1、Sergej Epp,Chief Information Security Officer,The SOC Must Go On:Securing the Cloud&AI,2,My first experience with Neural NetworksJoeBot for CounterStrike(2001),3,4,2010Security trying to keep up with Threat Actors2015Security trying to keep up with Software Engineers2025Security trying to keep up wi
2、th AI Agents.,5,SCARLETEEL:220 Seconds From Zero to Data,Sysdig Cloud Threat Report,6,Cloud Security Expands from Posture to Runtime,I Can Secure My Borders,I can fix vulnerabilities in-time!My supply chain doesnt have backdoorsAI agents are totally secure!,Assume Breach,80%code is open source(e.g.b
3、ackdoors like XZ)*24%of cloud vulnerabilities are exploited before patch exists*Cloud attacks unfold in 10 minAI agents are untrusted,RUNTIME&REALTIME,POSTURE,7,Threat Model:From ChatBots to Agents,Model leaks,Training data biases,Data leaks,Training data poisoning,Hallucinations,Malicious/Backdoore
4、d model,LLM,Prompt&Response,TrainingData,Guardrails,Threats,ChatBot,8,Threat Model:From ChatBots to Agents,Model leaks,Training data biases,Data leaks,Training data poisoning,Hallucinations,Malicious/Backdoored model,LLM,Prompt&Response,Plugins,TrainingData,RAG:Unauthorized data leak,RAG:Integrity&P
5、oisoning,RAG:Indirect Prompt Injections,Memory,Guardrails,Threats,+,ChatBot,RAG,9,Threat Model:From ChatBots to Agents,Integration(API)misuse,Code execution,Plugin hijacking,Model leaks,Training data biases,Data leaks,Training data poisoning,Hallucinations,Malicious/Backdoored model,LLM,Prompt&Respo
6、nse,Plugins,Tools,TrainingData,RAG:Unauthorized data leak,RAG:Integrity&Poisoning,RAG:Indirect Prompt Injections,Memory,Reasoning,Guardrails,Threats,+,+,ChatBot,RAG,Agent,10,AI Works Only with Command and Code Execution,11,Shift Left for AI Models is Fake,12,Your AI Workload Is Your New Perimeter,In