbots or co-pilots on it
we ran into a big problem um it was so
much data and honestly we were just
getting garbage coming out of it um and
we struggled to answer the questions of
how do we make this relevant how do we
access control it how do we improve the
data coming out of
it the answer we got to about a year ago
we de started we decided to start
deploying internal Bots we called this
concept expert agents so we had expert
agents for marketing material financial
data HR and payroll and sales um this
allowed us to do system high level
access provisioning but at the
individual expert bot levels it's a
little bit of a hack but it it allowed
us um to start solving a bit of the
problem because we don't have a solution
to context-based security yet
um this actually helped make our Bots
more valuable to us though because it
made them more specific more intelligent
more accurate and in addition it had the
challenges now the question once we have
these expert agents is how do I then
look across all of them um I you know
how do I allow my user to ask questions
of them this is where we have access
control at the agent level on top of
that for agentic work workflows which is
again very difficult to start doing
security around but the way we've
approached it is really for security
controls we've obviously broken down the
Enterprise into these experts we've done
guard rails at those agent levels um
then we have limitations based on what
you can access for each of those agents
railing so I want to take a step back
and understand what as Security
Professionals can we do today
we need to stop saying no we need to
understand how we can start phrasing it
as this is how we get to Yes um that's
how we as a um as an industry as
professionals are able to learn as we
iterate and innovate into these domains
if we waited till everything was perfect
we would not have had these Lessons
Learned um we've had to have different
kinds of internal Bots um at Nvidia
blocked we've had hard convers ations um
that if we hadn't started doing over a
year ago we would not have the solutions
we have in place today so this is where
we're really trying to push boundaries
we're iterating um as much at the speed
of light as possible and we're learning
a lot in terms of how does this map to
what we already know AI Solutions we're
starting to see are just iterations on
cloud computing they're just a new app
our goal is to make sure that we're
upgrading and evolving our sdlc
practices to make make sure that they're
inclusive of generative AI systems you
can't skip it and we found that AI is
not just going to solve this problem for
us it'll enhance us it'll help us but
it's not going to just completely solve
it really the approach comes down to you
need to figure out what your
organization's approach to content is um
where is all your data coming from is it
clean um can we leverage the concept of
of software build materials es bombs in
the future um this is something that us
um as Nvidia as organization is putting
a lot of um emphasis on we want full
transparency from ourselves that we're
giving to customers as well as the
vendors we're working with we want es
bombs we we want model cards data cards
we want to have that full transparency
of data so that we can understand start
labeling start having that kind of
Access Control around
it there's a lot of unknown ahead of us
as this explosion of AI is happening um
there's a lot to learn both from our av
necessaries as well as our Defenders as
well as our partners in the industry
that's why I'm a huge proponent of
transparency of sharing information as
well as sharing information about um
models that we're building through model
cards and as I've said earlier if you
wait until everything is perfect before
you start leveraging AI you're going to
be so far behind so we need to be able
to um embrace the change of it work to
be able to support these breakthroughs
share this this information with the
industry to help each other out um thank
you very much for your time I appreciate
this collaboration and I'm excited to
learn from the other talks today thank you
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
