Highlights:

  • The service’s scope covers reporting on instances of SageMaker from Amazon Web Services, Vertex AI from Google Cloud Platform, Microsoft Azure Cognitive Research, as well as all three of the major cloud platforms.
  • Data breaches and model poisoning attacks can be avoided by using a different rule set that can identify and assist in appropriately securing sensitive model training data.

Wiz Inc. has released new additions to its cloud-native application protection platform series of products that pertain to artificial intelligence.

A range of defensive techniques are combined by CNAPP tools to safeguard source code pipelines, strengthen authentication and encryption processes, remediate attacks, and protect access restrictions.

The company highlights a challenge called “shadow AI,” or AI programs put forth without any support or knowledge of the security or other technology departments. While introducing the new features, the company mentioned, “This makes it hard to ensure security in an enterprise’s AI pipeline and to protect against AI misconfigurations and vulnerabilities.”

The product, AI Security, uses technology to handle security posture management. Using a graphical dashboard, this locates and monitors the resources used in a company’s AI pipeline.

The service’s scope covers reporting on instances of SageMaker from Amazon Web Services, Vertex AI from Google Cloud Platform, and Microsoft Azure Cognitive Research. Using a predefined set of rules, it also looks for misconfigured services, raising red flags for things like the usage of public IP addresses or missing data encryption.

Data breaches and model poisoning attacks can be avoided by using a different rule set that can identify and assist in appropriately securing sensitive model training data.

A second set of characteristics is employed for attack path analysis unique to AI-related workflows, such as revealed secrets, issues with the AI pipeline, and model misconfigurations.

Though it isn’t, Wiz says it is the only CNAPP vendor to provide this degree of AI security. Several additional vendors, including Datadog Inc., Radiant Security Inc., Palo Alto Networks Inc., and Orca Security Ltd., to name a few, have started expanding the scope of their security systems to incorporate an AI threat emphasis. Wiz’s threat data visualization is its most vital point; it helps security analysts find and address issues more rapidly.