As the buzz around GenAI security continues to grow, research reports around the burning subject continue to arise. In this article we will share key takeaways from two recent Gartner reports about GenAI related threats, why Astrix was mentioned in them, and the way we see them representing the new security landscape surrounding GenAI.
In the report “Emerging Tech: Top 4 Security Risks of GenAI”, Gartner explains the risks and opportunities that come with the prevalent use of GenAI tools and technologies, from data security and privacy risks to third party black-box style APIs, integrations, and LLMs that rapidly expand organizations’ attack surface.
According to the report, “The use of generative AI (GenAI) large language models (LLMs) and chat interfaces, especially connected to third-party solutions outside the organization firewall, represent a widening of attack surfaces and security threats to enterprises. However, they also offer new opportunities for security technology provider offerings.”
In the report, Astrix is mentioned as a sample vendor in the category of API Risk, Authorization and Access-Control-Oriented. In our view, this mentioning positions Astrix as an enabler for organizations to use these advanced technologies to support growth and innovation, while maintaining security and governance.
In another report “Innovation Guide for Generative AI in Trust, Risk and Security Management” Gartner covers the categories of GenAI risks, and explains why IT leaders need to evaluate emerging TRiSM (Trust, Risk and Security Management) technologies and solutions to better address these new security risks.
Some of the report takeaways suggest that incorporating large language models (LLMs) and generative AI (GenAI) models in enterprise applications presents new risks around three categories – content anomalies, data protection, and AI application security. Since hosting vendors lack comprehensive controls to address these risks, users end up having to seek supplementary solutions, while IT leaders often have to rely on trust when it comes to their data protection by hosting LLM vendors, as they lack the means to independently verify security and privacy controls.
In this report Astrix is mentioned as a Representative Vendor of AI Application Security. According to the report “AI applications include new components to orchestrate the use of the models. This introduces security threats that conventional application security controls do not yet address.” Gartner further details the security threats, one of which is “Unmanaged and unmonitored integration with third-party models offered “as a service” through API calls and other IT supply chain risks.”
To safely navigate the exciting but complex landscape of AI, security teams need robust non-human identity management in order to get visibility into the internal and third-party services employees are connecting, as well as control over permissions and properly evaluate potential security risks.
With Astrix organizations now can:
- Get a full inventory of all AI-tools that are in use or that access core business systems and data, and understand the risks associated with them.
- Understand the full context of each GenAI tool in use: understand the business value of GenAI non-human connections including the usage level (frequency, last maintenance, usage volume), the connection owner, who in the company uses the integration and the marketplace info.
- Reduce attack surface: Ensure all AI-based non-human identities accessing core systems have least privileged access, remove unused connections, and untrusted app vendors.
- Detect anomalous activity and remediate risks: Astrix analyzes and detects malicious behavior such as stolen tokens, internal app abuse and untrusted vendors in real time through IP, user agent and access data anomalies.
- Remediate faster: Easily remediate any posture issues or actual attacks with out-of-the-box policies, automated workflows and end-user interactions.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.