Gå frakoblet med Player FM -appen!
Google’s James Brodsky on Securing AI and Building Security Ecosystems
Manage episode 460226708 series 3505151
In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky, Head of Global Security Architects at Google, who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era.
James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security.
Topics discussed:
- The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks.
- How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies.
- Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise.
- How fundamental security practices remain crucial for AI applications, focusing on data access control and protection.
- How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity.
- The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges.
Key Takeaways:
- Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures.
- Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices.
- Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training.
- Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration.
- Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance.
- Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development.
- Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets.
- Use tools like NotebookLM to stay current with security research and white papers while managing information overload.
- Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection.
- Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.
71 episoder
Manage episode 460226708 series 3505151
In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky, Head of Global Security Architects at Google, who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era.
James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security.
Topics discussed:
- The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks.
- How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies.
- Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise.
- How fundamental security practices remain crucial for AI applications, focusing on data access control and protection.
- How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity.
- The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges.
Key Takeaways:
- Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures.
- Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices.
- Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training.
- Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration.
- Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance.
- Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development.
- Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets.
- Use tools like NotebookLM to stay current with security research and white papers while managing information overload.
- Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection.
- Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.
71 episoder
Alle episoder
×1 The Cyber Hut's Simon Moffatt on Transforming Identity Security from Static to Dynamic Defense 25:22
1 Zoom's Lee Ramsey on Transforming Customer Service Skills into Cybersecurity Success 15:08
1 Google’s James Brodsky on Securing AI and Building Security Ecosystems 26:45
1 Veeva Systems’ Justin Jettòn on Balancing Human Analysis and Automation in Threat Intel 31:56
1 VOTH 2024 Roundtable: Building Visibility in Cybersecurity 44:06
1 GigaOm’s Howard Holton on Cyber Threats Facing Small Businesses 21:58
1 CDW’s Ryan Link on Building a Culture of Continuous Learning 21:34
1 Cybersecurity Analyst & Author Deb Radcliff on the Intersection of Fiction and Cybersecurity 26:29
1 Threat Hunter Ryan Chapman on Critical Security Mistakes Against Ransomware 25:45
1 T. Rowe Price’s Matthew Winters on Threat Hunting as the Scientific Method 19:56
1 Marsh’s Gregory Van den Top on Understanding Cyber Risk in Business Strategy 18:41
1 Splunk’s David Bianco on Differentiating Threat Hunting and Red Teaming 25:42
1 S&P Global’s Eric Hanselman on Integrating Threat Intelligence into Business Strategy 20:05
1 Church & Dwight’s David Ortiz on Building Effective Cyber Risk Management Strategies 15:14
1 Rackspace Technology’s Kristof Riecke on Navigating Cloud Security Challenges 19:43
Velkommen til Player FM!
Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.