Demystifying AI security through observability

Although AI often seems shrouded in mystery, the US Cybersecurity and Infrastructure Security Agency (CISA) simply describes AI as a type of software system. However, the applications built around these software systems often involve highly sensitive business, financial, compliance, operational, and personal data. As organizations race to get their latest LLM-generated offering to market to enhance user experiences, they often overlook security.??

In fact, a recent report found that 82% of business leaders view secure and trustworthy AI as essential for their operations, but only 24% are actively securing generative AI models and embedding security processes in AI development. A majority of these are prioritizing innovation over security, especially since gaining visibility into how these models work is notoriously elusive.??

But innovations in AI observability are flipping that script, with end-to-end views into the complete AI stack of modern applications. This observability ranges from foundational models and vector database metrics to orchestration frameworks covering modern retrieval-augmented generation (RAG) architectures. An observability-first approach is crucial for automating secure software development and security standards compliance.?

In this issue of Cloud Cover, we focus on demystifying AI models and AI security through observability and automation.??

What security challenges are you facing as you pursue AI innovation? Leave us a comment with your questions about AI security and observability.?

Is implementing KSPM to secure Kubernetes containers too complex??

Nearly 84% of accessible Kubernetes API instances allow some form of open access, according to the Shadowserver Foundation. These result in unnecessarily exposed attack surfaces and information leaks.?

?As Kubernetes evolves, so does the need for effective security and regulatory compliance measures. In response, organizations are spinning up Kubernetes security posture management (KSPM) practices to monitor, assess, and ensure the security and compliance of their Kubernetes environments. But it’s complex to implement. Observability-driven security is helping organizations overcome the complexities of implementing KSPM.??

How do you automate runbooks for context-aware security incident response??

Many security teams use runbooks to glue together tools, processes, events, and actions for security incident response. But a runbook is only as good as its automated workflows. Moreover, implementing high-level best practices can be challenging because every situation is unique. This demo shows how easy it is to orchestrate application security, observability, and platform engineering using a platform approach and technologies such as Tetragon for eBPF-based security monitoring and Kyverno to automatically kick attackers out of your clusters.?

How Rome's busiest airport keeps summer travelers moving and their data secure?

Pietro Caminiti at Aeroporti di Roma (ADR) doesn’t invest in technology for technology’s sake. As Italy’s largest airport system, one of ADR’s top priorities is to integrate protections against security vulnerabilities and attacks into traveler information systems including security checks, border control, baggage handling, and airside operations. By unifying data from services across its hybrid-cloud environment into a single source of truth, ADR delivers millions of passengers to their destinations on time while keeping their data secure.?

For AI trend watchers, AI development is at a crucial inflection point as organizations and individuals grapple with how this transformative technology is affecting our lives now and in the future. Not only is AI a tremendous benefit to security operations, but attackers are also weaponizing “adversarial AI” to hinder threat detection and sabotage systems.?

Not surprisingly, AI dominated the coverage at this year’s RSA conference in San Francisco. And in this crucial election year, Homeland Security Secretary Alejandro Mayorkas delivered a keynote and a roundtable discussion with Rumman Chowdhury about AI safety. Also, Secretary of State Antony Blinken delivered a keynote, encouraging developers to think about “tech for good” as a benefit for all humanity.??

Guest speaker Janet Worthington, senior analyst at Forrester, joins Dynatrace Application Security product management director Amit Shah to discuss the state of application security and why organizations need AI-powered runtime security everywhere. Register now for this on-demand webinar.?

Jane Mulcaster compiled our newsletter this month. Click Subscribe so you never miss a beat! Between issues, keep current on all the news and innovation from Dynatrace by following us on LinkedIn or visiting us at Dynatrace Blog.??