EP136 Next 2023 Special: Building AI-powered Security Tools - How We Do It?

Guest:  Eric Doerr, VP of Engineering, Google Cloud Security  Topics: You have a Next presentation on AI, what is the most exciting part for you? We care both about securing AI and using AI for security. How do you organize your thinking about it? Executive surveys imply that trusting an AI (for business) is still an issue. How can we trust AI for security? What does it mean to “trust AI” in this context?  How should defenders think about threat modeling AI systems?  Back to using AI for security, what are the absolute worst security use cases for GenAI? Think “generate code and run it on prod” or something like that? What does it mean to “teach AI security” like we did with Sec-PALM2? What is actually involved in this? What were some surprising challenges we ran into here?  Resources: “Generative AI for defenders with Sec-PaLM 2 and Duet AI” presentation at Google Cloud Next 2023 “The Prompt: What to think about when you’re thinking about securing AI” and a new paper on securing AI “AI and Security: The Good, the Bad, and the Magical” (ep135) Monitor and secure Vertex AI “Introducing Google’s Secure AI Framework” blog “Project Hail Mary” book