EP136 Next 2023 Special: Building AI-powered Security Tools - How We Do It?

Guest: 

• Eric Doerr, VP of Engineering, Google Cloud Security

 Topics:

• You have a Next presentation on AI, what is the most exciting part for you?

• We care both about securing AI and using AI for security. How do you organize your thinking about it?

• Executive surveys imply that trusting an AI (for business) is still an issue. How can we trust AI for security? What does it mean to “trust AI” in this context? 

• How should defenders think about threat modeling AI systems? 

• Back to using AI for security, what are the absolute worst security use cases for GenAI? Think “generate code and run it on prod” or something like that?

• What does it mean to “teach AI security” like we did with Sec-PALM2? What is actually involved in this?

• What were some surprising challenges we ran into here?

 Resources:

• “Generative AI for defenders with Sec-PaLM 2 and Duet AI” presentation at Google Cloud Next 2023

• “The Prompt: What to think about when you’re thinking about securing AI” and a new paper on securing AI

• “AI and Security: The Good, the Bad, and the Magical” (ep135)

• Monitor and secure Vertex AI

• “Introducing Google’s Secure AI Framework” blog

• “Project Hail Mary” book