Security Leaders Share Their Thoughts on Generative AI

Companies all over the world are in a race

... to onboard generative AI technologies and gain a competitive edge. However, identifying the right use case and knowing where to start is a major hurdle for many business and technology leaders. In this video, hear from three AWS customers and security leaders about how their companies are approaching generative AI.

Transcript of the conversation

Featuring security leaders at People.AI, Trellix, and Red Canary

What are CISO Circle participants saying about generative AI?

Danielle Ruderman (00:03):
Security and AI is a very broad topic, and we found that our CISOs are concerned in a couple of different areas, one obviously being ChatGPT, large language models. Their teams want to use them, their coders want to use them, so we have to talk about, as a CISO responsible for securing your organization, what policies and procedures do you put into place? How do you think about your teams using this?

I think what's interesting is that many CISOs want their teams to use it. They really see the potential of these tools, so we talk about what kind of guardrails you need to have in place, how to use them responsibly. Those are very important discussions.

Aman Sirohi (00:34):
What I think we are going to run into pretty quick is going to be around the AI risk. What is this risk exposure to your company, to your customers?

Every contract that I know about says third-party data cannot leave your environment and go to a third-party source. Now whether it's whichever AI model you want to use, that data is now leaving your environment, going to a third-party source and coming back and giving you some answer. So I think there's going to be a lot of change in how legal looks at it, how risk is assumed by the customer, by the company. I think there's going to be a lot of innovation in the space.

How are CISOs finding secure ways to leverage generative AI?

Danielle Ruderman (01:19):
We also see some real aspirational thinking in what the future means with AI. Some of our CISOs feel that this is an amazing opportunity for us to scale bringing new talent into security.

Sometimes the on-ramp, like getting people the knowledge they need, can be challenging, but maybe these tools are something that can help a junior SOC analyst or other security folks really lean in and get the tools they need and develop skills faster, which will really help us as an industry develop more security professionals.

Martin Holste (01:45):
Well, in business terms, you have to start using generative AI or you're going to fall behind. So as a CISO, you have to find a way to allow your people to be productive, but also, do it in a safe way.

I'm a huge proponent of using generative AI as much as possible in a standard business. And so, we do a lot of training internally on how to use all kinds of different AI so that they can be more productive. Along those lines, we also have controls in place to make sure that it's impossible for them to accidentally copy and paste something to go where it shouldn't.

Do the benefits of generative AI outweigh the security risks?

Danielle Ruderman (02:14):
I think the third thing that's been very interesting is the promise of AI to help even mature security professionals lean into what they have to do. Imagine if you're analyzing logs and you've learned to code in a certain language, maybe Python, but now you need to go analyze logs and learn how to write SQL queries. The barrier there is having to learn these different languages to extract. You know where the data is, but you have to learn how to pull it out with the different code. Imagine if you could just tell the AI what you want to do and what data you want to pull together to do your analysis, without having to learn all these different esoteric coding models.

There's a lot of power there that can really help us speed the time to investigations, and really help everyone from our junior security professionals to our very mature professionals do their jobs faster.

► Listen to the podcast: The Value (and Threat) of Generative AI for Security Teams

Chris Rothe (02:58):
The big challenge in security ultimately is there's not enough people to go around. And so that's why it's so important the work that AWS does in terms of making the platform more secure and the services more secure, inch by inch, mile by mile.

Generally speaking, we want everyone across the Red Canary team using generative AI in a way that makes sense for their roles. Whether you're a sales person and you've just had a great call with a customer and you need to put together a follow-up email, let's make that faster and make the quality of that communication better. Because ultimately, that's better for the customer and better for you, because it took you five minutes instead of maybe an hour.

So that's been our approach, is to make sure that everyone can use it in a safe way. But I think we're early in that in terms of learning what are the pitfalls and what are the challenges associated with that? What type of legal things are going to come up over the next several years as it relates to generative AI?

Showing results: 1-3
Total results: 100
  • Publication Date
  • Alphabetical (A-Z)
  • Alphabetical (Z-A)
 We could not find any results that match your search. Please try a different search.
  • Vodcast

    Right-Sizing Security Across Amazon Businesses

    A conversation with Amazon CSO Steve Schmidt

    Security leadership requires a holistic approach across physical and digital domains — and Amazon's diverse business portfolio presents unique challenges and opportunities in both realms. In this interview with Steve Schmidt, Amazon's Chief Security Officer, we'll explore how Amazon implements security across AWS, amazon.com, Whole Foods, Prime Video, Kuiper and more.

    Watch now

  • Podcast

    Adapting Security Practices to the New Threat Landscape

    ExecSummit at AWS re:Invent 2024

    Hear from Amazon CSO Steve Schmidt, AWS CISO Chris Betz, and AWS VP, Security Assurance Sara Duffer for an insightful panel discussion about the evolution of security best practices in the modern era. Learn how emerging technologies are reshaping the risk landscape, how to prep for new compliance regulations, and how to enact the right governance strategies to keep your organization secure at every level.

    Watch now

  • Whitepaper

    Building Security from the Ground up with Secure by Design

    In partnership with the SANS Institute

    AWS recently partnered with SANS Institute to explore the role of Secure by Design (SbD) in an effort to adopt a proactive approach to development that prioritizes foundational security. Read the whitepaper to learn how you can get started on the path to building secure products with a multi-layered strategy that can help you mitigate vulnerabilities early, and meaningfully improve your technical and business outcomes.

    Download now