Cloud CISO Perspectives: AI vendors should share vulnerability research. Here’s why

Welcome to the first Cloud CISO Perspectives for October 2024. Today I’m discussing new AI vulnerabilities that Google’s security teams discovered and helped fix, and why it’s important for AI vendors to share vulnerability research impacting their technology.

As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.

--Phil Venables, VP, TI Security & CISO, Google Cloud

Why AI developers need to share vulnerability research

By Phil Venables, VP, TI Security & CISO, Google Cloud

At Google, we take cybersecurity research very seriously. Exploring new ways to protect systems and code, and to fix vulnerabilities when they are found, plays an important role in technology — especially rapidly-developing technology like AI.

We have made important progress in exploring the risks organizations can face from AI, including developing our AI Red Team, sharing our Secure AI Framework (SAIF) efforts, and investing in better cyber defenses. By necessity, securing AI reflects the complexity of AI itself, and includes defending infrastructure, application security, detection and response, trust and safety controls, and vulnerability research.

“We detail our findings, how we found and fixed the issues internally, and how we reported our findings to similar cloud providers,” the CVR team said. Importantly, they didn’t limit their research to Vertex AI. “We continued this research on another large cloud provider, discovered similar vulnerabilities in their tuning architecture, and reported these vulnerabilities using their standard vulnerability disclosure process.”

At Google, we place great importance on delivering our AI technology to our customers, and part of that process means security testing and researching our AI products. It’s simply part of our culture. Fixing and mitigating vulnerabilities is crucially important for building trust in new technology, and so is disclosing those findings and discussing them.

As an emerging technology, AI will face intense scrutiny from attackers and researchers. While the AI industry is learning together how best to analyze and secure AI, it’s essential that we normalize the discussion of AI vulnerability research.

That’s why it’s vital for AI developers to normalize sharing AI security research now. Google Cloud intends to lead efforts to enhance security standards globally by promoting transparency, sharing insights, and driving open discussions about AI vulnerabilities so we can collectively work towards a future where gen AI is secure by default.

Conversely, not sharing vulnerabilities once they’ve been remediated raises the risk that similar or identical vulnerabilities will continue to exist on other platforms. As an industry, we should be making it easier to find and fix vulnerabilities, not harder.

Reaching that future will require communication and collaboration. The Coalition for Secure AI and the open-source Secure AI Framework (SAIF) that it’s based on have important roles to play. By investing in and developing an AI security framework that stretches across the public and private sectors, we can make sure that developers safeguard the technology that supports AI advancements. This will help ensure that AI models are secure by default when they’re implemented.

We want to expand the strong security foundations that have been developed over the past two decades to protect AI systems, applications, and users. Similarly, we advocate for consistent control frameworks that can support AI risk mitigation and scale protections across platforms and tools. Doing so can help ensure that the best protections are available to all AI applications in a scalable and cost efficient manner.

Stigmatizing the discovery of vulnerabilities will only help attackers. We hope that encouraging vulnerability transparency and driving open discussions will empower developers and other Cloud providers to follow, addressing security issues without fear of reprisal. It is this mentality that will ultimately help push the AI industry forward.

Let’s raise the bar of AI security industry-wide, as we collectively work towards a future where foundation models are secure by default.

For more leadership guidance from Google Cloud experts, please see our CISO Insights hub.

In case you missed it

Here are the latest updates, products, services, and resources from our security teams so far this month:

• Confetti cannons or fire extinguishers? Read our guide to securing cloud security surprises: Too often, security teams get late invites to product launches. Here’s our guide for how to secure surprise projects so you can quickly swap emergency fire hoses for confetti cannons. Read more.
• How virtual red teams can find high-risk cloud issues before attackers: One of Security Command Center’s advanced capabilities is detecting attack paths with a virtual red team. Here’s how it works and why you need it. Read more.
• New Confidential Computing updates for more hardware security options: Several new Confidential Computing options and updates in the Google Cloud attestation service are now generally available. Here’s what’s new. Read more.
• Project Shield expands free DDoS protection: Marginalized groups and non-profit arts and sciences organizations can tap into the power of Project Shield for protection against DDoS attacks, free of charge. Read more.
• How to protect your site from DDoS attacks with Cloud Networking: Tap the power of Google Cloud Networking and Network Security to protect workloads anywhere on the web, just like Project Shield does. Read more.
• You can now sign Microsoft Windows artifacts with keys protected by Cloud HSM: You now can perform code signing in your Microsoft ecosystem using SignTool, while protecting your keys with Cloud HSM. Read more.
• How Google Cloud supports telecom regulatory compliance: Operating a telecom network is more than just connecting phone calls. Here’s how Google Cloud is helping them to maintain regulatory compliance. Read more.

Please visit the Google Cloud blog for more security stories published this month.

Threat Intelligence news

• Get reverse-engineering analysis in your browser with capa Explorer Web: We’re introducing capa Explorer Web, a web-based interface to display the results found by the capa reverse-engineering tool. Read more.

Please visit the Google Cloud blog for more threat intelligence stories published this month.

Now hear this: Google Cloud Security and Mandiant podcasts

• How to secure inherited cloud projects: Following our blog on organizing cloud security, Google Cloud’s Taylor Lehmann, director, Office of the CISO, and Luis Urena, cloud security architect, discuss with podcast host Anton Chuvakin how to respond when a security team is invited to secure a cloud project late in the process. Listen here.
• Can AI keep a secret: Google Cloud’s Nelly Porter, director of product management, Cloud Security, explains to Anton exactly what customer problems Confidential Computing can solve when combined with AI. Listen here.
• Defender’s Advantage: Using LLMs to analyze Windows binaries: Vicente Diaz, threat intelligence strategist, VirusTotal, joins host Luke McNamara to discuss his research into using Gemini to analyze Windows binaries and how this can help security operations. Listen here.
• Defender’s Advantage: How threat actors bypass multi-factor authentication: Josh Fleischer, principal security analyst, Mandiant, chats with Luke on the latest trends in MFA bypass, and how threat actors are conducting adversary in the middle (AiTM) attacks to gain access to targeted organizations. Listen here.

To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in two weeks with more security-related updates from Google Cloud.