Cybersecurity for AI

I recently did a course on LinkedIn Learning about Cybersecurity. I know quite a bit about cybersecurity already (although I’m not an expert) but given my service management/ownership and development experience you pick things up. This was a bit of a refresher and I learned a bit more about some of the frameworks that underpin best practice.

However, the reason I really wanted a refresher and an update is that I think a lot has changed with the arrival of AI. The training had a small section about cybersecurity and AI. I learned a lot even from the small section – I was aware of some of the increased risks around the emergence of Gen AI – in terms of the ease of which a bad actor could use it to find routes into web servers and databases much more quickly than a human could but I hadn’t really though about the possibilities of ‘prompt injection’ too much – which is like SQL injection but really about gaining access to things you shouldn’t have access to by effectively tricking the AI into revealing more than it should (a bit like machine social engineering). Also hadn’t really thought about AI data poisoning which is about feeding the AI training data to manipulate the model for nefarious purposes.

I do think we are getting to a critical point with AI and security now. We likely need to use good-AI to find security holes so we can close them before bad-AI runs amok. It’s another AI arms race. We may already be too late.

Leave a Comment