Security Must Empower AI Developers Now
Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
Security Must Empower AI Developers Now
Enterprises need to create a secure structure for tracking, assessing, and monitoring their growing stable of AI business apps.
Michael Bargury, CTO & Co-Founder, Zenity
October 16, 2023
3 Min Read
Source: Kittipong Jirasukhanont via Alamy Stock Photo
LinkedinFacebookTwitterRedditEmail
There is no doubt that generative artificial intelligence (GenAI) is going to change how business gets done. Research firms are estimating huge productivity gains across all sectors that, if fulfilled, would completely transform every industry. With such great potential gain, it is clear why every enterprise is striving to enable their teams to build AI-powered applications as fast as possible. However, security teams must act now to ensure these apps will hold up to scrutiny.
The Race to Capture AI Business Value First
Some enterprises have already built hundreds of AI-powered apps so far. The rate of development is just incredible, with notable examples like Microsoft releasing Copilot applications at a rate far beyond what a huge enterprise typically delivers.
Because of the immaturity of the frameworks and tooling around AI app development, these are being built with a wide range of technologies. Development frameworks that build on top of the few fundamental models are numerous and vary significantly, and they keep on popping up. Frameworks such as LangChain and AutoGPT have gained significant popularity at an unprecedented pace. In a major enterprise, you can easily expect to find tens of different frameworks being used to build these applications.
The first organizations that are able to capture productivity gains from AI before others will have a huge win. Therefore, we are taking part in a race where we have to make do with the frameworks available right now and just get things done. It will probably take a long time for frameworks to standardize, and by that time youâll already be late to the game.
We have to face reality: Business is being reimagined â with unproven tools, frameworks, and threat models â at an unprecedented pace.
Security: Where Do We Even Begin?
Building so many new applications in such a short time frame has huge security implications. First, these are just more applications, with the same security risks as any other application introduces; they need to get identity, dataflow, and secret management right, to name a few concerns. Second, GenAI creates some unique security challenges, which frameworks such as the OWASP LLM Top 10 help to capture and educate on.
Advanced security organizations, in collaboration with IT, are putting together dedicated centers to inventory, assess, and secure these applications. Note that these require creating entirely new processes and newly delegated responsibilities. Ideally, these centers can act as an enabling resource for developers, offering threat modeling and design review services to ensure secure standards are met.
Creating a centralized resource is not an easy feat. Finding all AI-powered projects across an enterprise is a huge challenge, as inventory always is. Developing the technical skills required to audit these applications is difficult as well â especially due to the proliferation of different AI frameworks, each with its own quirks and gotchas. Monitoring these apps in production is yet another challenge, both from a technical perspective of getting the right data from immature development frameworks and from the security analysis perspective of knowing what to look for.
These are not insurmountable challenges, however. In fact, they follow the typical application security problem formula of inventory, security assessment, and runtime protection. To get ahead and enable our business to capture the AI revolution first, we have to start making headway in solving those problems.
LinkedinFacebookTwitterRedditEmail
About the Author
CTO & Co-Founder, Zenity
Michael Bargury is an industry expert in cybersecurity focused on cloud security, SaaS security, and AppSec. Michael is the CTO and co-founder of Zenity.io, a startup that enables security governance for low-code/no-code enterprise applications without disrupting business. Prior to Zenity, Michael was a senior architect at Microsoft Cloud Security CTO Office, where he founded and headed security product efforts for IoT, APIs, IaC, Dynamics, and confidential computing. Michael holds 15 patents in the field of cybersecurity and a BSc in Mathematics and Computer Science from Tel Aviv University. Michael is leading the OWASP community effort on low-code/no-code security.
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
More Insights
Webinars
- Think Like a Cybercriminal to Stop the Next Potential Attack Jul 22, 2025
- Elevating Database Security: Harnessing Data Threat Analytics and Security Posture Jul 23, 2025
- The DOGE-effect on Cyber: Whatâs happened and whatâs next? Jul 24, 2025
- Solving ICS/OT Patching and Vulnerability Management Conundrum Jul 30, 2025
- Creating a Roadmap for More Effective Security Partnerships Aug 14, 2025
Events
- [Virtual Event] Strategic Security for the Modern Enterprise Jun 26, 2025
- [Virtual Event] Anatomy of a Data Breach Jun 18, 2025
- [Conference] Black Hat USA - August 2-7 - Learn More Aug 2, 2025
You May Also Like
Application Security
âVoid Bansheeâ Exploits Second Microsoft Zero-Day
Application Security
Microsoft VS Code Undermined in Asian Spy Attack
Application Security
Hackers Use Rare Stealth Techniques to Down Asian Military, Govât Orgs
Application Security
Microsoft Talks Kernel Drivers Post CrowdStrike Outage
Edge Picks
Browser Extensions Pose Heightened, but Manageable, Security Risks Browser Extensions Pose Heightened, but Manageable, Security Risks
URL bar of a browser showing part of a website address
Endpoint Security
Gartner: Secure Enterprise Browser Adoption to Hit 25% by 2028 Gartner: Secure Enterprise Browser Adoption to Hit 25% by 2028
Icons for Chrome, Edge, and Firefox browsers on a screen
Endpoint Security
ClickFix Spin-Off Attack Bypasses Key Browser Safeguards ClickFix Spin-Off Attack Bypasses Key Browser Safeguards
Stream of 0s and 1s running alongside padlock icons
Endpoint Security
Extension Poisoning Campaign Highlights Gaps in Browser Security Extension Poisoning Campaign Highlights Gaps in Browser Security
Latest Articles in The Edge
5 Min Read
- AI Is Reshaping How Attorneys Practice Law Jul 15, 2025 |
5 Min Read
- Browser Exploits Wane as Users Become the Attack Surface Jul 9, 2025 |
6 Min Read
- Unlock Security Operations Success With Data Analysis Jul 8, 2025 |
2 Min Read
Cookies Button
About Cookies On This Site
We and our partners use cookies to enhance your website experience, learn how our site is used, offer personalised features, measure the effectiveness of our services, and tailor content and ads to your interests while you navigate on the web or interact with us across devices. By clicking âContinueâ or continuing to browse our site you are agreeing to our and our partners use of cookies. For more information see Privacy Policy
CONTINUE
_(1).jpg){kind=logo}
Cookie Policy
When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Allow All
Manage Consent Preferences
Strictly Necessary Cookies
Always Active
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. Â Â You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies
Always Active
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. Â Â All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Functional Cookies
Always Active
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. Â Â If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies
Always Active
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. Â Â They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
Back Button
Cookie List
Search Icon
Filter Icon
Clear
checkbox labellabel
ApplyCancel
ConsentLeg.Interest
checkbox labellabel
checkbox labellabel
checkbox labellabel
Confirm My Choices
