Loading…
or to bookmark your favorites and sync them to your phone or calendar.
arrow_back View All Dates
Friday, November 15
 

11:30am IST

Threat Modelling is, Buy’n’Large, the best way to secure generative AI
Friday November 15, 2024 11:30am - 11:45am IST
   If there’s any one thing that I took away from watching the 2008 children’s film Wall-E, it’s that the fictional megacorporation Buy’n’Large (BnL) had woeful threat modelling processes. In this fusion of fiction and real-world experience, I will demonstrate some practical examples of threat modelling generative AI systems and large-language models. I will draw on my experience threat modelling AI within the fintech and media industries, and illustrate these learnings of mine practically through one of Buy’n’Large’s own AI systems: Autopilot. We will discuss a number of AI-specific threats and how they should be tackled practically in BnL’s threat modelling sessions. These include: data tampering, information leakage, elevation of privilege, adversarial inputs, model inversion, and reprogramming; some of these relating to Wall-E plot points, and some to consider what else could potentially have gone wrong. Throughout this we will emphasise that threat modelling must leverage fast and agile methods to keep pace with data science teams working on AI. We will also discuss how AI can affect the trust dynamics of a threat model, and make an argument for a zero-trust approach to application architectures that leverage AI. Welcome to the newly formed BnL appsec team; we look forward to working with you.
                                   
    
Speakers
avatar for Chris Cooper

Chris Cooper

Director of Product Security, News Corp
Friday November 15, 2024 11:30am - 11:45am IST

11:45am IST

My Threat Modeling Journey
Friday November 15, 2024 11:45am - 12:30pm IST
  My Threat Modeling Journey is a personal account of [name]'s experiences in learning, applying, and teaching threat modeling. In this talk, [Name] how he first encountered threat modeling and how his understanding of security practices has evolved over time. He discusses the challenges faced in implementing threat modeling in various environments, from workshops to real-world applications, and how these experiences have shaped his approach to improving security design.
Through a combination of hands-on application and community-driven initiatives, including the establishment of an open threat modeling community in Japan, [Name] emphasizes the importance of continuous learning and collaboration. His journey also highlights the value of diversity in threat modeling, showcasing how different perspectives contribute to identifying and mitigating security risks more effectively.
   
    
Speakers
avatar for Takaharu Ogasa

Takaharu Ogasa

CEO, Security Initiative
Friday November 15, 2024 11:45am - 12:30pm IST