Mitigating attacks against AI-enabled Apps, Replacing the CIA triad, Enterprise News - David Brauchler - ESW #429

Security Weekly Podcast Network (Audio)

Security Weekly Productions에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Security Weekly Productions 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

2d ago 1:38:26

MP3•에피소드 홈

Segment 1: David Brauchler on AI attacks and stopping them

David Brauchler says AI red teaming has proven that eliminating prompt injection is a lost cause. And many developers inadvertently introduce serious threat vectors into their applications – risks they must later eliminate before they become ingrained across application stacks.

NCC Group’s AI security team has surveyed dozens of AI applications, exploited their most common risks, and discovered a set of practical architectural patterns and input validation strategies that completely mitigate natural language injection attacks. David's talk aimed at helping security pros and developers understand how to design/test complex agentic systems and how to model trust flows in agentic environments. He also provided information about what architectural decisions can mitigate prompt injection and other model manipulation risks, even when AI systems are exposed to untrusted sources of data.

More about David's Black Hat talk:

Video of the talk and accompanying slides: https://www.nccgroup.com/research-blog/when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls/
Talk abstract: https://www.blackhat.com/us-25/briefings/schedule/#when-guardrails-arent-enough-reinventing-agentic-ai-security-with-architectural-controls-46112
Slide presentation only: https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf

Additional blogs by David about AI security:

Analyzing Secure AI Architectures: https://www.nccgroup.com/research-blog/analyzing-secure-ai-architectures/
Analyzing Secure AI Design Principles: https://www.nccgroup.com/research-blog/analyzing-secure-ai-design-principles/
Analyzing AI Application Threat Models: https://www.nccgroup.com/research-blog/analyzing-ai-application-threat-models/
Building Security‑First AI Applications: A Best Practices Guide for CISOs: https://www.nccgroup.com/building-security-first-ai-applications-a-best-practices-guide-for-cisos/
Building Trust by Design for Secure AI Applications: Tips for CISOs: https://www.nccgroup.com/building-trust-by-design-for-secure-ai-applications-tips-for-cisos/
AI and Cyber Security: New Vulnerabilities CISOs Must Address: https://www.nccgroup.com/ai-and-cyber-security-new-vulnerabilities-cisos-must-address/

Segment 2: Should we replace the CIA triad?

An op-ed on CSO Online made us think - should we consider the CIA triad 'dead' and replace it? We discuss the value and longevity of security frameworks, as well as the author's proposed replacement.

Segment 3: The Weekly Enterprise News

Finally, in the enterprise security news,

Slow week for funding, older companies raising via debt financing
A useful AI framework from the Cloud Security Alliance
two interesting essays, one of which is wrong
Folks are out here blasting unencrypted data to and from Satellites, while anyone can sniff and capture it
getting hacked during a job interview
LLM poisoning is far easier than previously thought
F5 got breached
Be careful when patching your Jeep (’s software)

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-429

2205 에피소드

#Security #Software Development #Tech News #Hacking #News #Tech #Security Weekly Productions