Various research findings, articles and other resources underline the fact that this was necessary:
- A study by API specialist Kong (Download for Data) comes to the conclusion that a majority of respondents have found ways to circumvent restrictions on AI use. A quarter doesn’t even have to deal with anything like guidelines.
- With its Adversarial Threat Landscape for Artificial Intelligence Systems (ATLAS), the non-profit organization MITER provides a comprehensive database of attack tactics based on “in the wild” observations.
- MIT also operates an active database that contains more than 1,700 risks related to AI systems.
- Another source for dealing with AI-related attack methods is the LLM exploit ranking (PDF) published by OWASP in 2023. The non-profit organization has also published a GenAI security checklist.
It is advisable to look into these sources before deciding on a security tool or feature from the AI-SPM area.
What Security Posture Management should do for AI
Tools in the area of AI Security Posture Management:
- usually offer agentless configurations,
- access cloud-based models and
- leave data on the existing platforms.
The latter serves both security and to avoid the relocation of the associated massive data sets. Of course, security tools for AI infrastructures also play a role AI related features a role. For example, to classify, track and protect large amounts of data against possible misuse and attack attempts.
Some vendors have expanded their existing CSPM or DSPM solutions to include AI-SPM features – including compliance auditing procedures, best practices and guidelines that cover all three security posture management types. Others offer more comprehensive solutions that include a variety of AI-related security measures. For example, to:
- Protect AI pipelines and workloads,
- detect when AI models reference sensitive data,
- Check training data for manipulation by third parties or external applications, and
- Securing AI services and platforms.
Major AI SPM providers
Below we have summarized the AI-SPM products and features from nine different providers for you. All solutions promise to secure your AI infrastructure, but rely on different approaches to do so. It should be noted that this is a market that is growing. The products are therefore not yet as comprehensively designed and integrated as they could be. In addition, various other security providers are actively working on similar offerings.
