by Cody Dumont
August 5, 2024
In an era of rapidly evolving Artificial Intelligence/Large Language Model (AI/LLM) technologies, cybersecurity practitioners face significant challenges in monitoring unauthorized AI solutions, detecting AI vulnerabilities, and identifying unexpected AI/LLM development. Tenable VM leverages advanced detection technologies - agents, passive network monitoring, dynamic application security testing, and distributed scan engines - to surface AI/LLM software, libraries, and browser plugins. The risk managers utilize this dashboard to begin a comprehensive review of the AI/LLM packages in systems and web applications, along with associated vulnerabilities, mitigating risks of exploitation, data leakage, and unauthorized resource consumption.
This dashboard provides a detailed view of AI/LLM use by leveraging Nessus plugin (196906) to detect AI/LLM usage in 3 ways: browser extensions, applications, and file paths all common to AI/LLM implementations. AI/LLM vulnerabilities discovered in web applications are identified using the Web Application Scanner, alongside network traffic analysis using the Nessus Network Monitor (NNM). By combining all methods of data collection, the risk managers are able to identify problem areas and other risks associated with AI/LLM.
AI/LLM technologies are promising and can transform many industries and businesses, offering new innovation and efficiency opportunities. However, the technology represents a huge security challenge at many layers and this impact should not be overlooked. By using Tenable Vulnerability Management and Tenable Web App Scanning the organization is able to take a security-first approach. When combined with best practices and robust governance policies, the organizations can harness the power of AI/LLM and mitigate the associated emerging threats.
Widgets
AI/LLM Detection Statistics: This widget provides summary counts of AI/LLM use by leveraging Nessus plugin (196906) to detect AI/LLM usage in 3 ways: browser extensions, applications, and file paths all common to AI/LLM implementations. AI/LLM vulnerabilities discovered in web applications are identified using the Web App Scanner, alongside network traffic analysis using the Nessus Network Monitor (NNM). By combining all methods of data collection, the risk managers are able to identify problem areas and other risks associated with AI/LLM.
AI/LLM Browser Extensions: This widget provides summary counts of AI/LLM use by leveraging Nessus plugin (196906). This ring chart uses the Plugin ID filter and Plugin Output filter to show the AI/LLM browser extensions grouped into three search patterns.
Top 5 Most Utilized AI/LLM Applications: This widget provides the counts top 5 utilized AI/LLM applications discovered by Tenable Research. Each label displayed is the pattern added to the plugin output search.
AI/LLM Software Known to Nessus: This widget provides summary counts of AI/LLM use by leveraging Nessus plugin (196906). This column chart uses the Plugin ID filter and Plugin Output filter to show the AI/LLM applications found on assets scanned using Nessus.
Top 10 AI/LLM Browser Plugins: This widget provides the counts top 10 utilized AI/LLM plugin extensions discovered by Tenable Research. Each label displayed is the pattern added to the plugin output search. This search allows the security managers a simplified approach to beginning the understanding into AI usage.
AI/LLM Usage Detected by NNM: Nessus Network Monitor (NNM) examines network traffic to gather and provide our customers insight on device communication in their IT enterprise. The new AI/LLM NNM-based plugins monitor for network communication to known AI/LLM API endpoints as an indicator of AI/LLM tools being installed in our customer’s environment. This table provides a summary of all NNM base detections.
AI/LLM Usage Detected by WAS: This widget brings to focus 23 AI/LLM detection and vulnerability plugins available to Tenable Web App Scanning. The web application scanner plugins detect a multitude of AI/LLM instances, many allow access to publicly accessible LLM instances which enable the ability to convert documents or contents into references used by the selected language model. While other detections find AI/LLM instances that provide a collection of tools to help developers build their own AI service around most popular LLMs. The vulnerability plugins enable the detection of AI assisted attacks such as Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacks.