Name: Attack on AI Systems: Understanding the Vulnerabilities and Risks
Start: 2025-02-25T16:00:00Z
End: 2025-02-25T16:00:48.000Z
Location: BrightTALK
Rating: 4.4

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

AI systems are rapidly transforming customer experiences and operational efficiency. However, this technological revolution brings unprecedented privacy challenges as financial institutions process vast amounts of sensitive customer data through increasingly complex AI models. With regulatory scrutiny intensifying and customer trust at stake, financial organizations need to adopt structured governance approaches that protect data integrity from the ground up.

The intersection of AI innovation and privacy regulation creates a critical tension for financial services companies. Traditional compliance approaches often fail when applied to dynamic AI systems, creating significant business risk. This session introduces a practical Privacy by Design framework specifically tailored for financial AI applications, demonstrating how embedding privacy controls throughout the AI development lifecycle not only ensures compliance but creates competitive advantage. You'll discover how leading financial institutions are implementing privacy-aware checkpoints that maintain development agility while satisfying regulatory requirements across multiple jurisdictions.

Join this session to transform how your organization governs AI systems and protects customer financial data.

Key Takeaways:

- Practical techniques for operationalizing Privacy by Design principles within financial AI development workflows
- Strategic approaches to balance innovation speed with regulatory compliance in AI-driven financial products
- Methods to demonstrate privacy compliance to regulators while maintaining competitive development timelines
- Framework for measuring privacy effectiveness in AI systems that process sensitive financial information

Proactive AI Governance: Implementing Privacy by Design in Financial Systems

In today's regulatory landscape, cybersecurity professionals face unprecedented personal legal exposure. The growth of data breach litigation has shifted from targeting only organizations to holding individual security practitioners accountable. With regulatory frameworks like EU DORA and NIS 2 establishing stringent compliance requirements, professional decisions carry significant personal legal implications for cybersecurity leaders. 

The modern cybersecurity professional has to navigate a complex web of legal obligations while effectively responding to incidents. Understanding the legal ramifications of incident response decisions—from ransomware payment considerations to breach notification requirements—has become as crucial as technical expertise. For CISOs and security managers, developing strategies that balance operational security needs with regulatory compliance is no longer optional but critical for professional survival in this high-stakes environment. 

Join Dr. Ilia Kolochenko (CEO at ImmuniWeb and attorney-at-law) to discover a practical legal roadmap for cybersecurity practitioners facing increased personal liability. 

Key Takeaways: 

- Understand the specific personal liability risks for cybersecurity professionals under current regulatory frameworks including EU DORA and NIS 2 
- Learn legally-sound incident response protocols that protect both your organization and your professional standing 
- Identify critical pitfalls in cybersecurity insurance coverage that could leave you personally exposed 
- Develop practical strategies to document security decisions and demonstrate due care to mitigate personal legal exposure 
- Master the balance between technical security requirements and legal compliance obligations in your daily practice

Cyber Law & Incident Response: Navigating Personal Liability in Cybersecurity

The explosion of cloud, AI and decentralized IT has created a perfect storm for data breaches. Traditional, perimeter-focused security strategies are no longer sufficient to protect sensitive information in this dynamic landscape. As sophisticated threats bypass legacy defenses and compliance regulations become more stringent, organizations face mounting risks and potential financial repercussions.

Today’s CIOs and security leaders need a new approach – one that prioritizes data visibility, access control, and encryption, wherever data resides. In this session, we'll dissect the core principles of a data-centric security model, exploring how it empowers businesses to proactively mitigate risks, reduce attack surfaces, and ensure regulatory compliance. We'll cut through the hype and offer practical strategies and emerging technologies that drive real results, showcasing how forward-thinking organizations are successfully navigating the complexities of modern data security.

Join Dr. Abilio Oliveira, Consultant, TOGAF Distinguished Architect, to get a roadmap to future-proof your data security posture in 2025 and beyond.

Key Takeaways:

Understand why perimeter-based security fails in the cloud era, necessitating a data-centric shift.
Learn the core principles of data-centric security, including data visibility, access control, and encryption.
Explore practical strategies and emerging technologies for proactive data protection and attack surface reduction.
Gain insights from real-world success stories of organizations improving risk and compliance with modern data security.

A New Vision for Data Security in the Cloud Age

Sensitive customer data, proprietary algorithms and confidential business information are now routinely fed into generative AI systems that weren't architected with enterprise-grade security in mind. This fundamental disconnect has created a perfect storm for data leakage, with 73% of enterprises experiencing breaches averaging $4.8 million each in the past year alone. As these tools become embedded across critical workflows, the security risks are growing exponentially.

As enterprises rush to implement GenAI capabilities, security teams face unprecedented challenges in protecting confidential information across the entire AI pipeline—from prompt engineering to model training and output generation. Without the right safeguards in place, organizations risk exposing proprietary data, violating privacy regulations and undermining customer trust. Implementing comprehensive security controls specifically designed for AI workflows has become essential for responsible innovation.

Join Gopinath Manimayan, Software Solution Architect at UST to discover practical strategies for securing sensitive data throughout your GenAI ecosystem while maintaining AI functionality and performance.

Key Takeaways:

- Understand where and how sensitive data can leak in GenAI workflows (prompts, vector stores, outputs, etc.)
- Learn to implement effective guardrails for prompt input, model output and vector database layers
- Discover tools and frameworks for redaction, classification and AI content filtering
- Explore how confidential computing can protect AI inference in high-trust environments
- Gain actionable steps to align GenAI usage with privacy laws and enterprise compliance standards

Confidential AI: Protecting Sensitive Data in GenAI Workflows

Hidden in plain sight, thousands of spreadsheets containing your organization's most sensitive data exist in a precarious state of quantum uncertainty, simultaneously secure and compromised until someone actually checks. Scattered across email inboxes, personal laptops, shared drives, and cloud storage — these files represent significant yet often overlooked security vulnerabilities. Like Schrödinger's famous cat paradox, organizations operate under the assumption that their spreadsheet data remains secure until someone actually examines their protection measures. This is a gamble that increasingly leads to costly data breaches and compliance violations.

The challenge lies not just in identifying these dispersed assets but implementing effective protection without disrupting productivity. As regulatory requirements tighten and cyber threats evolve, traditional approaches to spreadsheet security fall dangerously short. Organizations dependent on Excel and similar platforms require specialized strategies that balance robust protection with practical usability, addressing weak access controls, unregulated sharing practices and inadequate encryption that leave sensitive financial, customer and operational data exposed to both internal and external threats.

This presentation delivers actionable, next-generation strategies to transform spreadsheet chaos into a secure, compliant data ecosystem.

Key Takeaways:

- Practical techniques to identify and classify at-risk spreadsheets across your organization's digital landscape
- Implementation strategies for access controls and encryption specifically designed for Excel and similar platforms
- Methods to integrate spreadsheet security into your broader data protection framework without disrupting workflow
- Policy development guidelines that address both compliance requirements and operational needs
- Real-world examples of how leading organizations have successfully secured their spreadsheet environments

Securing Schrodinger's Spreadsheets: Next-Generation Protection

It is well understood that the security perimeter is broken. This is why Gartner has reported that 63% of organizations worldwide have implemented a zero trust strategy. Zero trust is not a product but a framework to provide a holistic view on cybersecurity for the entire organization. Implementing zero trust goes beyond technical implementations but also requires a cultural shift. Everyone must actively contribute to its success. To be truly successful in implementing zero trust requires values that are shared across the business and adopted from top to bottom.        

The presentation will provide useful insight and information, including examples, on the cultural shift that will occur when fostering a zero trust mindset. This will allow everyone to recognize the importance of their contributions to the overall security of the business.

Join this discussion to learn:

- Understand how cybersecurity culture is a key component to reduce risk and enhance resilience
- Explore how the zero trust framework changes the way people view cybersecurity
- How to avoid the pitfalls associated with zero trust adoption
- Methods which encourage people, including senior leadership, to embrace the principals of zero trust
- Leverage the zero trust mindset to foster adaptability in the face of an ever-evolving threat landscape
- How other organizations have been able to develop a zero trust cybersecurity mindset

The Zero Trust Mindset: Getting Everyone Onboard

Zero Trust Architectures (ZTA) have become a cornerstone of modern security strategies in the era of sophisticated cyber threats and ever-expanding and morphing attack surfaces. But how can organizations ensure their zero trust frameworks stay adaptive, intelligent, and resilient? Enter artificial intelligence (AI) and machine learning (ML)—the ultimate dynamic duo for elevating zero trust to the next level.

 This session delves into the powerful synergy between AI and ML and their role in strengthening zero trust principles. From real-time user behavior analysis and anomaly detection to predictive threat modeling and dynamic policy enforcement, AI and ML are transforming the way organizations approach security. Attendees will gain insights into practical use cases, including automating access controls, enhancing endpoint security, and optimizing network segmentation. Discover how these technologies can help your organization build a zero trust architecture that evolves with the threat landscape and ensures robust protection for your critical assets.

AI and ML: The Dynamic Duo for Strengthening Zero Trust Architecture

A lot of hype has recently been showered on AI working in sync with network security perimeter tools with the intention to enhance threat intelligence gathering. Nevertheless, the people aspect of the people-process-technology triad is still vital. Even better, it still works best with open-source threat intelligence. 

In this presentation, industry thought leader Ralph Villanueva will highlight while automating threat intelligence is great, the human factor in gathering timely and critical information from open sources is equally important. Companies cannot simply rely solely on AI algorithms despite the hype.

OSINT Threat Intelligence: Still a Reliable Tool Amidst the AI and Machine Learning Hype

Traditional security measures like firewalls and antivirus software have become necessary but insufficient guardians of your organization's digital assets. As cyber threats grow increasingly sophisticated and persistent, businesses face unprecedented challenges that require a fundamental shift in how we approach security— moving from reactive incident response to proactive threat prevention and management.

Implementing a strategic Security Operations (SecOps) program represents a critical evolution in cybersecurity practice. By thoughtfully orchestrating the right combination of skilled personnel, advanced automation tools, and threat intelligence methodologies, organizations can dramatically enhance their security posture while optimizing operational efficiency. This approach doesn't just protect your business—it enables digital transformation initiatives to proceed with confidence in an environment where threats are constantly evolving.

Join this session to discover how to build a resilient, proactive SecOps program that transforms your cybersecurity from a business constraint to a business enabler.

Key Takeaways: 

- Learn the essential components of a modern SecOps program and how they work together to create a comprehensive security framework 
- Understand how to effectively integrate personnel, automation, and threat intelligence for maximum security effectiveness 
- Discover practical strategies for transitioning from reactive to proactive security operations 
- Gain insights into measuring the business value and ROI of your SecOps investments 
- Explore real-world examples of successful SecOps implementations and their impact on organizational resilience

Strengthening Your Cybersecurity through a Strategic Security Operations Program

Learn how to create a unified approach to security and operations by overcoming organizational resistance and bridging gaps between teams. 

Tune into this in-depth webinar from TD Bank's Application Release Engineer Pankul Chitrav as she shares:
- Techniques for aligning security and operations teams towards shared objectives.
- How to implement proactive, security-minded workflows without disrupting operational speed.
- The role of leadership in driving cultural transformation and overcoming resistance to change.
- Real-world case studies showcasing the success of Secure Ops integration.

From Conflict to Collaboration: Building a SecOps Culture

The evolving threat landscape requires security operations (SecOps) to move beyond traditional methods and embrace cutting-edge innovations. Generative AI is emerging as a game-changer, enabling security teams to automate and enhance threat intelligence processes with unprecedented speed and accuracy.

In this session, we will explore how generative AI tools transform SecOps by automating tasks such as malware analysis, threat report generation, and contextual threat modeling. Attendees will learn how to integrate generative AI into their SecOps workflows to improve detection, decision-making, and response times while reducing the burden on human analysts.

Generative AI in SecOps: Automating the Art of Threat Intelligence

As organizations race to adopt AI technologies, many overlook the complex -- and often vulnerable -- supply chains that power them. From open-source libraries and training data to model hosting and deployment pipelines, every layer introduces potential risk. 

This talk from industry thought leader Yesenia Yser will unpack the anatomy of the AI supply chain and expose the weak points most commonly exploited by threat actors, including prompt injection, model poisoning, and malicious dependencies. She’ll examine real-world examples that illustrate how these risks manifest and offer practical strategies to fortify your AI stack -- from secure development practices and component validation to continuous monitoring and governance. 

Whether you're an AI engineer, cybersecurity professional, or technical leader, this session will provide the insights and tools needed to secure your AI systems against emerging threats and maintain trust in open-source intelligence.

Unpacking the AI Supply Chain: Strategies to Fortify Open Source Intelligence

Shifting left sounds great in theory but often creates an overwhelming burden on developers who aren't security experts. And traditional security gates create friction that developers bypass, leading to breaches.

In this webinar, industry thought leader Atulpriya Sharma will explore the concept of "invisible security" using GenAI to embed security guardrails into existing workflows without developer friction. Unlike traditional approaches, invisible security emphasizes zero context switching, natural language feedback, and guidance over blocking. We'll demonstrate how LLMs translate complex security concepts into actionable guidance at integration points developers already use - GitHub, CI/CD pipelines, IDE extensions, and much more.

Join us to discover implementation strategies that transform security from a burdensome afterthought to frictionless protection without sacrificing developer velocity.

Invisible Security: Embedding GenAI Guards Into Developer Workflows

Every minute of business disruption costs organizations millions – and cyber attackers know it. As threat actors weaponize AI and exploit zero-day vulnerabilities with unprecedented speed, the difference between survival and failure often comes down to how quickly you can recover from an attack.

Modern cyber resilience demands a paradigm shift – moving beyond traditional security measures to create business-aligned defense strategies. By identifying and protecting mission-critical assets through the Minimum Viable Company (MVC) framework, security leaders can ensure business continuity even in the face of sophisticated attacks while optimizing resource allocation and demonstrating clear ROI to the board.

Join Roselle Safran, CEO & Founder of KeyCaliber, as she shares battle-tested strategies for building and implementing a cyber resilience program that directly supports business objectives and ensures operational continuity.

Key Takeaways:

- Learn how to identify and define your organization's Minimum Viable Company (MVC) components to prioritize protection of business-critical assets
- Discover methodologies for aligning cyber resilience strategies with business objectives and risk appetite
- Master techniques for testing resilience capabilities against real-world scenarios without disrupting operations
- Gain practical insights into implementing and measuring the effectiveness of your cyber resilience program through business-focused metrics

Business-Centric Cyber Resilience: Protect What Matters Most

The emergence of quantum computing presents a unique challenge to the cybersecurity landscape. This transformative technology poses significant risks to current encryption methods, particularly for asymmetric cryptography systems like RSA and Diffie-Hellman, which secure most network communications today.
Organizations face a critical challenge: their existing cryptographic infrastructure may soon become obsolete against quantum computing capabilities. 
 
This presentation offers vital strategies for preparing for this transition, similar in scope to the Y2K challenge. The solutions presented are particularly valuable because they follow NIST guidelines rather than vendor-specific approaches, providing a standardized framework for organizations to assess their risk exposure and implement quantum-resistant algorithms systematically.
 
Join John Bruggeman (Virtual CISO, CBTS) to get a roadmap to transition from current encryption methods to quantum-resistant alternatives, ensuring long-term data security.

Key takeaways:
- Quantum Risk Assessment: Learn how quantum computing threatens current encryption algorithms and data privacy
- Strategic Implementation: Discover the essential steps for identifying at-risk data, conducting thorough data inventories, and documenting current cryptography usage across your organization's systems and tools.
- Industry Impact Assessment: Understand how to quantify and document quantum computing risks specific to your industry
- Transition Planning: Master the approach to implementing NIST-guided quantum-resistant solutions through a systematic, long-term project framework

Post Quantum Cryptography: Securing the Future

From data breaches to ransomware attacks, the cost of cybercrime is skyrocketing, demanding a new approach to security. Playing defense is no longer enough. Organizations need to anticipate threats and build resilience into their systems.  

CISOs and security leaders face immense pressure to stay ahead of the curve and build resilient organizations capable of withstanding and recovering quickly from security breaches. A product-led approach offers a proactive, data-driven solution for incident response, transforming security events into opportunities for continuous improvement. 

In this session, Oksana Denesiuk, product lead for billing and payments at Kaiser Permanente and ISSA Advisory Board Member, explores how cybersecurity teams can adopt a product mindset to enhance incident response, leveraging agile methodologies, iterative learning, and customer-centric thinking. 

Key Takeaways
- Embrace a product-centric approach to incident response, treating security incidents as valuable data points for continuous improvement.
- Integrate automated threat detection, secure coding practices, and incident learnings into the product roadmap.
- Use post-incident analytics, telemetry, and threat intelligence to refine security controls, enhance detection capabilities, and reduce the attack surface.
- Implement AI-driven detection, automated remediation workflows, and security orchestration (SOAR) to improve MTTR and MTTD.

Turning Incidents into Insights: A Product-Led Approach to Incident Response

The way employees communicate and collaborate is constantly evolving, and so too are the security threats they face. The rise of generative AI adds a new layer of complexity, requiring CISOs to proactively address the risks of data loss and potential harm to the organization.

Traditional security approaches often fall short in addressing the unique challenges posed by modern collaboration tools and the integration of GenAI. Understanding and mitigating these risks is critical for maintaining data privacy, preventing leakage, and ensuring compliance. We'll share Metrigy's latest research data to reveal actionable strategies for a comprehensive, business-aligned security strategy.

Join Irwin Lazar (President and Principal Analyst at Metrigy)  to discover the key components of a modern security approach, including how to:

- Establish alignment between IT, collaboration, and security teams to address evolving threats.
- Identify emerging threats stemming from new applications and out-of-band communications.
- Understand how generative AI creates new risks for data privacy, leakage, and effective data management.
- Develop a comprehensive security strategy tailored for collaborative environments and the GenAI landscape.
- Evaluate the benefits of third-party platforms optimized for collaboration and GenAI security to enhance your security posture.

Secure Collaboration in the Age of GenAI: A CISO's Guide to Risk Mitigation

In the ever-evolving landscape of DevOps, the paradigm is now shifting - where security is taking the central stage. With vast surface areas including containers, cloud, repositories and third-party components, cyber threats became more prominent than ever before in DevOps.

This presentation will delve into the evolution from traditional DevOps to the advanced usage of artificial intelligence (AI) technologies to automate and optimize the software development and delivery processes. This includes automating code scanning, testing and deployment processes while eliminating the threats in each possible way in the cycle.

In this session, join Jyotirmayee Pradeep Kumar (Vice President - Cloud DevOps at a well-known global bank) as she unravels the stages of integration of AI at each phase of DevOps. Topics for discussion include:
- Types of AI used in DevOps.
- Benefits of using AI in DevOps.
- Implementation of AI in DevOps.
- Best practices for using AI in DevOps.
- Eliminating security threats using AI in DevOps.

Security Risks to Consider with AI Integration: AI in DevOps

AI-powered SASE vs. Intelligent Threat Actors: The Fight for AI Supremacy

Beyond the Horizon: Use AI to Expand Threat Intelligence for Proactive Security

Unleash the Power of Prisma Access Browser

Exploring Visual Threat Intelligence

Resolve Post-Covid Network Security Issues With NIST CSF v2.0 and the CIS Critical Security Controls v8 Frameworks

Securing Applications in a Hyper-Connected World

Innovations in Network Security

AI systems are exposed to many new forms of cyberattack, in addition to all the legacy forms of cyberattack.

An understanding of these new forms of cyberattack is essential to being able to protect your AI systems and to identify if an attack has occurred.
A key understanding is that conventional IT security methods are relevant, but insufficient to secure an AI system or to determine if a cyberattack has occurred.
- They may be lacking in both scale and scope, and fail to address unique AI attacks

It is important to understand that a cyberattack may leave the AI system functioning “normally” and be difficult to detect.
- A cyberattack might be engineered by means of the successful planned use of the AI system.
- A cyberattack might alter the scope of “successful” outcomes in such a way to overcome the design goals of the system.

Additionally, a cyberattack might be implemented via an attack on sensors or environmental systems (e.g.: power) used by an AI system.
This presentation from industry thought leader Allan Cytryn reviews the similarities and differences between on attacks on conventional IT systems and those on AI systems and will provide a framework for beginning to understand, dimension and prepare for cyberattacks on AI systems.

Attack on AI Systems: Understanding the Vulnerabilities and Risks

Artificial Intelligence

Cyber Attacks

Risk Management

AIOps

Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Attack on AI Systems: Understanding the Vulnerabilities and Risks

Presented by

About this talk

More from this channel