by Cody Dumont
August 5, 2024
In an era of rapidly evolving Artificial Intelligence/Large Language Model (AI/LLM) technologies, cybersecurity practitioners face significant challenges in monitoring unauthorized AI solutions, detecting AI vulnerabilities, and identifying unexpected AI/LLM development. Tenable Security Center leverages advanced detection technologies - agents, passive network monitoring, dynamic application security testing, and distributed scan engines - to surface AI/LLM software, libraries, and browser plugins. The risk managers utilize this dashboard to begin a comprehensive review of the AI/LLM packages in systems and web applications, along with associated vulnerabilities, mitigating risks of exploitation, data leakage, and unauthorized resource consumption.
This dashboard provides a detailed view of AI/LLM use by leveraging Nessus plugin (196906) to detect AI/LLM usage in 3 ways: browser extensions, applications, and file paths all common to AI/LLM implementations. AI/LLM vulnerabilities discovered in web applications are identified using the Web Application Scanner, alongside network traffic analysis using the Nessus Network Monitor (NNM). By combining all methods of data collection, the risk managers are able to identify problem areas and other risks associated with AI/LLM.
AI/LLM technologies are promising and can transform many industries and businesses, offering new innovation and efficiency opportunities. However, the technology represents a huge security challenge at many layers and this impact should not be overlooked. By using Tenable Security Center and Tenable Web App Scanning the organization is able to take a security-first approach. When combined with best practices and robust governance policies, the organizations can harness the power of AI/LLM and mitigate the associated emerging threats.
Components
AI/LLM Software Known to Nessus: This matrix provides summary counts of AI/LLM use by leveraging Nessus plugin (196906). This column chart uses the Plugin ID filter and Plugin Output filter to show the AI/LLM applications found on assets scanned using Nessus. Each label displayed is the pattern added to the plugin output search. This search allows the security managers a simplified approach to beginning the understanding into AI usage.
AI/LLM Top 5 Applications: This matrix provides the counts top 5 utilized AI/LLM applications discovered by Tenable Research. The cells use the Plugin ID (196906) and Plugin Output filter to show the AI/LLM application. Each label displayed is the pattern added to the plugin output search. This search allows the security managers a simplified approach to beginning the understanding into AI usage. The top 5 utilized list consists of: TensorFlow, NumPy, H2O Flow, HuggingFace, and scikit-learn.
AI/LLM Detection Statistics: This matrix provides summary counts of AI/LLM use by leveraging Nessus plugin (196906) to detect AI/LLM usage in 3 ways: browser extensions, applications, and file paths all common to AI/LLM implementations. AI/LLM vulnerabilities discovered in web applications are identified using the Web App Scanner, alongside network traffic analysis using the Nessus Network Monitor (NNM). By combining all methods of data collection, the risk managers are able to identify problem areas and other risks associated with AI/LLM.
AI/LLM Software Detected by NNM & WAS: AI/LLM vulnerabilities discovered in web applications are identified using the Web Application Scanner, alongside network traffic analysis using the Nessus Network Monitor (NNM). By combining all methods of data collection, the risk managers are able to identify problem areas and other risks associated with AI/LLM.
AI/LLM Browser Extensions: This matrix provides summary counts of AI/LLM use by leveraging Nessus plugin (196906). The cells use the Plugin ID filter and Plugin Output filter to show the AI/LLM browser extensions grouped into three search patterns. Each label displayed is the pattern added to the plugin output search. This search allows the security managers a simplified approach to beginning the understanding into AI usage.