当护栏不足以应对安全威胁时：利用架构控制重塑智能体人工智能安全.pdf

1、#BHUSA BlackHatEventsWhen Guardrails Arent EnoughWhen Guardrails Arent EnoughReinventing Agentic AI Security With Architectural ControlsDavid Richards Brauchler III#BHUSA BlackHatEventsA Story:Consider An Alternate History The year is 1991,HTTP 0.9 released All web traffic accesses static pages Prim

2、ary risk:Modified site content In response,we invent the WAF As the web develops,WAF is our first(and often only)line of defenseWAF#BHUSA BlackHatEventsAnd Yet Vulnerabilities PersistedWAF#BHUSA BlackHatEventsWeve Approached AI The Same WayGuardrails#BHUSA BlackHatEventsAllow Me To Prove That To You

3、#BHUSA BlackHatEventsRemote Code ExecutionAccessing internal cloud environment#BHUSA BlackHatEventsAdmin,Root,And Default Passwords Exposed Via RAGAlmost every word in this list is too sensitive to reveal on stage.#BHUSA BlackHatEventsControlAdmin Sessions#BHUSA BlackHatEventsDavid Brauchler IIINCC

4、Group Technical Director,AI/ML Security Practice Lead Appsec Specialist,Penetration Tester Barbecue Enthusiast Armchair Theologian Obsessed Technologist Retro Gamer,Serial Arcade Hopper#BHUSA BlackHatEventsAgendaRoot Cause AnalysisWhere does risk originate in AI systems?Threat ModelingHow do we eval

5、uate the security of AI environments?Key AI RisksWhere do AI technologies contribute to attack surface?Key Mitigation StrategiesHow do we integrate zero-trust with AI?Lessons LearnedHow do we implement these techniques into real applications?#BHUSA BlackHatEventsGuardrails Are Not Security Boundarie

6、s!Reputational risk is not your greatest risk Asset Confidentiality,Integrity,and Availability reign supremeGuardrails are statistical measures that do not offer“hard”security guarantees Guardrails are defense-in-depth measures,not first-order security controls Every guardrail can and will be bypass