Preventing PII Leakage through Text Generation AI Systems

Do an online search for ways to bypass text generation AI security filters, and you will find page after page of real examples and recommendations on how one can trick them into giving you information that was supposed to be blocked.
This remains true despite continuous efforts to improve these filters to the point where these efforts seem practically sisyphean.
The reality is that too many possible ways exist to create prompts for security filters to catch all possible bypasses.
Today the bypass may be a prompt that asks for a story, tomorrow it may be a haiku.
What makes the security bypasses of text generation AI systems particularly problematic is that anyone can do it.
Prior to generative AI, hacking a computing system required at least a decent knowledge of basic computing concepts.
With generative AI, anyone able to write and some free time can take a shot, and when they succeed, the myriad of social media outlets provide venues for a victory lap as they share with others one more way to trick the system.
In the context of generative AI systems that have access to sensitive or regulated data, this just means that security filters will do little to prevent data leakage, and that they provide virtually no value in meeting compliance requirements.
The only guaranteed way to avoid disclosure of PII and other similarly regulated data in GenAI systems is to make sure that PII was never ingested into the system at all.
Or, put it another way, such data should never be made available to the system without being de-identified first.
This way, the GenAI can never disclose PII simply because it cannot reveal what it never knew.
If only the specific PII values in the data are de-identified, the impact on the utility of the GenAI system is minimal, if even noticeable.
While de-identifying PII at a field-level seems daunting at first, many enterprises are already doing this to meet compliance requirements today.
Those who have not yet done so likely assumed that it would require onerous code changes.
Baffle provides a proxy based solution for implementing field-level encryption, tokenization, and masking that de-identifies PII values without any application code change.
This makes it incredibly easy to ensure that data privacy compliance requirements are met whether the data is used downstream for analytics or GenAI systems.
With Baffle, there is a clear path forward for enterprises to use GenAI in a compliant way, even if the dataset includes PIIs and other regulated data.
If you have security concerns about your own upcoming GenAI projects, our sales team can help you identify the best way to address them.
This is a Security Bloggers Network syndicated blog from Baffle authored by Min-Hank Ho, VP Product Management.
Read the original post at: https://baffle.io/blog/preventing-pii-leakage-through-text-generation-ai-systems/.


This Cyber News was published on securityboulevard.com. Publication date: Fri, 08 Dec 2023 09:58:40 +0000


Cyber News related to Preventing PII Leakage through Text Generation AI Systems

CVE-2024-29204 - A heap-based buffer overflow vulnerability exists in Ivanti Avalanche prior to 6.4.3.A message sent to Avalanche's WLAvalancheService.exe on TCP port 1777 has the following structure:// be = big-endian strut msg { preamble pre; hp hdrpay; }; struct ...
6 months ago Tenable.com
Preventing PII Leakage through Text Generation AI Systems - Do an online search for ways to bypass text generation AI security filters, and you will find page after page of real examples and recommendations on how one can trick them into giving you information that was supposed to be blocked. This remains ...
10 months ago Securityboulevard.com
CVE-2023-41727 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
10 months ago Tenable.com
CVE-2023-46217 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
10 months ago Tenable.com
CVE-2023-46216 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
10 months ago Tenable.com
Accused data peddler faces prison for running fraud op The Register - A Baltimore man faces a potential maximum 20-year prison sentence after being charged for his alleged role in running an online service that sold personal data which was later used for financial fraud. An underground TLO service is based on the idea ...
9 months ago Theregister.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
10 months ago Cyberdefensemagazine.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
10 months ago Securityintelligence.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
10 months ago Securityboulevard.com
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
1 month ago Cyberdefensemagazine.com
Ex-Navy IT head gets 5 years for selling people's data on darkweb - Marquis Hooper, a former U.S. Navy IT manager, has received a sentence of five years and five months in prison for illegally obtaining US citizens' personally identifiable information and selling it on the dark web. The man was indicted with his ...
11 months ago Bleepingcomputer.com
Ivanti Avalanche Multiple Vulnerabilities - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService. CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow. Exe copies user-supplied data to a fixed-size stack-based buffer. An unauthenticated remote attacker can ...
10 months ago Tenable.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
11 months ago Esecurityplanet.com
From Implicit to Authorization Code With PKCE, BFF - Lack of Refresh Token Support occurs when there are no refresh tokens, and frequent requests for new tokens are necessary, increasing the chances of token leakage and misuse. The Implicit Flow had several security vulnerabilities, such as token ...
4 months ago Feeds.dzone.com
Bluefin enhances ShieldConex with enterprise security proxy service - Bluefin launched a new ShieldConex capability providing token and/or EMV/P2PE based processing services to any payment processor, as well as protecting Personally Identifiable Information and Protected Health Information endpoints. For enterprise ...
9 months ago Helpnetsecurity.com
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities - An authentication bypass vulnerability exists in edge-app-base-webui. The doLogin() method fetches the correct UUID, so the login would succeed. An unauthenticated remote attacker can exploit this vulnerability by sending a POST HTTP message without ...
7 months ago Tenable.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
4 months ago Helpnetsecurity.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
1 year ago Bleepingcomputer.com
Smart Home Security Essentials: Protecting What Matters Most - Smart home security systems provide homeowners with the ability to keep their personal and property safe from intruders, theft, and other potential threats. This article will discuss different types of smart home security systems, benefits, setting ...
10 months ago Securityzap.com
Cyber Monday Kicks Off Holiday Shopping Season With E-Commerce Security Risks - The post-Thanksgiving e-commerce shopping event known as Cyber Monday draws millions of consumers each year seeking out bargains online - to the tune of $11 billion in 2022. Amid the purchasing spree, consumers routinely share sensitive personally ...
11 months ago Darkreading.com
Data Loss Prevention for Business: Strategies and Tools - Data Loss Prevention has become crucial in today's data-driven business landscape to protect sensitive information. This discussion aims to provide valuable insights into DLP strategies and tools for business, helping mitigate data loss risks ...
9 months ago Securityzap.com
Critical Infrastructure At Risk: Vulnerabilities Discovered In Automatic Tank Gauging - Pedro Umbelino, Principal Research Scientist at Bitsight, says the vulnerabilities could allow malefactors to exploit ATG systems, leading to potentially catastrophic outcomes, including environmental hazards, economic disruption, and even physical ...
1 month ago Informationsecuritybuzz.com
OpenAI AI Text Classifier: Detect AI-Generated Text - OpenAI has released an AI text classifier that attempts to detect whether input content was generated using artificial intelligence tools like ChatGPT. The AI Text Classifier is a fine-tuned GPT model that predicts how likely it is that a piece of ...
1 year ago Bleepingcomputer.com
Gov't, Judicial IT Systems Beset by Access Control Bugs - There was the bug in the state of Georgia's portal for canceling voter registrations, the access control issue that exposed court documents in counties across Florida, and the many critical vulnerabilities bogging down a public records request ...
1 month ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)