AI Security Risks: Not Rocket Science Explained! #shorts

you look at this list, one thing that that does something strike your mind when you look at I think the the obvious thing is what Flo just hinted at that a lot of that actually isn't really AI. So a lot of that is actually just other stuff. And so if we try to apply a filter basically where to put AI and where not to put AI, you could end up with something like this for example where you say okay excessive agency of the AI itself that's a pure AI topic whereas uh training data poisoning actually sort of maybe isn't really maybe isn't really in your hands and then there's other things that really sort of aren't like insecure output

handling. Best example is supply chain vulnerabilities. Oh, >> so exactly. So those are the ones that we kind of got off the list because we thought that's actually I mean of course it's relevant to AI but it's not specific for AI, right? And if you want to kind of understand the whole spectrum coming out of the OASP top 10 that uh we just saw then basically prompt injection is the technique to go because that's the thing that um uh we would say poses like a new risk that's in this sense not been there before. AI applications also have this but it's very special in terms of prompt. So the the result out of this prompt injection is the sensitive

information disclosure and excessive agency is a general problem that we need to deal with AI and all if you sum this up and boil it down to those few things it basically the the the baseline is it's not rocket science right you'll have to deal with a new things but it's not rocket science and we're going to talk about why this is not rocket science