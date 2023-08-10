This year’s Black Hat USA conference in Las Vegas saw a significant focus on the risks surrounding artificial intelligence (AI) and the urgent need for effective risk management. Cybersecurity professionals and CISOs have started recognizing the multilayered risks associated with AI. However, the challenge lies in determining the necessary steps to establish and enforce sensible risk management policies.

Hyrum Anderson, a prominent AI security researcher and co-author of “Not with a Bug, But with a Sticker: Attacks on Machine Learning Systems and What To Do About Them,” expressed his satisfaction that these conversations about AI risks are finally taking place. He believes that awareness about AI security has grown considerably in the past year, and there is a lot of excitement around the topic at both Black Hat and RSA conferences.

One of the significant themes at this year’s Black Hat USA conference was the emergence of new threats related to AI systems. Researchers presented findings on vulnerabilities in generative AI that make them susceptible to compromise and manipulation. They also discussed AI-enhanced social engineering attacks and the vulnerability of AI training data to poisoning, impacting the reliability of ML models. Recent research by Will Pearce of Nvidia, in collaboration with Anderson, demonstrated that training data can be easily manipulated for a mere $60.

Black Hat Arsenal featured Hyrum Anderson unveiling the open-sourced AI Risk Database, developed in collaboration with MITRE and Indiana University. The database aims to assist in discovering and quantifying the risks associated with vulnerabilities in AI systems.

The conference also addressed the challenges of developing AI risk policies. Siva Kumar, co-author of Anderson’s book, explained that implementing unified standards for AI risk management is complex due to the intricate nature of AI systems. He emphasized that existing standards were created by intelligent experts who are striving to provide early guidelines for this rapidly evolving landscape. Engineers, however, are finding it challenging to interpret these standards, and there are many technical trade-offs that must be considered when setting AI risk policies.

In conclusion, Black Hat USA showcased the growing awareness and discussions surrounding AI risk management. The conference highlighted the need for robust risk management policies, technical expertise, and collaboration among industry professionals to address the unique challenges posed by AI.