RSAC As companies rush to capitalize on the AI craze and bring machine learning-based apps to market, they aren't paying enough attention to application security, said AWS Chief Information Security Office Chris Betz.
Looking to the Future of Security: Leadership Tips from Aman Sirohi, CISO at People.ai
"Enterprises are forgetting application security in their rush to use generative AI," Betz told The Register during an interview at the RSA conference in San Francisco last week.
There must be safeguards and other safeguards around these advanced neural networks, from training to inference, to avoid them being exploited or used in unexpected and unwanted ways, we are told: "A model does not stand on its own. A model exists in context with an application."
Betz described securing the AI stack as a three-layer cake. The bottom layer is the training environment, where the large language models (LLMs) on which generative AI applications are built. That training process needs to be robust to ensure that you don't, among other things, throw in and take out garbage.
