AI Security Simplified: Real Problems, Real Solutions #shorts

Disclaimer, most of it is crap. So, we would like to kind of dump to you what we feel AI security should be, and it's actually not that complex if you look at if you look back at what you actually have at hand in in in dealing with IT security. We are kind of in that terms in at that end of the spectrum because there is so much [ __ ] out there. It's pretty ridiculous, to be honest, and we just really feel the need to bring everybody down, cool everybody down, and just give some advice on how you can deal with this magical new technology, right? That is coming up, and where are the problems, where are

the real problems in there. So, it's important to kind of look into these things and and really distinguish what is new, what what what requires new measures, and what is actually stuff that we already understand and already know. >> And so, if we try to apply a filter, basically, where to put AI and where not to put AI, you could end up with something like this, for example. Where you say, "Okay, excessive agency of the AI itself, that's a pure AI topic." Whereas training data poisoning actually sort of maybe isn't really maybe isn't really in your hands, and then there's other things that really sort of aren't, like insecure output handling >> is supply chain vulnerabilities. So,

So, exactly. So, those are the ones that we kind of got off the list because we thought that's actually I mean, of course, it's relevant to AI, but it's not specific for AI, right? And this should Everybody who's into security, I guess there are a few in this room, this should raise a red flag because configuration in natural language is completely insane, right? If you want to prevent things from happening, you'll now have to use natural language, and that's a big problem because natural language was never kind of I mean, very efficient or effective in preventing I mean, you all talk to each other, right? And when you're trying to configure something with natural language, if you

are uh if you push your technological level to human interaction level, let's not discuss on how far we reach this level yet, that's not the point, but the point is that there will be uh issues coming up, per se, with this approach. And one of those issues is non-determinism. One is that non-determinism is a technical thing in those systems. So, non-determinism is a super big problem in IT security because if we have deterministic behavior, then we're pretty good at IT security. If we have non-deterministic behavior, we're like screwed, to be honest.