Must Learn AI Security Series: Introduction
Giving AI Security the Must Learn Treatment
Let’s start with a joke…
Q: How can you tell when there is a Microsoft person in the room?
A: The conversation turns to AI within 5 minutes.
To be honest, this is actually more a truism than a joke, but hopefully you get the gist.
AI is everywhere right now.
In a rapidly evolving digital landscape, the power and potential of Artificial Intelligence (AI) have ignited what seems like - bubble or not - a technological revolution. The latest “hotness” of Generative AI has catapulted AI into the forefront of every technology conversation and as a Microsoft person, that joke absolutely applies to me. As a technology person, I was drawn to ChatGPT early on but as a security person I was immediately worried about the security of the shiny, new thing.
This blog series begins with the haunting realization that AI, like any other technology, is susceptible to exploitation and abuse. The very intelligence that empowers AI to make autonomous decisions can also be manipulated to execute malevolent actions. Within the virtual realm, a breach of AI security can have profound real-world consequences, endangering privacy, economy, and even human lives.
Throughout the chapters that follow, I’ll delve into the multifaceted dimensions of AI security. I’ll explore the challenges posed by adversarial attacks and attempt to provide prescriptive guidance on how to monitor, capture, and mitigate each type of AI harm.
Additionally, I’ll examine the need for transparent and accountable AI systems that respect user privacy and uphold ethical standards. As AI becomes an integral part of our daily lives, it is imperative that we confront the ethical implications of its proliferation.
You’ll see very quickly that applying standard best practices for security - overlaying existing templates for good security - will work in most cases. You’ll also come to realize that most AI security is focused on first, writing secure code and then, ensuring data sources are protected.
We’re all in this together. I’m by no means an expert in AI security, but I’m working toward that because it’s the next important thing. We can all learn from one another. As I embark on this quest, I’ll extend an invitation to all here to provide feedback. You can provide feedback through the chat system here on this site, but also through the GitHub repository that will house the queries, detections, and other collateral for this series.
GitHub repo for Must Learn AI Security: https://aka.ms/MustLearnAISecurity
So, welcome to "Must Learn AI Security," a continuing and evolving comprehensive exploration of where AI and security intersect. As with the original Must Learn KQL series, the content here will be made available as a series, following a logical design to enable you to get up to speed on the topics and concepts of a secure AI. I have no clue when it will complete - or if it will. Just like Must Learn KQL it will end when it ends. As the chapters grow, you can expect a downloadable PDF book version you can read with your favorite eReader (browser, Kindle, etc.).
Obviously, I work for Microsoft and many of my references and examples will be around Microsoft Security platform products like Microsoft Sentinel, Defender, and Azure OpenAI. But I’ll try my best to keep the references to a minimum as this is an important topic for everyone - not just Microsoft customers.
I look forward to working with you all.
Lastly, here’s some recommended resources to get you started and keep you informed:
Azure OpenAI community group on LinkedIn: https://www.linkedin.com/groups/14241561/
Book: Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them
Weekly Azure OpenAI newsletter:
P.S. I started this series out of order. Chapter 1 is already available:
Need more? Want some extra nuggets of context? Listen in to the After the Blog episode…
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Subscribe to the Weekly Azure OpenAI Newsletter]
[Learn KQL with the Must Learn KQL series and book]
[Learn AI Security with the Must Learn AI Security series and book]