Cybersecurity Innovation Pulse #41: CrowdStrike x NVIDIA; Red Teaming AI Apps; AI-SPM Race Heats Up; Semgrep Assistant and More!
Covering Mar. 14th - Mar. 21st
Welcome to Issue 41 of the Cybersecurity Innovation Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products, attacker techniques, and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
Industry🛰
Apex Legends Tourney Postponed Due To RCE Vuln.
Earlier this week, Electronic Arts (EA) had to postpone the Apex Legends E-Sports Tournament due to attackers implementing “cheat tools” to benefit a set of players. A bit of drama on this one between EA and their anti-tampering service provider. Easy Anti-Cheat denies their system contains the Remote Code Execution (RCE) flaw exploited.
With $5M on the line, this obviously left many folks upset. While this story isn’t earth-shattering from an innovation perspective, it highlights the risk and financial impact of security attacks on E-Sports, a relatively new industry.
Source: DarkReading
Product🛸
Semgrep Assistant GA
Semgrep has launched their AI solution which has contextual auto-triage, auto-fix, custom rule-writing, and prioritization capabilities.
The auto-triage capability is prob my favorite given that it tells you when a finding may be safe to ignore and why. It then gives you the option to ignore or address the finding.
With security teams facing so much noise, features like these are powerful.
Kudos to the Semgrep team for not launching just another AI copilot.
Source: Semgrep
GitHub Adds Code Scanning Autofix to GHAS
Very similar to Semgrep’s release but less robust and less feature rich.
Source: BleepingComputer
CrowdStrike x NVIDIA Announce Partnership
At this week’s annual NVIDIA GTC conference, CrowdStrike announced their partnership with NVIDIA. The partnership will focus on integrating CrowdStrike Falcon XDR with NVIDIA’s AI and GPU technologies to advance endpoint threat detection and prevention.
Under the collaboration, CrowdStrike will also leverage Nvidia accelerated computing, Nvidia Morpheus and Nvidia NIM microservices to bring custom large language model-powered applications to the enterprise. Paired with the Falcon platform’s contextual data, customers will be able to solve novel, domain-specific use cases, including AI-powered applications that can process petabytes of logs to improve threat hunting, detect supply chain attacks, identify anomalies in user behavior and proactively defend against emerging exploits and vulnerabilities. - Duncan Riley, SiliconAngle
Given Crowdstrike’s lead in the EDR/XDR space, I think this partnership sets them up extremely well for the next ~5 years.
Source: SiliconANGLE
Orca Security Launches Their AI-SPM
Orca Security has launched their AI Security Posture Management (AI-SPM) solution. It’s compatible with Azure OpenAI, Amazon Bedrock, Google Vertex AI, AWS Sagemaker, and 50+ commonly used AI software packages, including Pytorch, TensorFlow, OpenAI, Hugging Face, scikit-learn, and many more.
It combines some of their DSPM functionality to detect sensitive data, CSPM functionality to detect misconfigured AI models and projects, code scanning to detect leaked secrets, and it’s able to provide an AI/ML Bill of Materials (BOM).
Pretty practical and cool stuff. I wonder PANW is cooking for their AI-SPM solution 👀
Source: Orca Security
Wiz Bolsters Remediation Guidance
Wiz has introduced AI-powered remediation guidance using Azure OpenAI Service.
“To get the best remediation recommendations from Azure OpenAI, Wiz uses its attack path analysis, correlating risks across network exposures, vulnerabilities, misconfigurations, identities, data, secrets and malware on the Wiz Security Graph.” - Wiz
Given that there is still a massive cloud security knowledge gap across most enterprises, features like this are a massive win. Remediation is tricky and may often have unintended downstream effects. With the remediation guidance and the added context from Wiz’s security graph, it does seem like mean-time-to-remediation (MTTR) can be streamlined 👌
Source: Wiz
Wiz Partners w/ Splunk
Wiz and Splunk have partnered to enable mutual users to ingest security findings from Wiz into Splunk's SIEM. This removes the burden of users having to get the data there themselves. The integration automatically brings in Wiz findings. There’s also dedicated Splunk Wiz dashboard that can be deployed.
Source: Wiz
Drata Releases Adaptive Automation
Drata has released a new offering called Adaptive Automation. It has a no-code test builder that enables GRC teams to build fine-grained, custom compliance tests fit to their environment.
GRC is one of those domains where a one-size-fits-all approach is a non-starter so it’s good to see highly customizable solutions continue to come out.
Source: Help Net Security
Tradecraft🤺
‘Conversation Overflow’ Attack Bypasses AI/ML Detection
A new phishing attack method "Conversation Overflow" bypasses AI/ML security by combining malicious prompts concealed in legitimate text. This deceives email security solutions into classifying the email as safe and reaching their target’s inboxes for potential credential theft.
Source: DarkReading
Red Teaming AI Apps
While fundamental principles and approaches apply to securing and red teaming LLMs and AI applications, there are inherent differences which make it more difficult. For example, AI models are continuously evolving based on the data it is being fed and trained upon. This means that models are susceptible to become vulnerable or drift from its guardrails if not continuously monitored or tested.
The AI and LLM supply chain runs deep regardless of your deployment model (I.e., cloud provider v. open-source self-hosted). This article from David Haber, CEO at Lakera, dives into how red teaming AI apps is different and what remains the same.
Source: Help Net Security
GhostRace: A New CPU Vulnerability
Researchers from IBM and VUSec have discovered GhostRace, a data leak vulnerability impacting CPUs that perform speculative execution. GhostRace is a variation of the notorious Spectre v1 flaw which leverages speculative execution and race conditions to enable information leaks. CPUs across various architectures are susceptible. Vendors like AMD recommend existing Spectre mitigations.
Source: The Hacker News
Extras🎬
Emerging Trends CISOs Should Pay Attention To - Security Weekly
Crafting and Communicating Your Security Strategy - The Hacker News
BigID Raises $60 Million at $1 Billion Valuation - SecurityWeek
CodeZero Raises $3.5 Million for DevOps Security Solution - SecurityWeek
Bye For Now!
Nos vemos la próxima semana! 🚀