• Project Overwatch
  • Posts
  • #015 - Cyber AI Chronicle - Practical Example of AI Threat Assessment

#015 - Cyber AI Chronicle - Practical Example of AI Threat Assessment

PRESENTED BY

Cyber AI Chronicle

By Simon Ganiere · 14th April 2024

Welcome back! This week newsletter is a 11 minutes read.

Project Overwatch is a cutting-edge newsletter at the intersection of cybersecurity, AI, technology, and resilience, designed to navigate the complexities of our rapidly evolving digital landscape. It delivers insightful analysis and actionable intelligence, empowering you to stay ahead in a world where staying informed is not just an option, but a necessity.

Table of Contents

What I learned this week

TL;DR

  • On the back of last week article on AI threats governance, I spent this week putting this in practice. Leveraging the OWASP Top 10 for LLM and the OWASP Risk Rating Methodology, I’m going to walk you through an example of a company that wants to assess their very own LLM based chat bot. Obviously OWASP is one of the many frameworks that can be used and my example is not covering all threat vector, but it should give you a very practical example of how to apply those frameworks.

  • Just another few weeks in cyber: from the XZ backdoor, to Microsoft CSRB report, to Ivanti claiming security is their top priority, to Palo Alto latest zero days, to SiSense compromise…It is nearly impossible to get all of this under control. This is a whach-a-mole game at this stage. There is a need to shift the approach here, otherwise the chronic burn out of cyber team, short tenure of CISO and upset business people saying that security slow down everything will never stop. And no the answer is not going to be another AI chatbot, I actually think this will make the life of the cyber team a lot more difficult in the short term due to added complexity.

  • Have a read that the article in the “Worth a full read” section, the data shortage to build new AI model is a very important topic and show some of the existing limitations of the current model. Not everything has to be an AI model to add value to a business.

Subscribe to keep reading

This content is free, but you must be subscribed to Project Overwatch to continue reading.

Already a subscriber?Sign In.Not now