Startup Competition Secures ML Systems, Vulnerabilities in Automation

Startup Competition Secures ML Systems, Vulnerabilities in Automation

Cybersecurity has traditionally secured the use of off-the-shelf IT hardware and software. Yet almost all the finalists at this years RSA Innovation Sandbox centered around securing attack surfaces arising from the building of applications, machine learning systems, and API integrations. And while that may sound like the SecDevOps and software supply chain security of old, these innovators are focused on a larger opportunity.

Innovation Sandbox is RSAs Shark Tank-like competition bringing 10 startup finalists to present onstage before judges. Hidden Layer took the top prize for defending ML systems against adversarial AI.

Today, every company is a software company, and more developers and data scientists arrive each year. Yet nondevelopers have begun to build software, too. Anyone can ask ChatGPT to code API integrations to their favorite SaaS app. Or to drag tasks into the playbooks of orchestration tools. This year’s finalists highlighted new attack surfaces produced by this growing business activity of software building.

Surprising Vulnerabilities in ML Systems

Cylance was hit with an adversarial AI attack in 2019, directly targeting its ML systems. Those involved were so sure they witnessed the future of cyber warfare, they built the Innovation Sandbox winner, Hidden Layer.

Hidden Layer defends ML systems against attacks that the public may have heard of, like poisoned training data. Yet the industry hasnt really addressed how easy it is to steal intellectual property (IP) from ML systems. As an example, inference attacks probe deployed ML models, learning to create labels that automatically train new models to mimic the victims now stolen IP.

Hidden Layer protects customer models while they’re still being staged, detects their vulnerabilities, then protects and obfuscates models once deployed. In addition to their product, Hidden Layer offers a managed detection and response service for this unfamiliar world.

Manywant the insights and automation that third-party AI providers, such as OpenAI, can deliver. Yet they dont want to share sensitive data. Enter Zama, the finalist working on the holy grail of AI privacy, fully homomorphic encryption.

Zamas fully homomorphic encryption allows their end customers application developers to encrypt sensitive data into structures of ciphertext, then share it with third-party AI providers. After this third-party AI provider has completed its work on the structured ciphertext, the new analytic insights are handed back to the customer who originally shared their data. Homomophics magic now happens as its decrypted, with the integrity of the third-party AIs insights and their relation to the customers private data intact. Yet no secrets were ever shared, only encrypted cyphertext.

Zamas twist is a quantization technique that optimizes by using integers instead of decimals, the latter of which require extra CPU instructions for even basic math.

Enabling Software Developers Instead of Critiquing Code

The shift-left movement has failed to make developers fix insecure code. This years startups focused less on analyzing code and more on helping developers write secure code in the first place.

Taking second place was Pangea, which provides already working security functionality that can be built into applications with one-line API integrations. Pangea calls it shifting left-of-left: enable developers, instead of creating arguments with SecDevOps.

Other finalists in this mold include Endor Labs, which comes from the founder of cloud posture management pioneer RedLock, which became Palo Alto Networks Prism cloud. Endor Labs targets the open source side of software composition analysis. Open source libraries are everywhere. As Endor Labs tells it, there’s even foundational Internet code maintained by single part-time developers. And some of these folks have even served time in prison. Endor Labs helps developers choose open source wisely, as they develop.

Relyance AI enforces privacy by asserting compliance against a companys custom code. The advanced intelligence they built in only three years may cause a double take. Relyance AI cites advances in NLP, and generative AIs ability to rapidly prototype as having accelerated R&D. Theyve built an AI product that understands privacy clauses in compliance documents, and enforces these on developer code.

Dazz focuses on orchestrating remediation across the sprawling software development life cycle. Today a diverse set of code-to-cloud personnel deploy applications on numerous continuous integration and continuous development (CI/CD) pipelines. They maintain their own container images, write code and include who-knows-what libraries and artifacts. Dazz auto-maps these CI/CD pipelines, then orchestrates remediating vulnerabilities across sprawling departments and actors.

API Integrations Threaten Software Supply Chain

The most important supply chain issue no one is talking about is back-end API integrations. Hidden data flows between commercial SaaS vendors arise as business users build shadow integrations with orchestration platforms and generative AI — even without coding skills. Because these integration apps automate and authenticate, these integrations are often handled by nonhuman identities, and there are a lot more nonhumans than humans.

Astrix Security maps the web of APIs, monitors, and reins in these API-to-API shadow integrations. By Astrixs count, there are 45 times more nonhumans traversing these connections than employees, making this the new identity problem.

Valence Security maps the SaaS-to-SaaS mesh, handles misconfigurations, and remediates — including an education step. They explain how in the new decentralized world, business users may essentially end up as SaaS admins.

Timely Topics: SBOMs, Blockchain Contracts

SafeBase builds a secure role-based trust center allowing a vendors salespeople and customers to share supply chain information, share software bills of materials (SBOMs), and facilitate the expensive questionnaire process.

The final competitor, AnChain, showcased a Web3 SOC product that monitors, detects, responds to, and investigates blockchain smart contracts.

Innovation Sandbox gave us a first glimpse at securing the upcoming automation era where developers, data scientists, and business users go to work every day and build potentially vulnerable software.