Application Security Weekly Subscribe

Application security, Data Security, AI/ML, Bug Bounties

AI & Hype & Security (Oh My!) & Hacking AI Bias – Caleb Sima, Keith Hoodlet – ASW #284

May 6, 2024

Full Audio

View Show Index

Segments

1. AI & Hype & Security (Oh My!) – Caleb Sima – ASW #284

A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injection to jailbreaking to authenticity. Caleb Sima explains why it's important to understand the different types of AI and the practical tasks necessary to secure how it's used.

Segment resources:

Guest

CSO | CEO | Founder at Cloud Security Alliance

Caleb serves as the Chair of CSA AI Security Initiative. Prior Caleb served as Chief Security Officer at Robinhood where he focused on keeping customers safe. Prior to Robinhood he was Security CTO at Databricks a leading data analytics and machine learning company where he built the security team from the ground up. Previously he was a Managing VP at CapitalOne, where he spearheaded many of their security initiatives. Prior to CapitalOne, Caleb was CEO of Armorize which was acquired by Proofpoint. He also founded SPI Dynamics and BlueBox security, which were acquired by HP and Lookout. He is attributed as one of the pioneers of application security and holds multiple patents in the space and is also the author of Web Hacking Exposed. He serves as an advisor, investor, and board member for security companies.

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

2. Hacking AI Bias with Human Techniques – Keith Hoodlet – ASW #284

We already have bug bounties for web apps so it was only a matter of time before we would have bounties for AI-related bugs. Keith Hoodlet shares his experience winning first place in the DOD's inaugural AI bias bounty program. He explains how his education in psychology helped fill in the lack of resources in testing an AI's bias. Then we discuss how organizations should approach the very different concepts of AI security and AI safety.

Segment Resources:

Guest

Application Security Manager at Thermo Fisher Scientific

Keith Hoodlet is the Application Security Manager at Thermo Fisher Scientific. He is the Co-Founder of the InfoSec Mentors Project .

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Related

Application security

AI fixes everything, C++ the actual worst, IAM is hard – ASW #308

November 18, 2024

This week, in the Application Security News, we dismiss magical thinking and discuss what generative AI will actually be able to do for us. We also discuss whether Secure by Design's goals are practical or not. OSC&R releases a report on software supply chain that should be interesting, though neither of us had time to read it yet. Also, Wat...

Vulnerability Management

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more… – SWN #430

November 12, 2024

Struwwelpeter, Krampus, Flutter, Apple, DLink, C++, Josh Marpet and more on the Security Weekly News.

Application security

Typosquatting NPM, vulnerability analysis, and AI challenges – ASW #307

November 11, 2024

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response. Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish. Is it bad that 70% of DevSecOps profe...