web analytics

How Microsoft Secures Generative AI – Source: www.databreachtoday.com

how-microsoft-secures-generative-ai-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development

Enabling Safety in the Age of Generative AI

Microsoft


May 23, 2024    

How Microsoft Secures Generative AI

Trustworthy. Responsible. Foundational. Now.

See Also: Webinar | Mythbusting MDR

We are at the start of an exciting new age: an age of limitless possibilities, an age of generative AI, or GAI. Like nothing else in human history, gen AI has emerged as an engine for innovation, with vast applications and new use cases that continue to reveal themselves every day.

Because the technology is rapidly revolutionizing business and the world at large, and its unbridled potential has captured the popular imagination like nothing else in recent memory, we feel a responsibility to share what we have learned about using this technology safely.

We take this responsibility seriously. Microsoft is committed to security, privacy and compliance across everything we do, and our approach to AI has been no different. In 2016, we began our work on responsible AI. By 2018, we had identified our Responsible AI Principles, and by 2019, we became the first major cloud provider to create a permanent Office of Responsible AI to both govern our AI program and provide actionable guidance for engineering teams building AI systems. During our decadelong focus on delivering AI to our customers, we have developed standards and best practices to address them – standards and best practices we share openly.

No matter which AI solutions you choose – one of Microsoft’s Copilot offerings, your own AI application built on the Azure AI platform, or an AI system offered elsewhere – we want to help you use the awesome power of AI safely and responsibly across systems in a way that keeps your data secure and private.

We believe the possibilities for generative AI are limitless. To respect this awesome power, we take a holistic approach to generative AI security that considers the technology, its users and society at large across four areas of protection: data privacy and ownership, transparency and accountability, user guidance and policy, and secure by design.

Data privacy and ownership

Microsoft applies the same privacy commitments to GAI as we do our software products, including our Copilots. That means customer data remains private. We empower customers to retain control of their information, which will never be used to train foundational models or be shared with OpenAI or other Microsoft customers without permission.

Transparency and accountability

Generative AI, just like human beings, sometimes gets it wrong. To make sure the content created by generative AI is as credible as it appears, it’s essential for the AI to use authoritative data sources to foster accuracy, showcase reasoning and sources to maintain transparency, and encourage an open dialog with the provision for feedback – an avenue that permits users to contribute substantially to the enhancement of AI results.

User guidance and policy

AI is an awesome force. To mitigate potential overreliance, we try to temper users’ trust while encouraging them to think critically about the information served by citing sources and using carefully considered language. We also consider hostile misuse, where users try to engage the AI in harmful actions, like generating dangerous code or instructions to build a weapon. To shield against this kind of misuse, we layer deep safety protocols into the system, setting clear boundaries on what AI can and cannot do to maintain a safe and responsible usage environment.

Secure by design

To prepare for generative AI threat vectors, we’ve added new steps to our Security Development Lifecycle, including updating the Threat Modeling SDL requirement to account for AI and machine learning-specific threats and mandating that teams adhere to the Responsible AI Standard. We also
continually monitor and log our large language model, or LLM, interactions for threats and implement strict input validation and sanitization of user-provided prompts. Finally, we put all of our GAI products through multiple rounds of AI red teaming to look for vulnerabilities and ensure we have proper mitigation strategies in place.

AI Red Team

Instituted in 2018, Microsoft’s AI Red Team mirrors the tactics and techniques of potential adversaries to find and fix vulnerabilities. The team’s charge extends beyond just securing against potential threats; it encompasses a critical examination of other system failures, including the generation of potentially harmful content, providing us with a comprehensive picture of the system’s integrity, confidentiality, and availability. The world of AI is always in flux, and as such, our red teaming efforts are relentless and adaptive, embracing an ongoing cycle of testing both before and after product release.

AI adoption rates are increasing fast – frequently without the knowledge or oversight of management – and demand for its applications continues to rise exponentially. As a business decision-maker, embracing GAI is a strategic move that can revolutionize your organization.

Is your organization ready? Here’s how to get started:

Step 1: Implement a Zero Trust Security Model

Zero trust is the cornerstone of any resilience plan, limiting the impact on an organization. Instead of assuming everything behind the corporate firewall is safe, the zero trust model assumes breach and verifies each request as though it originates from an open network.

Learn more about Zero Trust.

Step 2: Adopt Cyber Hygiene Standards

Basic security hygiene still protects against 99% of attacks. Meeting the minimum standards for cyber hygiene is essential for protecting against cyberthreats, minimizing risk and ensuring the ongoing viability of the business.

Learn more about cyber hygiene.

Step 3: Establish a Data Security and Protection Plan

For today’s environment, a defense-in-depth approach offers the best protection to fortify your data security. There are five components to this strategy, all of which can be enacted in whatever order suits your organization’s unique needs and possible regulatory requirements.

Learn more about data security and protection.

Step 4: Establish an AI Governance Structure

AI-ready organizations will have implemented processes, controls, and accountability frameworks that govern data privacy, security, and development of their AI systems, including the implementation of Responsible AI Standards.

Learn more about AI governance.

Original Post url: https://www.databreachtoday.com/blogs/how-microsoft-secures-generative-ai-p-3629

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

Google
We’re All in this Together
We’re All in this Together
CyberSN
U.S. Cybersecurity Job Posting Data Report
U.S. Cybersecurity Job Posting Data...
CISA | Cybersecurity and Infrastructure Security Agency
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
UNDERSTANDING AND RESPONDING TO DISTRIBUTED...
McKinsey & Company
Transforming risk efficiency and effectiveness
Transforming risk efficiency and effectiveness
Arnold Antoo
Zero Trust Security Model
Zero Trust Security Model
Richea Perry
Your Cybersecurity Toolkit
Your Cybersecurity Toolkit
IGNITE Technologies
Wireless Penetration Testing
Wireless Penetration Testing
Joas A Santos
Windows API for Red Team #101
Windows API for Red Team...
Economic Research Working Paper
Artificial Intelligence and Intellectual Property
Artificial Intelligence and Intellectual Property
CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture

More Latest Published Posts

cisco
Cyber Incident Response
Cyber Incident Response
CSR Cyber Security Council
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY
SYBEX
Cybersecurity ESSENTIALS
Cybersecurity ESSENTIALS
Agency for Digital Government
Cyber security in supplier relation ships
Cyber security in supplier relation ships
RINKU
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
Curso de introducción KALI LINUX PARA HACKERS ÉTICOS
CNIL
PRACTICE GUIDE GDPR
PRACTICE GUIDE GDPR
FERMA
THE ROADMAP TO STRATEGIC RISK MANAGEMENT
THE ROADMAP TO STRATEGIC RISK MANAGEMENT
ENISA-EUROPA
Cyber Resilience Act Requirements Standards Mapping
Cyber Resilience Act Requirements Standards Mapping
CYTAD
Essential Data Privacy Checklist
Essential Data Privacy Checklist
SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems