May 23, 2025 • 17 mins
In this episode of the Generative AI Security Podcast, we sit down with Disesdi Susanna Cox, from the OWASP AI Exchange, to explore the cutting-edge of AI security:
🔍 Key topics include:
- The OWASP AI Exchange as a resource for understanding AI security threats.
- Fascinating insights on red teaming, adversarial attacks, and why full coverage may be mathematically impossible.
- How generative AI adoption intersects with predictive AI use cases and security risks.
Learn why staying ahead of AI security trends is crucial and how tools like the OWASP AI Exchange can help!
#AISecurity #GenerativeAI #OWASP #RedTeaming #CyberSecurity
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:02):
This is the Generative AI Security podcast brought to you
by the OSP Top 10 for LLM Apps and Gen.
AI. We'll be talking about pertinent
industry issues around generative AI with our project
leads, contributors, and more. Please click Like and Subscribe
for all of our latest content. Hey community, Aubrey here with
(00:29):
the Generative AI Security podcast and project.
I hope you're all doing well andjoined today by Susanna, who's
representing the OWASP AI Exchange.
How you doing today, Susanna? I'm.
Doing very well, thank you. How are you?
I'm, I'm doing pretty good now. I, I just, I just told you I was
(00:50):
listening to King Giz and LizardWizard before this, so I'm in a
great mood. It's Friday as we record it, so
I'm psyched for the weekend. And do you have any great plans
for the weekend at all? Oh, just to be as outdoors as
much as possible. I'm in.
Yeah. I'm in California in the Bay
Area, and it's absolutely beautiful out.
I keep looking back at the sunlight, thinking I've got to
(01:11):
get outside. That's the goal.
I have nothing but Gray skies and rain here in Rochester, NY,
which is horrible. Oh, thoughts and prayers.
That's thank you. It is.
It is honestly the I think typically it ties with Buffalo
for grayest in the nation most years, which is horrible.
I got to get out of here. I do, I do.
(01:33):
Maybe I'll move to California. I don't know.
We'll see. OK, but be careful because San
Francisco is where I moved to the first time and that is
probably the greatest place in the nation.
At least that's my hypothesis. So if San Francisco is not, Lai
learned that the hard way. No, it definitely isn't.
(01:53):
Those are very, very different places.
West Coast for me, like where I've been I'm I'm very
comfortable with Seattle. That tends to be a a great a
great place for me. I hear Portland is fantastic
too, but I have yet yet to go. You'll live in San Francisco
then. Yeah, well, that's, I was just
talking to my buddy from Portland actually a minute ago,
(02:15):
but people didn't come to hear about cities.
They came to hear about artificial intelligence, right.
So let's, let's start with kind of what what do you do?
How'd you get into cybersecurity?
That's. Oh wow, I.
Just read this so I'm like cheating but go.
Ahead I came up in security culture my family's been doing
(02:36):
security and intelligence work forever, so it was sort of a
natural transition for me. I was doing some physical
security work and then I got theopportunity to learn about some
of the more software oriented aspects of security.
I don't want to say technical because it's all very technical,
but that's when I started getting my hands on computers.
(02:56):
And then subsequently I started noticing some pretty glaring
security flaws in AI systems. This is about 2010, and started
working on the security aspects of that and understanding it.
Eventually I was like, OK, I really need to get my hands on
actual work as a data scientist.So at that point I was like, I'm
(03:19):
going to become a data scientist.
I got my start in natural language processing.
So it's kind of apropos in a sense to the general moment
around generative AI. And that's just where I kind of
jumped in and progressed from there.
So I've done every job up to AI architect pretty much in that
stack. And so I've had a lot of hands
(03:40):
on experience with not just, youknow, the security flaws of the
models or the models themselves,but kind of what it takes to get
models into production, what it takes to train teams.
So that kind of naturally led tothis purple team focus that I
have now, which is how do we de silo AI and cybersecurity and
(04:01):
security in general, and how do we teach people not just how to
do their jobs more effectively, but how to talk to each other?
So that's really my focus of late.
And then I got added into the AIexchange and kind of the rest is
recent history, if you will. So I, I probably describe it
wrong every time I talk about it, but for any of our community
(04:22):
that does not understand what the AI exchange is, you want to
kind of do an overview just so they understand.
Absolutely. This is one of my favorite
topics. This is one of my favorite
resources. If you want to understand AI
security, anything AI security in plain terms that are
applicable to your job right now, the AI Exchange is a go to
(04:43):
resource for that. So it's organized according to
where in the production life cycle these threats and
mitigations occur. You are you have access to
controls, you have access to further research a lot of cases
and all of this is made by people in the field.
So everyone has their own area of expertise.
(05:04):
As we all know, AI security is huge right?
So it takes all types of people to contribute and everyone has
their niche where we're able to either write copy or review and
so forth. And it's just grown into such a
well regarded resource that we are now able to contribute to
international standards, ISO standards and also help
(05:27):
contribute to the requirements for the AI Act itself.
Nice. You know, I one thing I do know
about the project is that you contribute a ton of stuff to
what we do in the top ten as well or for the top 10 within
the Gen. AI security project, right so.
Yeah, I think one of the great things about, because these are
two flagship projects with OS, right?
(05:48):
And so we have really great communication back and forth.
Like I, I joke about there beinga rivalry sometimes, but in the
sense that iron sharpens iron, we have a dialogue.
And when these things feed into each other, it really can only
improve the state of AI security.
Nice. I'm kind of new to that rivalry,
if you will, Like I, I. I made it up.
(06:11):
No, you didn't make it up. There's, there's other people
too that that have mentioned this thing too.
I, I can't remember who it was Iwas talking to at RSA, not this
year, but last year one someone from the the exchange and they
mentioned that too. They're like, yeah, well, our
project's better, literally. We have a better project.
Better. What?
What? No, no, we're our project.
(06:33):
I mean it is, I'm not saying it's better, but it is that no,
I think we have complementary approaches.
And if, if people find ours morehelpful in certain, certain
circumstances or the top 10 morehelpful, great.
Because then AI security is getting better and we're all
getting Better Together. That's that's my two cents, just
and I can say that because we'rebetter.
(06:56):
You bet, but, but I usually talkabout it by saying, you know,
you should pay attention to both.
Honestly, that's, that's typically what I end up talking
to people about when I'm talkingabout, you know, the, you know,
the Jenny I security project. But, but if, if you're paying
attention to us, you probably should also look at this.
(07:16):
So, so I, I think it's great. And the, the, the work that you
guys do is much more widespread than than what we do.
We're we're much more focused than the stuff that you guys
work on. I I sometimes I'm overwhelmed by
the weight of it when I talk to researchers over there so.
Oh, wow, thank you. And we try to be pretty
comprehensive in that, you know,all AI isn't generative AI.
(07:40):
That is a specific type and a fairly recent development for
those of us who are familiar with the Transformer paper and
so forth. And what led up to that?
It's not as recent as some mightthink, but that's a specific
type of AI. And by and large, most business
use case today. And I, you know, I'm saying
(08:01):
loosely most, but it's still going to fall within the
predictive AI rubric. And we see people adopting
generative AI all the time on mass.
But right now it's, we're, we'restill waiting to see how it's
going to shake out in terms of what value the industry is
getting from it and what applications they're going to
find predictive AI. We have people in the trenches
(08:24):
right now that are saying we have these systems, how do we
secure them? So from our perspective, I think
it makes sense to a lot of us tocover both.
Nice, nice. Well, I, I couldn't agree more
now it when I first met you in San Francisco RSA, we talked a
little bit about a paper that you've got forthcoming and I was
(08:46):
hoping that maybe we could teasethat out a little bit.
The only thing that I got out ofit was that, you know it, there
were some assumptions with red teaming that may have been
incorrect. And that right there was enough
to fascinate me. Our, our viewers watch a lot of
red teaming content. Like if, if we do anything on
red teaming, they want to know about it.
So I figured I'd try and bring this to them.
(09:07):
As much as. I could anyways so.
This is this is something that came out of our work for the AI
ACT requirements. And so I'll tell you a little
bit about the back story. We were tasked with finding out,
you know, we're going to have totell people to test for evasion
attacks and we were tasked with finding out, can you offer full
(09:27):
coverage for evasion attacks through testing?
If so, how? What does that look like?
Be specific. And so I actually ended up doing
the research for this and getting into some of the
mathematics of it. And it turns out that no, you
actually cannot achieve full coverage.
In fact, you can't even really certify what amount of coverage
you have achieved because of some of the mathematical
(09:51):
realities of this space. So when you have models, they
have a subspace, if you will, ofadversarial attacks that are
effective on them. And what we found is that, and
there's a, a pretty good body ofliterature on this, what we
found is that these subspaces are very, very large.
(10:11):
So large that a, a, a search forall the attacks is, is in the
realm of NP complete, meaning you're, you're really not going
to be able to provide full coverage.
You're not going to be able to find or map all of the attacks
under these. So what that ends up meaning is
that it, it has some implications for when you're red
(10:32):
teaming systems, how many attacks you're running.
And I talked to providers and they say we run attacks in the
thousands and, you know, OK, butwhen you're looking at something
that's, you know, nearly infinitely large in 25
dimensional space, what amount of coverage do you really have
with that? And there are also some game
theoretic assumptions underlyingthis.
(10:53):
And I think this is where it starts to get kind of spicy
because much of this is already known right in the literature.
Like I, I have papers I can reference to show you this is a
25 dimensional space. It's huge.
So that's not a new thing. But when you take into account
how these attacks are actually performed in the field and how
(11:14):
people who are malicious are trying to employ these, it's
very different from the way thatred teams are testing them.
And so these two aspects combined in their intersection,
I think actually give a potential leg up to attackers in
a way that I think may surprise some people to learn.
(11:37):
Interesting. SO, so you're saying that doing
the red teaming could actually like, so if a security team goes
out and does red teaming againsttheir infrastructure, it could
actually help hackers? Yeah, hit that infrastructure.
Yeah. So unfortunately, any amount of
red teaming attacks you throw are going to generally be based
(12:00):
off of attacks in the literature.
So that's one aspect. Now, a lot of companies have
their own secret sauce and that's their specific method for
generating a tax, and that also contributes A substantial
number. But how much coverage are you
actually achieving? Like how much of this
adversarial subspace are you able to certify that you're
(12:21):
covering, especially when the search space is so huge?
So that's a little bit problematic in and of itself,
but you could still argue that something is better than nothing
maybe. So this is where it starts to
get a little bit technical because we find that in
certified defenses, it's very easy to break these in
adversarial machine learning just by changing a few
(12:42):
parameters. So that's one thing to hold in
your minds when you have a publicly known attacks that
people are running and a slight variance maybe depending on what
their own personal approach is, but nothing nearly approaching
the scale and magnitude of this subspace.
What you've basically done is 2 things you've told adversaries
#1 here's what we already tried,don't bother trying it, and #2
(13:06):
here are variants that you can try and step off of just
slightly, and put yourself outside of the protected zone.
Wow, that's interesting. So what I'm wondering though is
if there's a difference between running your tests in production
versus running your tests in AQAenvironment, is that, I mean,
(13:29):
are you still going to have thatsort of give that leg up if you
run your tests only in QA? Well, I mean, it depends on if
they know who you're contracted with, if everyone is drawing
from the same publicly. I mean, if it is, I'm just
telling you from an attacker perspective, because I come from
the red team here. I'm not going to run attacks in
the literature. I'm going to run attacks that
(13:50):
are slightly different from attacks in the literature,
knowing that I can always iterate slightly further and
further out and still have a good chance of being within the
adversarial subspace just because it's so massive.
So if you as a provider want to give me a list of things that
you've already tried that would have been good attacks, but you
already tried them, that I can iterate off of ever so slightly,
(14:13):
that's helpful information from my perspective.
And that's kind of what I'm hitting at when I talk about the
the game theory behind this. Wow, OK so I should probably ask
this when does this paper come out?
Well, it depends on when they get done with the peer review.
So in the paper I don't really tell people how to do attacks,
(14:35):
but I do lay out the mathematical foundations for and
and I should include my co-author Nicholas Spenzel in
this too. We give the mathematical
foundations for this, and we also have a a new sort of test
that we've come up with, which is a radically different
methodology for testing for evasion attacks specifically.
(14:56):
If you're smart, you can read between the lines and apply this
from a red team perspective. And we're giving it away for
free because we want the industry to improve.
We want the state-of-the-art to advance.
So hopefully that being said, we'll get it out of peer review
soon and I can go into more depth and we can maybe put it up
on archive and so forth and get it into the hands of people that
(15:18):
need to see it. OK, so then boy, that, that
that's intriguing. I'm I'm excited.
I guess people are just gonna have to pay attention to your
project. That's where it will be
released, right? So.
I will be. Just more reason to follow the
exchange I would think. Absolutely.
And as soon as we have, I mean, we're, if we're on the bleeding
(15:40):
edge of setting the requirementsthat companies are going to need
to follow, it makes sense to to get ahead of the curve and start
paying attention to the exchangeright now.
You can also subscribe to my newsletter, Shameless Flood,
because I'm giving AI security Intelligence for free.
I'm giving it to you in a brief that you can read.
(16:01):
And I can also give you further research if you are the type of
person that wants to do a deep dive into the technical
specifications of this. So subscribe if you want, it's
free. And definitely follow the OAS AI
exchange if you want to be aheadof the curve on AI security.
That's fantastic advice. I love it.
(16:21):
On that, I guess I'll say thank you.
I appreciate your time, especially on a Friday.
Suzanne, it's really great to see you.
Thank you so much for having me.I really appreciate all the work
that you do in this space. This has been a blast, thanks.
Thank you and thank you community for tuning in.
We really appreciate it. Don't forget to check us out,
click like and subscribe Gen. AI security podcast for the Gen.
(16:45):
AI Security project. I'm Aubrey and I will see you on
the next one. Stick around.
For checking out the Generative AI Security Podcast, don't
forget to click Like and subscribe and we'll catch you on
the next one.
This is the Generative AI Security podcast brought to you
by the OSP Top 10 for LLM Apps and Gen.
AI. We'll be talking about pertinent
industry issues around generative AI with our project
leads, contributors, and more. Please click Like and Subscribe
for all of our latest content. Hey community, Aubrey here with
(00:29):
the Generative AI Security podcast and project.
I hope you're all doing well andjoined today by Susanna, who's
representing the OWASP AI Exchange.
How you doing today, Susanna? I'm.
Doing very well, thank you. How are you?
I'm, I'm doing pretty good now. I, I just, I just told you I was
(00:50):
listening to King Giz and LizardWizard before this, so I'm in a
great mood. It's Friday as we record it, so
I'm psyched for the weekend. And do you have any great plans
for the weekend at all? Oh, just to be as outdoors as
much as possible. I'm in.
Yeah. I'm in California in the Bay
Area, and it's absolutely beautiful out.
I keep looking back at the sunlight, thinking I've got to
(01:11):
get outside. That's the goal.
I have nothing but Gray skies and rain here in Rochester, NY,
which is horrible. Oh, thoughts and prayers.
That's thank you. It is.
It is honestly the I think typically it ties with Buffalo
for grayest in the nation most years, which is horrible.
I got to get out of here. I do, I do.
(01:33):
Maybe I'll move to California. I don't know.
We'll see. OK, but be careful because San
Francisco is where I moved to the first time and that is
probably the greatest place in the nation.
At least that's my hypothesis. So if San Francisco is not, Lai
learned that the hard way. No, it definitely isn't.
(01:53):
Those are very, very different places.
West Coast for me, like where I've been I'm I'm very
comfortable with Seattle. That tends to be a a great a
great place for me. I hear Portland is fantastic
too, but I have yet yet to go. You'll live in San Francisco
then. Yeah, well, that's, I was just
talking to my buddy from Portland actually a minute ago,
(02:15):
but people didn't come to hear about cities.
They came to hear about artificial intelligence, right.
So let's, let's start with kind of what what do you do?
How'd you get into cybersecurity?
That's. Oh wow, I.
Just read this so I'm like cheating but go.
Ahead I came up in security culture my family's been doing
(02:36):
security and intelligence work forever, so it was sort of a
natural transition for me. I was doing some physical
security work and then I got theopportunity to learn about some
of the more software oriented aspects of security.
I don't want to say technical because it's all very technical,
but that's when I started getting my hands on computers.
(02:56):
And then subsequently I started noticing some pretty glaring
security flaws in AI systems. This is about 2010, and started
working on the security aspects of that and understanding it.
Eventually I was like, OK, I really need to get my hands on
actual work as a data scientist.So at that point I was like, I'm
(03:19):
going to become a data scientist.
I got my start in natural language processing.
So it's kind of apropos in a sense to the general moment
around generative AI. And that's just where I kind of
jumped in and progressed from there.
So I've done every job up to AI architect pretty much in that
stack. And so I've had a lot of hands
(03:40):
on experience with not just, youknow, the security flaws of the
models or the models themselves,but kind of what it takes to get
models into production, what it takes to train teams.
So that kind of naturally led tothis purple team focus that I
have now, which is how do we de silo AI and cybersecurity and
(04:01):
security in general, and how do we teach people not just how to
do their jobs more effectively, but how to talk to each other?
So that's really my focus of late.
And then I got added into the AIexchange and kind of the rest is
recent history, if you will. So I, I probably describe it
wrong every time I talk about it, but for any of our community
(04:22):
that does not understand what the AI exchange is, you want to
kind of do an overview just so they understand.
Absolutely. This is one of my favorite
topics. This is one of my favorite
resources. If you want to understand AI
security, anything AI security in plain terms that are
applicable to your job right now, the AI Exchange is a go to
(04:43):
resource for that. So it's organized according to
where in the production life cycle these threats and
mitigations occur. You are you have access to
controls, you have access to further research a lot of cases
and all of this is made by people in the field.
So everyone has their own area of expertise.
(05:04):
As we all know, AI security is huge right?
So it takes all types of people to contribute and everyone has
their niche where we're able to either write copy or review and
so forth. And it's just grown into such a
well regarded resource that we are now able to contribute to
international standards, ISO standards and also help
(05:27):
contribute to the requirements for the AI Act itself.
Nice. You know, I one thing I do know
about the project is that you contribute a ton of stuff to
what we do in the top ten as well or for the top 10 within
the Gen. AI security project, right so.
Yeah, I think one of the great things about, because these are
two flagship projects with OS, right?
(05:48):
And so we have really great communication back and forth.
Like I, I joke about there beinga rivalry sometimes, but in the
sense that iron sharpens iron, we have a dialogue.
And when these things feed into each other, it really can only
improve the state of AI security.
Nice. I'm kind of new to that rivalry,
if you will, Like I, I. I made it up.
(06:11):
No, you didn't make it up. There's, there's other people
too that that have mentioned this thing too.
I, I can't remember who it was Iwas talking to at RSA, not this
year, but last year one someone from the the exchange and they
mentioned that too. They're like, yeah, well, our
project's better, literally. We have a better project.
Better. What?
What? No, no, we're our project.
(06:33):
I mean it is, I'm not saying it's better, but it is that no,
I think we have complementary approaches.
And if, if people find ours morehelpful in certain, certain
circumstances or the top 10 morehelpful, great.
Because then AI security is getting better and we're all
getting Better Together. That's that's my two cents, just
and I can say that because we'rebetter.
(06:56):
You bet, but, but I usually talkabout it by saying, you know,
you should pay attention to both.
Honestly, that's, that's typically what I end up talking
to people about when I'm talkingabout, you know, the, you know,
the Jenny I security project. But, but if, if you're paying
attention to us, you probably should also look at this.
(07:16):
So, so I, I think it's great. And the, the, the work that you
guys do is much more widespread than than what we do.
We're we're much more focused than the stuff that you guys
work on. I I sometimes I'm overwhelmed by
the weight of it when I talk to researchers over there so.
Oh, wow, thank you. And we try to be pretty
comprehensive in that, you know,all AI isn't generative AI.
(07:40):
That is a specific type and a fairly recent development for
those of us who are familiar with the Transformer paper and
so forth. And what led up to that?
It's not as recent as some mightthink, but that's a specific
type of AI. And by and large, most business
use case today. And I, you know, I'm saying
(08:01):
loosely most, but it's still going to fall within the
predictive AI rubric. And we see people adopting
generative AI all the time on mass.
But right now it's, we're, we'restill waiting to see how it's
going to shake out in terms of what value the industry is
getting from it and what applications they're going to
find predictive AI. We have people in the trenches
(08:24):
right now that are saying we have these systems, how do we
secure them? So from our perspective, I think
it makes sense to a lot of us tocover both.
Nice, nice. Well, I, I couldn't agree more
now it when I first met you in San Francisco RSA, we talked a
little bit about a paper that you've got forthcoming and I was
(08:46):
hoping that maybe we could teasethat out a little bit.
The only thing that I got out ofit was that, you know it, there
were some assumptions with red teaming that may have been
incorrect. And that right there was enough
to fascinate me. Our, our viewers watch a lot of
red teaming content. Like if, if we do anything on
red teaming, they want to know about it.
So I figured I'd try and bring this to them.
(09:07):
As much as. I could anyways so.
This is this is something that came out of our work for the AI
ACT requirements. And so I'll tell you a little
bit about the back story. We were tasked with finding out,
you know, we're going to have totell people to test for evasion
attacks and we were tasked with finding out, can you offer full
(09:27):
coverage for evasion attacks through testing?
If so, how? What does that look like?
Be specific. And so I actually ended up doing
the research for this and getting into some of the
mathematics of it. And it turns out that no, you
actually cannot achieve full coverage.
In fact, you can't even really certify what amount of coverage
you have achieved because of some of the mathematical
(09:51):
realities of this space. So when you have models, they
have a subspace, if you will, ofadversarial attacks that are
effective on them. And what we found is that, and
there's a, a pretty good body ofliterature on this, what we
found is that these subspaces are very, very large.
(10:11):
So large that a, a, a search forall the attacks is, is in the
realm of NP complete, meaning you're, you're really not going
to be able to provide full coverage.
You're not going to be able to find or map all of the attacks
under these. So what that ends up meaning is
that it, it has some implications for when you're red
(10:32):
teaming systems, how many attacks you're running.
And I talked to providers and they say we run attacks in the
thousands and, you know, OK, butwhen you're looking at something
that's, you know, nearly infinitely large in 25
dimensional space, what amount of coverage do you really have
with that? And there are also some game
theoretic assumptions underlyingthis.
(10:53):
And I think this is where it starts to get kind of spicy
because much of this is already known right in the literature.
Like I, I have papers I can reference to show you this is a
25 dimensional space. It's huge.
So that's not a new thing. But when you take into account
how these attacks are actually performed in the field and how
(11:14):
people who are malicious are trying to employ these, it's
very different from the way thatred teams are testing them.
And so these two aspects combined in their intersection,
I think actually give a potential leg up to attackers in
a way that I think may surprise some people to learn.
(11:37):
Interesting. SO, so you're saying that doing
the red teaming could actually like, so if a security team goes
out and does red teaming againsttheir infrastructure, it could
actually help hackers? Yeah, hit that infrastructure.
Yeah. So unfortunately, any amount of
red teaming attacks you throw are going to generally be based
(12:00):
off of attacks in the literature.
So that's one aspect. Now, a lot of companies have
their own secret sauce and that's their specific method for
generating a tax, and that also contributes A substantial
number. But how much coverage are you
actually achieving? Like how much of this
adversarial subspace are you able to certify that you're
(12:21):
covering, especially when the search space is so huge?
So that's a little bit problematic in and of itself,
but you could still argue that something is better than nothing
maybe. So this is where it starts to
get a little bit technical because we find that in
certified defenses, it's very easy to break these in
adversarial machine learning just by changing a few
(12:42):
parameters. So that's one thing to hold in
your minds when you have a publicly known attacks that
people are running and a slight variance maybe depending on what
their own personal approach is, but nothing nearly approaching
the scale and magnitude of this subspace.
What you've basically done is 2 things you've told adversaries
#1 here's what we already tried,don't bother trying it, and #2
(13:06):
here are variants that you can try and step off of just
slightly, and put yourself outside of the protected zone.
Wow, that's interesting. So what I'm wondering though is
if there's a difference between running your tests in production
versus running your tests in AQAenvironment, is that, I mean,
(13:29):
are you still going to have thatsort of give that leg up if you
run your tests only in QA? Well, I mean, it depends on if
they know who you're contracted with, if everyone is drawing
from the same publicly. I mean, if it is, I'm just
telling you from an attacker perspective, because I come from
the red team here. I'm not going to run attacks in
the literature. I'm going to run attacks that
(13:50):
are slightly different from attacks in the literature,
knowing that I can always iterate slightly further and
further out and still have a good chance of being within the
adversarial subspace just because it's so massive.
So if you as a provider want to give me a list of things that
you've already tried that would have been good attacks, but you
already tried them, that I can iterate off of ever so slightly,
(14:13):
that's helpful information from my perspective.
And that's kind of what I'm hitting at when I talk about the
the game theory behind this. Wow, OK so I should probably ask
this when does this paper come out?
Well, it depends on when they get done with the peer review.
So in the paper I don't really tell people how to do attacks,
(14:35):
but I do lay out the mathematical foundations for and
and I should include my co-author Nicholas Spenzel in
this too. We give the mathematical
foundations for this, and we also have a a new sort of test
that we've come up with, which is a radically different
methodology for testing for evasion attacks specifically.
(14:56):
If you're smart, you can read between the lines and apply this
from a red team perspective. And we're giving it away for
free because we want the industry to improve.
We want the state-of-the-art to advance.
So hopefully that being said, we'll get it out of peer review
soon and I can go into more depth and we can maybe put it up
on archive and so forth and get it into the hands of people that
(15:18):
need to see it. OK, so then boy, that, that
that's intriguing. I'm I'm excited.
I guess people are just gonna have to pay attention to your
project. That's where it will be
released, right? So.
I will be. Just more reason to follow the
exchange I would think. Absolutely.
And as soon as we have, I mean, we're, if we're on the bleeding
(15:40):
edge of setting the requirementsthat companies are going to need
to follow, it makes sense to to get ahead of the curve and start
paying attention to the exchangeright now.
You can also subscribe to my newsletter, Shameless Flood,
because I'm giving AI security Intelligence for free.
I'm giving it to you in a brief that you can read.
(16:01):
And I can also give you further research if you are the type of
person that wants to do a deep dive into the technical
specifications of this. So subscribe if you want, it's
free. And definitely follow the OAS AI
exchange if you want to be aheadof the curve on AI security.
That's fantastic advice. I love it.
(16:21):
On that, I guess I'll say thank you.
I appreciate your time, especially on a Friday.
Suzanne, it's really great to see you.
Thank you so much for having me.I really appreciate all the work
that you do in this space. This has been a blast, thanks.
Thank you and thank you community for tuning in.
We really appreciate it. Don't forget to check us out,
click like and subscribe Gen. AI security podcast for the Gen.
(16:45):
AI Security project. I'm Aubrey and I will see you on
the next one. Stick around.
For checking out the Generative AI Security Podcast, don't
forget to click Like and subscribe and we'll catch you on
the next one.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
Amy Robach & T.J. Holmes present: Aubrey O’Day, Covering the Diddy Trial
Introducing… Aubrey O’Day Diddy’s former protege, television personality, platinum selling music artist, Danity Kane alum Aubrey O’Day joins veteran journalists Amy Robach and TJ Holmes to provide a unique perspective on the trial that has captivated the attention of the nation. Join them throughout the trial as they discuss, debate, and dissect every detail, every aspect of the proceedings. Aubrey will offer her opinions and expertise, as only she is qualified to do given her first-hand knowledge. From her days on Making the Band, as she emerged as the breakout star, the truth of the situation would be the opposite of the glitz and glamour. Listen throughout every minute of the trial, for this exclusive coverage. Amy Robach and TJ Holmes present Aubrey O’Day, Covering the Diddy Trial, an iHeartRadio podcast.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.