{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"AI x DevOps by Facets.cloud","title":"AI Security Reality Check","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/148f2a54\"></iframe>","width":"100%","height":180,"duration":3577,"description":"This podcast features a discussion with Nathan Hamiel, Director of Research at Kudelski Security, an expert with 25 years in the cybersecurity space, focusing specifically on AI security.The conversation centers on navigating the generative AI revolution with a grounded and security-first perspective, particularly for product developers and the security community. Key topics explored include:The balance between AI adoption and skepticism: Nathan discusses how his security outlook influences his professional adoption of AI tools, emphasizing understanding capabilities and evaluating benefits versus trade-offs before production.AI productivity and its challenges: The speakers touch upon Google DORA reports, noting that while AI improves personal coding productivity, its impact on valuable work or features can be negligible or even negative, highlighting the difference between feeling productive and being productive.Positive and negative impacts of AI in cybersecurity: They discuss AI's potential to enhance security tools for code scanning and auto-remediation, such as augmenting traditional fuzzing with large language models. However, they also raise concerns about the resurgence of conventional vulnerabilities in AI-generated code.Emerging AI-native risks: The podcast delves into new threats like \"slop squatting,\" or \"hallucinated dependencies,\" where LLMs might be tricked into using malicious or non-existent libraries. Prompt injection is highlighted as \"the vulnerability of generative AI,\" exploiting the model's inability to differentiate system instructions from user input.Addressing AI security vulnerabilities: Nathan advocates for architectural changes and reducing the attack surface as the best defense against prompt injection, outlining his \"RRT\" (refrain, restrict, trap) approach. The need for human oversight and deterministic checks in AI development workflows is also stressed.The urgency of security in AI product development: Both speakers express...","thumbnail_url":"https://img.transistorcdn.com/FpRfzqbyxtX8UoetDIpakLyH9Gx2Xa8n95ouRA6Nqts/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9kMDI3/OGE5MzBiYzc2MDQ4/NmIyOTYyZDg2MjZm/NDc2Ni5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}