The new threat landscape of AI applications upends many long-standing principles of cybersecurity. AI is fundamentally different from traditional software, so existing tools and processes don’t effectively protect it.
Still, the underlying concepts of AI application security aren’t entirely new. They borrow heavily from familiar principles of traditional cybersecurity, but with new and unique implementations.
In this blog, we’ll look at four of the most prominent categories of application security, reflecting on how these concepts have been historically applied to traditional applications. Then, we’ll discuss how these concepts carry over and adapt to the new paradigm of AI applications. More detail on this topic is also available in our full-length paper, available here.
1. Open-source scanning
Open-source scanning for traditional applications
Software composition analysis (SCA) plays an important role in secure application development.
SCA tools identify open-source dependencies in an application, detailing them in a software bill of materials (SBOM). These dependencies are then analyzed to find any potential risks or known vulnerabilities. With modern software so reliant on third-party components, this is an integral application security practice.
Open-source scanning for AI applications
AI application development relies heavily on components such as open-source models, public datasets, and third-party libraries. These dependencies can include vulnerabilities or malicious insertions that compromise the entire system.
File scanning and model validation tools can proactively identify security vulnerabilities in open-source components of the AI supply chain, like models imported from Hugging Face. This allows developers to build AI applications with greater confidence.
2. Vulnerability testing
Vulnerability testing for traditional applications
Static and dynamic application security testing (SAST & DAST) are two complementary methods for software vulnerability testing.
Static testing requires source code access and enables developers to identify and remediate vulnerabilities early. Dynamic testing is a black box methodology that evaluates software while it is running to discover vulnerabilities the same way an external adversary might.
Vulnerability testing for AI applications
Static testing for AI applications involves validating the components of an AI application—binaries, datasets, and models, for example—to identify vulnerabilities like backdoors or poisoned data.
Dynamic testing for AI applications evaluates how a model responds across various scenarios in production. Algorithmic red-teaming can simulate a diverse and extensive set of adversarial techniques without requiring manual testing.
3. Application firewalls
Firewalls for traditional applications
Web Application Firewalls (WAF) act as barriers between traditional web applications and the Internet, filtering and monitoring HTTP traffic to block malicious requests and attacks like SQL injection and cross-site scripting (XSS).
These reverse proxy solutions operate based on a set of defined policies which can be easily modified to cover new vulnerabilities or reflect unique security requirements.
Firewalls for AI applications
The emergence of generative AI applications has given rise to a new class of AI Firewalls designed around the unique safety and security risks of LLMs.
These solutions effectively serve as model-agnostic guardrails, examining AI application traffic in transit to identify and prevent various failures. This enables teams to enforce policies and mitigate threats to AI applications such as PII leakage, prompt injection, and denial of service (DoS) attacks.
4. Data loss prevention
Data loss prevention for traditional applications
Data Loss Prevention (DLP) solutions prevent the exposure of sensitive data through negligence, misuse, or exfiltration. Different forms of DLP exist to cover networks, endpoints, and the cloud.
DLP comprises various tools to help with data identification, classification, monitoring, and protection. The effectiveness of these solutions relies heavily on sufficient visibility, accurate classification, and robust policy implementation, among other things.
Data loss prevention for AI applications
The rapid proliferation of AI and the dynamic nature of natural language content makes traditional DLP ineffective. Instead, DLP for AI applications examines inputs and outputs to combat sensitive data leakage.
Input DLP includes policies that restrict file uploads, block copy-paste functionalities, or restrict access to unapproved AI tools altogether. Output DLP uses guardrail filters to ensure model responses do not contain personal identifiable information (PII), intellectual property, or other forms of sensitive data.
Protecting your AI applications from development to production
Risk exists at virtually every point in the AI lifecycle, from the sourcing of supply chain components through development and deployment. The security measures we’ve highlighted in this blog help mitigate different risk areas, and each plays an important role in a comprehensive AI security strategy. It’s the same approach we take with our Robust Intelligence platform, which provides end-to-end coverage for safety and security risks throughout the entire AI lifecycle.
To learn more about how AI application security compares to traditional application security, check out our full whitepaper here.