In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky, Head of Global Security Architects at Google, who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era.

James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security.

Topics discussed:

• The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks.
• How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies.
• Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise.
• How fundamental security practices remain crucial for AI applications, focusing on data access control and protection.
• How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity.
• The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges.

Key Takeaways:

• Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures.
• Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices.
• Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training.
• Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration.
• Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance.
• Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development.
• Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets.
• Use tools like NotebookLM to stay current with security research and white papers while managing information overload.
• Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection.
• Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.