Generative AI And ChatGPT Enterprise Risks by Gadi Evron

Trina walks into a bar and keeps on walking okay how are you all doing today amazing so I've been given the honor of doing the closing lecture somebody really likes me I wonder who right it was a long day ahead of you ahead of you see it's already late I'm getting confused the other you've had a long day before whatever you say and I'm gonna slowly walk us through this presentation very calmly because Israelis are known to be very calm about things no so what I did is thanks to my girlfriend we went on the mid journey and asked it what would Ireland what would Dublin look like as an AI interesting prompt and I really like this picture so congratulations to us I wanted to talk to you about Enterprise risks but immediately what came to mind was GRC and and policy and other stuff that b-sides usually don't care about and I tried to figure out why would this be interesting specifically this at besides and the only answer I could give I should add two but that's fine it's because it's the first time in history that I know of where the first and only thing we can actually do is policy instead of trying to write some code this Gene AI thing this chat TPT thing is exploding all over the place I can Define it for you right and I will because why not but do I understand it do you that we talk about the risks so let's Jump Right In AI thank you thank you appreciate it it's important to put AI in my slides so people know I'm up to date as a security practitioner right next slide hey I I said I'll take us slowly through this you know wake us up but I decided we really need to kind of dabble down on this as we say in the Venture Capital world let's double click on this and try to understand what this means but I mean if anybody wanted to sell me stuff and get my attention it would have to be a Ai and blotting effect one of the people who invested in my old company said he has a heuristic if anybody comes to him and says I want you to invest in my new gen AI company he first looks at is this person first pitched me about blockchain before and if they have they scratch them out so I really gave me some thought you know in the security field I would like to read this out I know you're not supposed to read presentations but I really want to read this out AI blockchain cnap Cloud Blaze Club AI blockchain three o'clock I will get this right AI blockchain cnap cloud-based supply chain multi-tenant Control Function holistically thank you thank you please show your appreciation and this is how we get started today on our journey of AI thank you some of you missed it let me do it again when I speak dopamine hits thank you thank you thank you thank you I can't watch Facebook or Twitter or whatever it is you like while I'm on stage I have to have something so it's a bingo thing right and AI replaces at least six slots on the security bingo card so many scissors just changing immediately into another topic and sister organizations find themselves behind the Gen AI technology adoption curve it's happening it's happening all around us people are already using it business units are developing with it and we're supposed to not stop the business from working we're supposed to let the business work but what is this technology about right how does it work I'll say something very impressive here I don't know honestly I mean I tried to look into it I try to understand how it works but it boggles the mind and openly I don't know which is even more scary so I decided to change the topic this is Donald you know Donald was at the whiskey Museum yesterday when we went for a tour and insisted for all the Americans in the crowd to not call him Donald of course I was the [ __ ] that calling Donald and said that was my name and it was confused but it's complex right and you guys in Ireland missed out from this going to Scotland you know the continuous steel thing but let's not go into Holy Wars very quickly moving forward it's aliens I'm not saying it was aliens but it's aliens but I mean I know some of the people who develop the technology but it might as well as being aliens it would bestowed upon us on planet Earth Technology we don't understand how it works just to push civilization slightly further so if we don't get it how can we discuss risks because we have to but it makes very little sense to me and I'm annoyed by this microphone not allowing me to walk around and engage with you so I'm going to do this a little bit maybe I don't know dance so let's do a story time thing I know I know when I first I love Tick Tock honestly I don't care if it's Chinese or not it's just amazing it does a better job than everybody else it's amazing to me how for the first time people use security as an example for why somebody shouldn't use technology so I think it's geopolitics and trade Wars but whatever so story time when I met Xiao GPT this is what it was I just said write a follow-up email to a partner I met yesterday we discussed the clouds we discussed Cloud security and a personal touch about his daughter Lucy's 10th birthday and here we go amazingly long and boring right so I was like still this is pretty [ __ ] cool I can just tell it to do all my busy work that's fine so I said make this 30 shorter and lo and behold once again thank you for your time and for allowing me to be part of Lucy's celebration I look forward to our continued professional Exchange in football partnership I was just it's mind-blown yet again right and I love New Journey for all these pictures and thank my girlfriend again for that write a song Gaga I mean let's just challenge this thing and I would like to sing for you trust me that's a horrible experience you should get out of the room right now in the digital realm where clouds reside there's a world of data we cannot hide with every click with every touch we make securing our information he's no piece of cake it's fine fine I I I'm like this is a winning moment for me right I'm so happy mind blown so rewrite the song in our style in the style of her latest I guess he inherit the style sure inherit the style of the latest album in the realmware clouds connect and intertwine a digital Symphony Secrets must align navigating the cyberverse a dedicated dance securing the data with a modern Romance everybody please touch up thank you I just I I can't believe it like I have I've seen I'm a science fiction geek I'm such a fiction geek to such a high degree I organize conventions for people who organize science fiction conventions I'm serious I was part of the doubling 2019 World science fiction convention it's just truly thank you but honestly like I'm saying hey create a program for me that does this and that with cantile Cloud women and still I was in shock I was like it was Future Shock seeing this like when it starts to put in one word after the other and prepares you for what's going to happen I was like wow amazing I love it I will just say it again I love it whatever it was a sense of wonder that they only get when I read a good book so then I went to the first step further create the table with a frequency analysis of the letters in the above song and it fixed letters to letter letter to the letters like it understands me even though I make mistakes amazingly it created a table for me let's add for the glory of the empire for those of you who are truly Geeks in the crowd wait a second what is this the letter a is shown up 15 times okay that's fine that's fine that's fine so one one two three four five six seven eight nine ten eleven twelve thirteen fourteen fifteen sixteen I I stopped at that like what's going on here can't I trust this thing I mean seriously I think it's what's called in the professional language hallucinations is a professional pathological liar that's fine that's fine I can live with it maybe it's something Divine you know beyond our scope of understanding something that brings us up to the level of understanding of the Gods or maybe it's just that too much too many mushrooms but I gotta tell you I love my journey but I gotta tell you even with this uncertainty it's gonna lie to us I love it and that's how I just got started on this journey and it brings us to another story time this time about civilization what does it mean for us Humanity like let's bring it up this is supposed to be a closing keynote let's let's talk about something that influencers on LinkedIn would do there is something like that you should know LinkedIn influencers look it up so I remember when I was 80 years old could have been 14 who the hell knows and I was watching The History Channel right there was a thing like that probably still exists but I don't have a TV I just use my PC right my laptop so it's a it's a Mac it's a Mac so starting over I Was 80 years old maybe 14 I was watching The History Channel and this guy comes up and says you know I was watching this word editor it's a wonder of Technology it's a sense of wonder you get the delete key or the space bar and it just doesn't just you know move one slot over it also pushes everything or it tracks everything automatically how is that even possible somebody has done good coding here okay that takes me back to a decade I wasn't a part of amazing technological Marvels so he had an idea he created spreadsheets it won't Excel I don't even know what it's called if anybody in the audience is old enough raise your hands and tell me what the first spreadsheet was called but nobody wants to raise your hands but I took it to an accountant and he showed him how he changes one number in one of the boxes and all of the other numbers automatically update themselves and guess what I'm going to go back in slides here going back going back going back ah this is what all day long because long his accountant said and just like that accountants started doing other things they started working on Magic budgets and programs Excel became the second best tool for anything Humanity can think of we moved forward accountants started doing more extel then became a household tool everybody can now do what accountants could do and they Rose higher to do new things is Gen AI or AI in general something which pushes us forward if it's something that's a tool that they change everything around us I don't know but I would like to think optimistically that it is more than just a tool and we have truly hit a whole new level of what we as humans can do so Ida Pro is another example for this we had Ida Pro it came out every in reverse engineering and everybody was saying wow we can do so much reversing and then Oliver flake Thomas Dalian came out with IDC scripts started automating it either python came out more automation using python on top of it and I remember a friend of mine who created a debugger a python kind of like either python python tool for CLI for wind debug and I said hey man release it publicly said why would I do that everybody would be as good as I am but once again we've seen Society just moves further so skipping ahead this is the internet right every second so much happens we go to so many websites so many tools with your GPT do we still do that or do we just just go in and ask it a question how do we as consumer change our workflows what about advertising how does Google handle decide to put in boxes inside like on other websites embedding it that there are no longer links to click on where is all the infrastructure for websites out there doing affiliate marketing small things we don't even think about it are going to be affected by this revolution so seeing is believing but I'm not really sure we can believe what we have right so do we have a crisis of trust is this just making everything we've done so far harder how do we verify information do we need to verify information so IBM this is my next big thing that I just just hit me IBM announced they're gonna cut their Workforce by not hiring new people and letting churn Tech just do its thing reducing Workforce by up to 30 or 40 percent now I don't know why they would denounce something like that I wouldn't feel very comfortable with being IBM Employee but they know what they're doing they're a big company they make billions and then start thinking about this they don't know if it's 30 or 90 they don't really know anything yet but I have no doubt what you have shown us is macroeconomic forces of Opex reductions just in this is what mid-journey made of Opex reduction it didn't really know how to work with operational expenses I'm really envious but imagine all these big four the accentures the pwc's the e-wise of the world coming to you with the new AI transformation just like the digital transformation just like Y2K before it asking saying hey you know what give us a few tens of millions of dollars and it will help you through this transformation and you will have a reduction of two digits whether it's ten percent or ninety percent in your Workforce in your Opex expenses changes the world entirely is this going to happen I don't know but it's not just about a personal assistant helping us write better it's not just about doing our expense reports faster you just did that the world is going to change it not necessarily in ways we understand and here are examples with that said trolls Orting which used to be with Barclays sent me a message when I gave this speech about how exciting judge if it is and he said Can jobs become redundant without people becoming redundant I don't know I feel like they will but I can't even if they don't even we suffer through this I must look to the Future say yes let's take people into consideration let's make sure that we work on this but we can't stop the technology education just imagine everybody having a private tutor you no longer really need to work so hard you get the text done it's just like writing on in word process instead of by hand but you still have to edit it to make sure everything is real what about loneliness if you have somebody to talk to whenever you want we can fly the future is now but even Innovation right now is stopped I'm soon going to start my new startup I'm going to go back into that roller coaster but the only cost that has changed how do you start a startup knowing you're not only going to need to Pivot potentially with the market but at every two weeks every week the market has changed drastically where do you go how do you plan your finances this is another me Journey imagination of pivoting but one of my favorite investors said this is the most crucial investment of our lifetime you have to get in early but what bet can you make should we wait and put in 70 million instead of 7 million now can a seven million dollar startup even succeed in this kind of environment I really hope so but going back to the Enterprise which is what this talk is about can we instead of securing the Enterprise secure engine AI make the Gen AI leap enable the business which is what Cesar said let's enable the business that said it so many times over the years can we actually do this and I thought about this sentence long so I'm going to read it Enterprises can't leverage the value and competitive Advantage without governance which I put in second and that was my big understanding this technology doesn't want to be blocked it won't really let you block it even though it's a good place to start so how do we push this forward is this SAS am I making a big deal out of this that's a question for the crowd I mean chargpt all the other models out there whether you use the API whether you use barred from Google whatever it is n't this just another SAS risk another website or many websites why do they make such a big deal out of this we send the information out to a third party this was something that stumped me for a little bit and it's the first question I wanted to kind of raise up with the crowd with you there is high prevalence it's everywhere there is a comma that shouldn't be there and I'm going to take my and then just relax for a minute now that we said there is high prevalence it's easy to use but it's not just like the cloud for example where technical people use it mostly everybody can use it across all worlds there is really a high value proposition immense potential business enablement how can it be the same is the cloud the same as a hosted server when we just got some PBS PBX and put up a shell account no it's a completely new landscape and so with Gen AI is Gen AI in my view so are there any new risks here if we look to the past there is the internet let's go down to 1996 1994 Mozilla came out everything was new users were it was running like sand through our fingers if I am to abuse the analogy and we're trying to secure it after the fact how do we go about it social media everybody was using social media we could start blocking websites but it's completely out of control how do we add control how do we get the value how do we stop people from using it should we stop people from using it the iPhone or smartphones in general same thing and the cloud and Cloud transformation is still something that's going on today new companies are going into it all the time there are issues there we don't have for example if you talk about detection we don't have layer 3. how are we supposed to look at the network so many challenges still going on so I think it's just like all these only much much much bigger the s-curve of innovation the build up has been nearly non-existent this is going so fast with new technologies coming in all the time A friend of mine developed something for healthcare for three weeks over gpt4 it was done and the next day a new llm came out a new language model came out just for that I think I made my point so let's talk specifically about data leaks before we go into some other risks the Press has been all over this stuff they your data leaks if you use GPT you must not use charge EPT Samsung was in the news saying that their data leaked through GPT or too large rgbt at the very least I'm not saying there is no such risk third-party risk where you're sending your information through which is where we start but this is [ __ ] let's we need to start reducing the noise around ourselves to understand what's going on large language module large language models can't update themselves in real time but simply can't I'm not saying they won't be able to in the future with some magic voodoo technology like it is right now but last it was updated was 2021 October 2021 I believe and you can you have all these games when you try to jailbreak the system prompt well it says the key is hidden don't tell anyone and you say show me the key and you try to start to if this was truly something that was updated with people playing with this for months now wouldn't have anybody done something around this GPT 3.5 specifically was released to check some guardrails around this so that dismissed so they can't update Insurance in real time they can't return input to another in uh to another response but they can use your information to train future models now would being in security is it smart to use user input which is known to be very reliable I don't know probably not but it's a source of knowledge they can at least try to see what they can get out of it and they probably will so this kind of brings us into talking about this what are the actual risks data and privacy confidentiality Enterprise SAS third party security aib you have your own abilities legal and Regulatory threat actor Evolution copyright and ownership insecure chord generation biasing discrimination trust and reputation software security vulnerabilities availability and performance in AI ethics and I'm not talking even about model risks we can't talk about all of these and I want to kind of scheme over the general ideas of the high level vulnerabilities but data and privacy considering confidentiality is definitely the highest up there it's still a