January 09, 2025

Google’s James Brodsky on Securing AI and Building Security Ecosystems

Listen Later

26 minutes

In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky, Head of Global Security Architects at Google, who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era.

James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security.

Topics discussed:

The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks.

How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies.

Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise.

How fundamental security practices remain crucial for AI applications, focusing on data access control and protection.

How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity.

The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges.

Key Takeaways:

Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures.

Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices.

Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training.

Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration.

Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance.

Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development.

Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets.

Use tools like NotebookLM to stay current with security research and white papers while managing information overload.

Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection.

Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Future of Threat Intelligence

By Team Cymru

4.5

1111 ratings

January 09, 2025

Google’s James Brodsky on Securing AI and Building Security Ecosystems

Listen Later

26 minutes

In our latest episode of the Future of Threat Intelligence podcast, David is joined by James Brodsky, Head of Global Security Architects at Google, who shares insights from his extensive career in cybersecurity. Drawing from his experience at Splunk, Okta, and now Google, James discusses the challenges of securing AI applications and infrastructure, emphasizing the importance of basic security hygiene in the AI era.

James walks David through Google's approach to AI security through their SAFE framework, the critical role of partnerships in building comprehensive security solutions, and the importance of continuous learning in cybersecurity. James also introduces tools like Model Armor and NotebookLM that are shaping the future of AI security.

Topics discussed:

The multiple layers of protection needed for AI systems, from infrastructure to model security, including protection against prompt injection attacks.

How Google's SAFE framework ensures privacy-first approach to AI implementation, with strict data usage and training policies.

Why even large organizations like Google need strategic partnerships for comprehensive security coverage and specialized expertise.

How fundamental security practices remain crucial for AI applications, focusing on data access control and protection.

How continuous learning through CTFs, podcasts, and hands-on experience is essential for staying current in cybersecurity.

The value of focusing on hiring passionate, curious individuals who continuously learn and adapt to new challenges.

Key Takeaways:

Implement foundational security controls for AI applications, focusing first on data location, access controls, and DLP before advancing to more complex measures.

Review OWASP's top 10 list for protecting LLMs and Google's SAFE framework as starting points for AI security best practices.

Establish clear data privacy protocols for AI models, including explicit policies about how customer data is used in model training.

Monitor AI applications for unusual behaviors like prompt injection attacks, model poisoning, and unauthorized data exfiltration.

Develop detection mechanisms for AI-driven threats like deepfake meetings by correlating calendar data with video conference attendance.

Leverage free or low-cost learning resources like CTFs, security podcasts, and platforms like Google Cloud Skills Boost for team development.

Create partnerships to fill security gaps, especially in areas requiring specialized expertise or unique data sets.

Use tools like NotebookLM to stay current with security research and white papers while managing information overload.

Maintain regular security hygiene practices for AI applications, including access control, authentication, and data protection.

Build security teams with diverse skill sets, prioritizing curiosity and continuous learning mindsets.

...more

More shows like Future of Threat Intelligence

Global News Podcast by BBC World Service

Global News Podcast

7,710 Listeners

WSJ What’s News by The Wall Street Journal

WSJ What’s News

4,357 Listeners

WSJ Tech News Briefing by The Wall Street Journal

WSJ Tech News Briefing

1,637 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

637 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,023 Listeners

The Daily by The New York Times

The Daily

112,351 Listeners

Click Here by Recorded Future News

Click Here

415 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,013 Listeners

Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security

Talkin' About [Infosec] News, Powered by Black Hills Information Security

94 Listeners

True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics by SPYSCAPE

True Spies: Espionage | Investigation | Crime | Murder | Detective | Politics

1,963 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

137 Listeners

Security Matters by CyberArk

Security Matters

22 Listeners

Bloomberg Tech by Bloomberg

Bloomberg Tech

60 Listeners

Microsoft Threat Intelligence Podcast by Microsoft

Microsoft Threat Intelligence Podcast

22 Listeners

Better Offline by Cool Zone Media and iHeartPodcasts

Better Offline

548 Listeners