AI Security Donut: Discover, Assess, Control, Report
Key Points
- The speaker proposes protecting AI systems with a “donut” of layered defenses that cover data, models, usage, infrastructure, and governance.
- Effective AI security requires four core capabilities—discover, assess, control, and report—to create a comprehensive protection framework.
- “Discover” involves locating all AI workloads across cloud and on‑premises environments, including hidden or unauthorized “shadow AI,” ideally using agentless methods, and then aggregating their logs into a searchable data lake for monitoring.
- “Assess” focuses on scanning the AI landscape for known vulnerabilities and misconfigurations, with the goal of not only identifying but also automatically remediating security issues.
Sections
- Untitled Section
- AI Security Posture Management Overview - The speaker explains AI security posture management—detecting policy drift, conducting penetration testing, and automatically scanning imported third‑party models for malware to maintain consistent, secure AI operations.
- Implementing AI Guardrails and Data Leakage Controls - The speaker outlines the need for trustworthy control mechanisms to block jailbreak attempts, prevent sensitive data from exiting the system, and establish reporting for risk management.
Full Transcript
# AI Security Donut: Discover, Assess, Control, Report **Source:** [https://www.youtube.com/watch?v=2A94Mxn3jAc](https://www.youtube.com/watch?v=2A94Mxn3jAc) **Duration:** 00:09:08 ## Summary - The speaker proposes protecting AI systems with a “donut” of layered defenses that cover data, models, usage, infrastructure, and governance. - Effective AI security requires four core capabilities—discover, assess, control, and report—to create a comprehensive protection framework. - “Discover” involves locating all AI workloads across cloud and on‑premises environments, including hidden or unauthorized “shadow AI,” ideally using agentless methods, and then aggregating their logs into a searchable data lake for monitoring. - “Assess” focuses on scanning the AI landscape for known vulnerabilities and misconfigurations, with the goal of not only identifying but also automatically remediating security issues. ## Sections - [00:00:00](https://www.youtube.com/watch?v=2A94Mxn3jAc&t=0s) **Untitled Section** - - [00:03:05](https://www.youtube.com/watch?v=2A94Mxn3jAc&t=185s) **AI Security Posture Management Overview** - The speaker explains AI security posture management—detecting policy drift, conducting penetration testing, and automatically scanning imported third‑party models for malware to maintain consistent, secure AI operations. - [00:06:11](https://www.youtube.com/watch?v=2A94Mxn3jAc&t=371s) **Implementing AI Guardrails and Data Leakage Controls** - The speaker outlines the need for trustworthy control mechanisms to block jailbreak attempts, prevent sensitive data from exiting the system, and establish reporting for risk management. ## Full Transcript
AI is at the center of everything we do these days.
But what goes around this center to protect it?
In many cases, not very much.
I'm gonna suggest that we consider wrapping this AI with a donut of defense capabilities.
Why a donut?
Because donuts are delicious, right?
Previously, I did a video on "AI, the New Attack Surface", where I talked about the need to secure the data, secure the model, and secure the usage.
And also have a security for the infrastructure that all of this runs on,
and ultimately a governance layer so that we make sure that the whole system is in alignment with our intent.
In this video, we're gonna take a look at an approach to securing the data, securing the model, and securing the usage,
and leverage a donut diagram to tie all these defenses together.
So, let's dig in.
Okay, so now let's take a looks at what kind of security capabilities we should add into this donut.
The other donut tasted good, but now we need something we can really sink our teeth into.
So what we need are four major sets of capabilities.
We need to be able to discover, assess, control, and report.
We're going to take a look at some of the capabilities we need in each one of these areas.
So let's start with discover.
So I'm going to need to discover all uses of AI in my environment, especially looking across all the platforms, cloud platforms, as well as in-house platforms on premises,
because what I'm looking for are not only the known uses, which I will then inventory, but I also want to know about the unknown, unauthorized uses of AI.
We call this shadow AI.
So you can't secure what you can see.
If you don't know that somebody's got an AI implementation in your environment, you definitely can't security it.
So we need to be able to find all of those things.
We need to be able to see all the AI that we have in our environment, whether it's a machine learning or a large language model, all of those kinds of things.
And hopefully we can do it with an agentless type of approach because I don't know where to deploy all the agents.
I need to just be able discover them.
So, the next thing then is to observe.
I need be able look at some of the, after I've discovered some of these systems, I need able to be see the logs
that those AI systems are creating and examine them.
I'd like to collect all of them into a large open data lake that I can then do more searching.
I could use that searching to do threat management and things of that sort.
So, if I can discover it and then I can see it, I can start drilling down.
And that drill down is when I really start getting the ability to do more security.
The next piece of our security defense for AI involves assessing.
So in this case, what I need to be able to do is scan my AI environment, looking for vulnerabilities, known vulnerabilities.
And we need to look for misconfigurations and things like that that may occur.
And if possible, even correct some of those things.
This is what we essentially call AI security posture management.
So stand up straight when you're doing posture management, right?
We're basically trying to make sure that any mistakes that occur, anything where we were maybe once in policy and then drifted out of policy,
we've discovered those things and now we're gonna get the system back in line.
We discovered maybe some cases of AI that were shadow.
Now we're going to get them in line and make sure that they are in lockstep as it needs to be.
Another thing we need to do is to be able to scan our AI and pen test it.
Pen testing is another word for, short for penetration testing.
But pen testing, basically the bad guys are going to be doing this.
They're going to probing your system and seeing what they can do, seeing what can get away with.
And we're also going to importing models into our environment and those models could be infected.
Most organizations are not going to create their own models.
It's too expensive, it's too time consuming, they don't have the expertise.
So what they're going do is pull models in from some other source, either from a vendor or from some open source.
And they're a Places like Hugging Face that have more than a million and a half AI models with billions of parameters,
nobody has been able to inspect all of those by hand, manually.
We don't have enough time in our lives to do all of that.
So I need to be able to scan those models just like I would software to make sure there's not malware.
I want to scan these models and make sure that they're not infected as well, because they're essentially introducing an element of third party risk.
And I want to be able to pin test these models
to make sure that the things that the bad guys might be trying to do against my AI system are not gonna work.
So we try it first before they get a chance to.
Continuing with our donut, now we need to add some control capabilities.
We'll talk about a couple of different major classes of controls.
The first I wanna mention is an AI gateway.
In other words, something that is between the user, which is gonna come in and put a prompt into our system,
and we need to decide, is that a legitimate prompt or not?
Do we really want to allow this to go?
Because they may be trying to do a prompt injection attack.
I did a whole video on that topic.
And OWASP, the Open Worldwide Application Security Project says prompt injection is the number one type of attack against generative AI and large language models.
So we need be able to look for those kinds of essentially social engineering attacks against our AI.
And we to detect those.
And once we do ...
then we can decide, do I want to allow this to go?
If it seems legitimate, then okay, sure, we'll go ahead and let this hit our AI.
But if it's not, then I wanna block it in that case.
Now, I could do a couple of different things here.
I could just monitor and report if it looks like our AI is under attack, or I could actually block it.
Now, why would I only monitor instead of block?
In some cases, if the installation is new, we wanna make sure that the controls are appropriate.
And we don't want to interrupt the business.
So at some point we'll decide that we can trust our controls are correct, and then we can go ahead and do the blocking.
So that ability and also adding guard rails so that if someone tries to do a jailbreak against our AI,
have it do things that it's really not supposed to do, maybe violate safety rules or things like that, then we want to be able to block that as well.
So that's an important capability that we could put in.
And we have this gateway where
all our requests are proxied through, or it's through an API call so that we can have AI applications or other applications calling it,
then that's where we put the control point in.
Another thing we need to be able to do is guard against privacy violations.
So we might have lots of sensitive information.
We might have what we refer to as personally identifiable information, personal health information,
or we could have company confidential information, anything that's sensitive.
In this case, I was talking about controlling the stuff coming into the AI.
Here I'm much more concerned about what's going out.
And I want to make sure that any of that stuff that's really sensitive is not in fact leaving my environment, because that could be bad news for us as well.
And now we're up to the last part, the reporting part.
And what we want to do here is some form of risk management.
There's risk in every system and we have to figure out how much we're willing to tolerate but, I can't do any of that if I can visualize what all of that is.
I can make informed decisions.
That's why we did the discovery.
That's what we did all of these other kinds of things as well.
So what I really need then is a dashboard that visualizes all of that for me.
Something that tells me what are the prioritized risks.
We found a vulnerability here.
We found one there.
Somebody's trying to do something here.
Is this critical?
Is it low importance?
Where does this fit in the scheme of things?
And I'd like to have one place where I can see it all.
Double click down and continue to figure all of this stuff out from.
So that's an important part of being able to do prevention detection.
Now here we're looking at the response.
And then the final piece of this is compliance.
Compliance, we've got to follow certain rules, regulations, our own security policies.
We need audit reports and things of that sort that tell us if in fact we're following our own policies or not.
If we're matching some of those frameworks. Maybe we.
use the Miter AI Risk Management Framework.
Maybe I wanna map myself against that OWASP Top 10 list that I mentioned to you earlier.
So there could be other frameworks that we develop on our own,
but I wanna be able to make sure that I've got all of these things, everything's operating properly and I can report and prove that that's the case.
So if you take all of things together, discover, assess, control and report,
then your AI at the center of this defensive donut will be delicious and it won't be able to be breached.