by Cody Dumont
August 5, 2024
In an era of rapidly evolving Artificial Intelligence/Large Language Model (AI/LLM) technologies, cybersecurity practitioners face significant challenges in monitoring unauthorized AI solutions, detecting AI vulnerabilities, and identifying unexpected AI/LLM development. Tenable Security Center leverages advanced detection technologies - agents, passive network monitoring, dynamic application security testing, and distributed scan engines - to surface AI/LLM software, libraries, and browser plugins. The risk managers utilize this report to begin a comprehensive review of the AI/LLM packages in systems and web applications, along with associated vulnerabilities, mitigating risks of exploitation, data leakage, and unauthorized resource consumption.
AI/LLM technologies are promising and can transform many industries and businesses, offering new innovation and efficiency opportunities. However, the technology represents a huge security challenge at many layers and this impact should not be overlooked. By using Tenable Security Center and Tenable Web App Scanning the organization is able to take a security-first approach. When combined with best practices and robust governance policies, the organizations can harness the power of AI/LLM and mitigate the associated emerging threats.
This report provides a detailed view of AI/LLM use by leveraging Nessus plugin (196906) to detect AI/LLM usage in 3 ways: browser extensions, applications, and file paths all common to AI/LLM implementations. AI/LLM vulnerabilities discovered in web applications are identified using the Web Application Scanner, alongside network traffic analysis using the Nessus Network Monitor (NNM). By combining all methods of data collection, the risk managers are able to identify problem areas and other risks associated with AI/LLM.
Chapters
Executive Summary: This chapter provides a detailed view of AI/LLM use by leveraging Nessus plugin (196906) to detect AI/LLM usage in 3 ways: browser extensions, applications, and file paths all common to AI/LLM implementations. AI/LLM vulnerabilities discovered in web applications are identified using the Web Application Scanner, alongside network traffic analysis using the Nessus Network Monitor (NNM).
AI/LLM Browser Extensions Chapter: This chapter provides the details for Assets that we found to have one or more of the AI/LLM detection browser extension plugins detected by Nessus. The chapter will search through plugins that include certain keywords: GPT, CopIlot, or AI. The AI/LLM Browser Detection chart shows the count of plugins related to the detection of GPT, AI, or Copilot AI or LLM browser extensions.
AI/LLM Software Detected Using Nessus: This chapter provides the details for Assets that we found to have one or more of the AI/LLM software plugins detected by Nessus. The introductory matrix provides an indicator for all the matches found in the organization, followed by a a chart and table showing the affected assets.
AI/LLM Usage Detected Using Web Application Security: This chapter provides the details for web application assets that we found to have one or more of the AI\/LLM detection plugins. The LLM/AI Usage Detected by WAS chart shows the count of plugins related to the detection of AI or LLM.