The adoption of the generative AI in the company, which is growing at high speed, is generating new security challenges, since cybercriminals are also using it to develop attacks of a more sophisticated level, and that they are also more difficult to detect. Given this, Cyberark warn that to guarantee the safety of the applications promoted by generative It is necessary Implement robust identity controls.
In addition, in doing so it is necessary to pay special attention to machine identities, which are responsible for the correct access and operation of this type of applications. Therefore, according to the Vice President of Solutions for Global Strategic Partners of Cyberark, Yuval Mosssecurity equipment must reinforce the protection of the generative the infrastructure taking five measures.
The first is the protection of APIS and AI models. Programming interfaces and Deep Learning models are entrance doors to generative AI systems, so they require the implementation of advanced security measures to avoid injection or data filtration attacks.
Another of them is the surveillance of business data security. Companies train their generative AI models with internal data that may contain sensitive information. Protecting them is very important to avoid unauthorized access to information.
It is also necessary to deploy and use safe implementation environments. Both in the cloud and in the facilities of the companies. The security of the identity of the environments in which the generative AI applications are executed is essential to avoid security gaps.
On the other hand, we must bear in mind that implementing permanent zero privileges (ZSP) helps to ensure that users can only access the data and assume concrete functions when necessary to do it. In areas where it is not possible to implement ZSP, it is advisable to deploy access with minimal privileges to reduce the attack surface, in case the user can be compromised.
Finally, it is necessary to ensure that there is a Centralized monitoring and audit. The continuous and constant supervision of all identities, both human and machine, allows the detection and mitigation of real -time threats.
