Securing AI Assistants: A Comprehensive Look at Threats and Controls

Transcript

AI copilots are rapidly becoming central to operations, making data security paramount. Andra Lezza, a Principal AppSec Specialist at Sage and an OWASP London chapter lead, detailed the challenges and best practices for safeguarding the data that powers these systems, covering data ingestion through deployment and monitoring.

Why This Matters

Current AI copilot security often falls short of ideal models due to the complexity of real-world implementations; systems reaching into backend systems for efficiency introduce significant vulnerabilities. A data breach impacting sensitive information like intellectual property or PII could result in substantial financial and reputational damage, costing organizations millions in remediation and fines.

Key Insights

• Prompt injection risks are not new: Exploitation occurs when user prompts alter LLM behavior, a phenomenon analogous to previous web app vulnerabilities (OWASP).
• Copilot architectures dictate security approaches: Independent (single-domain) copilots focus on deep integration, while integrated (multi-tenant) systems require complex isolation.
• Temporal is utilized by major fintech companies: Stripe and Coinbase leverage Temporal for reliable workflow orchestration and resilience.

Practical Applications

• Financial Institution: A bank uses an AI assistant to analyze customer transaction data. Strict authorization controls, role-based access, and data masking are essential to prevent unauthorized access to financial records.
• Pitfall: Overly permissive access controls on AI assistants can expose sensitive data to unauthorized users or external parties, leading to data breaches and compliance violations.

References:

• https://www.infoq.com/presentations/securing-ai-assistants/
• https://owaspai.org/