Avivah Litan’s Post

View profile for Avivah Litan, graphic
Avivah Litan

Open Source #AI Models and Applications Used to Infiltrate Enterprises Some 1% of open-source models on Hugging Face are reportedly infected. 😆The word is out: Open-source models and data science software (like Jupyter Notebook or Python libraries) are prevalent new AI attack vectors. AI security vendors HiddenLayer and Noma Security see evidence of this when they scan open-source AI at customer sites. In fact, Microsoft Azure AI recently started using Hidden Layer's Model Scanner https://lnkd.in/e42wpBGu to scan third party and open source models in the model collection curated by Azure AI. 😆Enterprise AI is under the radar of most Security Operations, where staff don’t have the tools required to protect use of AI. Traditional Appsec tools are inadequate when it comes to vulnerability scans for AI entities. (Many Appsec vendors are hurriedly expanding capabilities for new AI markets). 😂Importantly, #Security staff are often not involved in enterprise AI development and have little contact with data scientists and AI engineers. Meanwhile, attackers are busy uploading malicious models into Hugging Face, creating a new attack vector that most enterprises don't bother to look at. 👀Noma Security reported they just detected a model a customer had downloaded that mimicked a well-known open-source LLM model. The attacker added a few lines of code that caused a forward function. Still, the model worked perfectly well so the data scientists didn't suspect anything. BUT every input to the model and every output from the model were also sent to the attacker, who was able to extract it all. 👀Noma also discovered thousands of infected data science notebooks.  They recently found a keylogging dependency that logged all activities on their customer's Jupyter notebooks. The keylogger sent the captured activity to an unknown location, evading Security which didn’t have the Jupyter notebooks in its sights. An example of this type of dependency confusion attack using Pytorch was widely publicized in 2023. See https://lnkd.in/ecBaXrS3 ✔AI events will multiply exponentially with the adoption of autonomous AI agents. New AI Trust Risk and Security Management (TRiSM) measures that auto-remediates most ‘bad’ transactions without human intervention are needed. ✔These solutions must be baked into AI infrastructure and support different business goals and programs. AI generates too much information too fast for humans to keep up with. Security, Developers, Data Scientists, and IT staff need AI engineering skills to help build this AI infrastructure out. 🤣Otherwise, already overworked security organizations will likely crash. #cybersecurity #opensource #datascience #appsec #artificialintelligence #genai Gartner Niv Braun

  • No alternative text description for this image
Long Duong

IT / OT / Product / AI Security

1mo

Thank you for sharing, Avivah. Would you be kind enough to share the links to (1) Noma Security reports on infected data science notebook and (2) infected open-source model on HuggingFace? Thank you.

Like
Reply
1 Reaction
Johan Gerber

3w

Thank you for sharing Avivah.

Like
Reply
Andy C.

Making intelligence relevant & actionable in the fight against fraud

1mo

Insightful! Avivah - Thanks

Like
Reply
Ori Eisen

1mo

This is exactly why we are focusing on helping companies know who is contacting them, as GenAI deepfakes are only going to get better. If you are answering the phone, or on live chat - how do you do know who is really on the other end?

Like
Reply
6 Reactions
Robert Braxton

Authorised Distributor for Binarii Labs Products, Cyber Warden, Business Development.

1mo

AI Trust Risk and Security Management (TRiSM) measures can significantly benefit enterprises by ensuring AI systems are compliant, fair, reliable, and secure. These measures help integrate governance upfront, addressing AI's unique trust, risk, and security management requirements that conventional controls do not cover.

Like
Reply
3 Reactions
Niv Braun

Co-Founder & CEO at Stealth

1mo

Thank you Avivah for spotlighting another great security risk as part of the new Data & AI Lifecycle. These new technologies contain significant business value for organizations, and spotlights like yours enable their secure adoption. It's our pleasure at Noma to collaborate and contribute our part.

Like
Reply
4 Reactions
Ellen Walsh

PSM, PMP, Agile Leader of Innovation Projects

1mo

Great observations. Agree that Infosec and data science depts at most companies are not yet well connected and data science models do not yet have the capacity to spot these types of security threats.

Like
Reply
2 Reactions
Huy NGUYEN TRIEU

Entrepreneur, Academic, Investor, Banker. Co-founder CFTE | Entrepreneurship Expert, Oxford | Venture Partner, Mundi Ventures | Former MD, Citi

1mo

Fully agree Avivah. If I was a hacker, I would create smart AI wrappers based on Chatgpt APIs, offer them for free and steal information (actually use information people voluntarily give me....)

Like
Reply
1 Reaction
Frances Zelazny

Co-Founder & CEO, Anonybit | Strategic Advisor | Startups and Scaleups | Enterprise SaaS | Marketing, Business Development, Strategy | CHIEF | Women in Fintech Power List 100 | SIA Women in Security Forum Power 100

1mo

Omer Hayun

Like
Reply
1 Reaction
Mauricio Ortiz, CISA

Great dad | Inspired Risk Management and Security Profesional | Cybersecurity | Leveraging Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer

1mo

True! The speed of AI usage is already creating security blind spots and the security teams are not well-prepared or have the tools to help them to close or detect these security gaps

Like
Reply
2 Reactions
See more comments

To view or add a comment, sign in

More Relevant Posts

  • View profile for George Roth, graphic
    George Roth

    I was expecting this !!! You cannot use Open Source in the enterprise without something I call "Enterpise Socket", that is an interface of all extrenal AI to inside the enterprise. Here you have to have all the possible guardrails, security and other tools that make an AI software usable in an enterpise. At UiPath with have the Trust Layer and the LLM Gateway that fulfill the "Socket" requirements. I was thinking about another solution to this problem. The companies that deal with Open Source like Hugging Face, should have a Certification for the Authors. Like in Califronia, you have a Drivers License that is not verified for address, and you have a Real ID that could be used to fly, because the owner needs to prove its address. This should be voluntary, and if somebody wants to download a model for example , should see if the author has a Real ID or not. In case of detection of malicious software, the authorities in the domicile country should have access to the person's address. Of course not all the countries would sign this, but many would.

    View profile for Avivah Litan, graphic
    Avivah Litan

    Open Source #AI Models and Applications Used to Infiltrate Enterprises Some 1% of open-source models on Hugging Face are reportedly infected. 😆The word is out: Open-source models and data science software (like Jupyter Notebook or Python libraries) are prevalent new AI attack vectors. AI security vendors HiddenLayer and Noma Security see evidence of this when they scan open-source AI at customer sites. In fact, Microsoft Azure AI recently started using Hidden Layer's Model Scanner https://lnkd.in/e42wpBGu to scan third party and open source models in the model collection curated by Azure AI. 😆Enterprise AI is under the radar of most Security Operations, where staff don’t have the tools required to protect use of AI. Traditional Appsec tools are inadequate when it comes to vulnerability scans for AI entities. (Many Appsec vendors are hurriedly expanding capabilities for new AI markets). 😂Importantly, #Security staff are often not involved in enterprise AI development and have little contact with data scientists and AI engineers. Meanwhile, attackers are busy uploading malicious models into Hugging Face, creating a new attack vector that most enterprises don't bother to look at. 👀Noma Security reported they just detected a model a customer had downloaded that mimicked a well-known open-source LLM model. The attacker added a few lines of code that caused a forward function. Still, the model worked perfectly well so the data scientists didn't suspect anything. BUT every input to the model and every output from the model were also sent to the attacker, who was able to extract it all. 👀Noma also discovered thousands of infected data science notebooks.  They recently found a keylogging dependency that logged all activities on their customer's Jupyter notebooks. The keylogger sent the captured activity to an unknown location, evading Security which didn’t have the Jupyter notebooks in its sights. An example of this type of dependency confusion attack using Pytorch was widely publicized in 2023. See https://lnkd.in/ecBaXrS3 ✔AI events will multiply exponentially with the adoption of autonomous AI agents. New AI Trust Risk and Security Management (TRiSM) measures that auto-remediates most ‘bad’ transactions without human intervention are needed. ✔These solutions must be baked into AI infrastructure and support different business goals and programs. AI generates too much information too fast for humans to keep up with. Security, Developers, Data Scientists, and IT staff need AI engineering skills to help build this AI infrastructure out. 🤣Otherwise, already overworked security organizations will likely crash. #cybersecurity #opensource #datascience #appsec #artificialintelligence #genai Gartner Niv Braun

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Mauricio Ortiz, CISA, graphic
    Mauricio Ortiz, CISA

    Great dad | Inspired Risk Management and Security Profesional | Cybersecurity | Leveraging Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer

    🚒 Sharing this insightful post to be aware of the increased security risks of AI usage on enterprises. Also few examples on how threats have been introduced in common AI models and tools to steal data. #cybersecurity #ai #genai #llms #artificialintelligence #vulnerability Hugging Face

    View profile for Avivah Litan, graphic
    Avivah Litan

    Open Source #AI Models and Applications Used to Infiltrate Enterprises Some 1% of open-source models on Hugging Face are reportedly infected. 😆The word is out: Open-source models and data science software (like Jupyter Notebook or Python libraries) are prevalent new AI attack vectors. AI security vendors HiddenLayer and Noma Security see evidence of this when they scan open-source AI at customer sites. In fact, Microsoft Azure AI recently started using Hidden Layer's Model Scanner https://lnkd.in/e42wpBGu to scan third party and open source models in the model collection curated by Azure AI. 😆Enterprise AI is under the radar of most Security Operations, where staff don’t have the tools required to protect use of AI. Traditional Appsec tools are inadequate when it comes to vulnerability scans for AI entities. (Many Appsec vendors are hurriedly expanding capabilities for new AI markets). 😂Importantly, #Security staff are often not involved in enterprise AI development and have little contact with data scientists and AI engineers. Meanwhile, attackers are busy uploading malicious models into Hugging Face, creating a new attack vector that most enterprises don't bother to look at. 👀Noma Security reported they just detected a model a customer had downloaded that mimicked a well-known open-source LLM model. The attacker added a few lines of code that caused a forward function. Still, the model worked perfectly well so the data scientists didn't suspect anything. BUT every input to the model and every output from the model were also sent to the attacker, who was able to extract it all. 👀Noma also discovered thousands of infected data science notebooks.  They recently found a keylogging dependency that logged all activities on their customer's Jupyter notebooks. The keylogger sent the captured activity to an unknown location, evading Security which didn’t have the Jupyter notebooks in its sights. An example of this type of dependency confusion attack using Pytorch was widely publicized in 2023. See https://lnkd.in/ecBaXrS3 ✔AI events will multiply exponentially with the adoption of autonomous AI agents. New AI Trust Risk and Security Management (TRiSM) measures that auto-remediates most ‘bad’ transactions without human intervention are needed. ✔These solutions must be baked into AI infrastructure and support different business goals and programs. AI generates too much information too fast for humans to keep up with. Security, Developers, Data Scientists, and IT staff need AI engineering skills to help build this AI infrastructure out. 🤣Otherwise, already overworked security organizations will likely crash. #cybersecurity #opensource #datascience #appsec #artificialintelligence #genai Gartner Niv Braun

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Bryan Kahlig, graphic
    Bryan Kahlig

    Entrepreneur, Software Engineer, Engineering Leader, and IT Specialist

    About a year ago, I sat on some panels discussing AI and security. I wanted to revisit those thoughts since it’s been a year and see if anything has changed. I’ll only discuss Training injection in this post in an effort to keep the content shorter. Big data was the hot topic before LLMs and generative AI came on the popular scene. Data is what we use to prepare an AI system for the job we intend for it through a process called Machine Learning (ML). In this case, the goal is to provide a significant amount of data (or “patterns”) that can be referenced by the AI workflow. Preparing large amounts of data is a large task requiring complex ETL systems with the goal of normalizing data into a usable format for the Machine Learning platform. With so much data and the complexity of the ETL systems, it can be difficult to detect when bias is introduced or data is being unintentionally leaked. Introducing bias and the inclusion of ETL dependencies are the more likely concerns in my opinion. The introduction of bias is fascinating. One can simply search the internet for racial bias in facial recognition to see the impact this bias is having in law enforcement and security. You can also see how bias affected Amazon’s approach to reviewing resumes and how it presented resumes from males almost exclusively due to the training set provided of resumes of past hires that were predominantly, but not exclusively from males. Careful analysis of your datasets is key. Another scenario of security concern is the code used in the big data/ML processing. The code could introduce it’s own vulnerabilities or, the more likely scenario, the code’s certain dependance on libraries open the system up to concerns. These are common concerns for the average software engineer as well. CI tools like Dependabot help with automating dependency upgrades and other CI tools can be used for vulnerable code alerting you to changes you should make to avoid security pitfalls. RAG is another capability in the context of AI that has vulnerabilities. Retrieval Augmented Generation (RAG) is a method to improve the fidelity and accuracy of AI systems by including additional sources of information for reference as part of the chain of processing a request of an AI system. Ensuring a clean RAG system is crucial for ensuring security. As AI systems mature, new vulnerabilities and security impacts will come to light as I’m sure that this post will become aged moments before I submit it. As for now, in the case of training injections, analysing your datasets, ensuring your tooling dependencies are up to date, and that your RAG systems are clean are clear actions to take when building and securing your systems.

    To view or add a comment, sign in

  • View profile for John Aucella, graphic
    John Aucella

    EDB Postgres AI - PostgreSQL Experts for 20 years - Migrate Legacy Databases to opensource - PG's only 99.999% HA solution - Cloud, on-prem, hybrid, DBaaS, Kubernetes - TDE encryption - weekend warrior gravel biker.

    💡 AI has become a huge disruptor in the #database management space in many ways. Generative models are revolutionizing how we handle data, simplifying performance optimization, and enhancing problem-solving. 🛠️ Management tools are now capable of generating high-performance Postgres setups, making complex configurations a breeze. Our CTO Marc Linster explores the future of database management and AI integration in his recent Solutions Review article. Give it a read here ⬇️ https://okt.to/s0tANg #PostgreSQL #EDB #AI #DatabaseManagement #Privacy #TechInnovation

    The Possibilities and Boundaries of Generative AI in Database Management

    The Possibilities and Boundaries of Generative AI in Database Management

    https://solutionsreview.com/data-management

    To view or add a comment, sign in

  • View profile for Mohsin Shaikh (L-I-O-N) - He/Him, graphic
    Mohsin Shaikh (L-I-O-N) - He/Him

    Top 100 Talent Titan Winner - Talent Hacker - FullStack HR - Advocate - Leader (Manager Talent Acquisition @ EDB | Global Talent Acquisition) - 40u40 Future HR Leader Certified.

    💡 AI has become a huge disruptor in the #database management space in many ways. Generative models are revolutionizing how we handle data, simplifying performance optimization, and enhancing problem-solving. 🛠️ Management tools are now capable of generating high-performance Postgres setups, making complex configurations a breeze. Our CTO Marc Linster explores the future of database management and AI integration in his recent Solutions Review article. Give it a read here ⬇️ https://okt.to/RLEntM #PostgreSQL #EDB #AI #DatabaseManagement #Privacy #TechInnovation

    The Possibilities and Boundaries of Generative AI in Database Management

    The Possibilities and Boundaries of Generative AI in Database Management

    https://solutionsreview.com/data-management

    To view or add a comment, sign in

  • View profile for Behshad Behnam, graphic
    Behshad Behnam

    Federal Enterprise Sales

    💡 AI has become a huge disruptor in the #database management space in many ways. Generative models are revolutionizing how we handle data, simplifying performance optimization, and enhancing problem-solving. 🛠️ Management tools are now capable of generating high-performance Postgres setups, making complex configurations a breeze. Our CTO Marc Linster explores the future of database management and AI integration in his recent Solutions Review article. Give it a read here ⬇️ https://okt.to/QV6E32 #PostgreSQL #EDB #AI #DatabaseManagement #Privacy #TechInnovation

    The Possibilities and Boundaries of Generative AI in Database Management

    The Possibilities and Boundaries of Generative AI in Database Management

    https://solutionsreview.com/data-management

    To view or add a comment, sign in

  • View profile for Timothy Short, MBA, graphic
    Timothy Short, MBA

    💡 AI has become a huge disruptor in the #database management space in many ways. Generative models are revolutionizing how we handle data, simplifying performance optimization, and enhancing problem-solving. 🛠️ Management tools are now capable of generating high-performance Postgres setups, making complex configurations a breeze. Our CTO Marc Linster explores the future of database management and AI integration in his recent Solutions Review article. Give it a read here ⬇️ https://okt.to/q75HxL #PostgreSQL #EDB #AI #DatabaseManagement #Privacy #TechInnovation

    The Possibilities and Boundaries of Generative AI in Database Management

    The Possibilities and Boundaries of Generative AI in Database Management

    https://solutionsreview.com/data-management

    To view or add a comment, sign in

Avivah Litan

11,038 followers

View Profile

Explore topics