TelcoNews Australia - Telecommunications news for ICT decision-makers
Australia
Guides
#
5g & beyond
#
broadband
#
internet of things
#
software-defined networking
#
unified communications
Search
Story image
#
AI Security
#
SecOps
#
Cybersecurity

How to secure Gen AI prompt fields: Battling a new cyber frontier

Today
By Uri Dorot & Pavan Thatha, Senior Security Solutions Lead & Vice President and General Manager, Radware

Gen AI prompt fields or chat boxes have become the latest playground for hackers. Whether you're a Gen AI solution vendor or integrate these tools into your applications, they present a fresh security challenge. The effectiveness and performance of Gen AI tools rely on users' ability to input free text and the AI's capability to process it. This inherently limits the restrictions that can be imposed on Gen AI input fields, making them a significant security concern for SecOps teams and vulnerable to various attacks. As a result, a multi-layered fight-AI-with-AI approach to security is needed.

The Security Challenge

The nature of Gen AI tools and their prompt fields are causing various security issues not only for SecOps teams but also for traditional security tools like web application firewalls and web application and API protection (WAAP) solutions.

One of the allures of Gen AI tools is their ability to process and respond to free text. However, this flexibility creates a security dilemma: how to block illegitimate prompts without hindering legitimate user input. Implementing security rules that strike this balance is crucial.

Another issue is that Gen AI tools often connect to sensitive databases. Exploiting these connections can lead to unauthorised access or manipulation of data. Robust cyber hygiene is essential to minimise the risk of exposing sensitive data.

Adding to these security concerns are single human attackers who use manual injections. Unlike distributed bot attacks, manual injections are harder to detect, and without established baselines, distinguishing between malicious and legitimate prompts becomes more difficult.

 

Under Attack

These and other security challenges make Gen AI tools and the applications embedded in these tools susceptible to various types of cyber attacks. At a minimum, organisations should be prepared to address some common types of threats and be aware of their business consequences.


Resource Exhaustion (Denial of Service)

Gen AI systems are resource-intensive by design, making them prime targets for resource exhaustion attacks. Attackers can flood Gen AI systems with massive numbers of rapid-fire requests, causing service disruptions or degraded performance. A successful attack can cause excessive resource consumption, including CPU, memory, and bandwidth, as well as increase operational costs and the total cost of ownership.


Prompt Injection and Exploitation

The open-text nature of Gen AI prompt fields provides attackers with a direct avenue for malicious inputs. By using malformed or malicious prompts, they can probe for weaknesses, manipulate AI behaviour, or bypass established safeguards. Injecting executable code or malicious instructions into prompts can compromise AI responses or improperly interact with back-end systems, leading to potential data breaches.


Undermining AI Response Integrity

Adversaries or even regular users with malicious intent can disrupt or manipulate the reliability of AI-generated outputs, potentially eroding trust in the system. This can occur through deliberate probing or by exposing underlying weaknesses in the AI model.

Repeated querying by attackers or overly curious users can expose model patterns, biases, or operational limitations. For instance, users may discover that the model consistently fails to handle certain types of inputs or exposes unintended logic. This could undermine confidence in a system's or an application's reliability and fairness.

In addition, feeding edge-case or adversarial inputs can crash models, corrupt data, or inadvertently disclose sensitive internal information to attackers or overly curious users who exploit the system's vulnerabilities.


Privacy Violations via Account Takeover

Integrating Gen AI tools into an organisation's applications and user and employee data creates new opportunities for attackers to exploit these tools as an entry point for account takeover (ATO) attacks. Hackers can abuse Gen AI prompts to access sensitive information, which can be leveraged to compromise accounts.

For instance, unauthorised access to customer accounts through ATO allows attackers to exfiltrate sensitive information, leading to privacy violations and potential legal repercussions. Moreover, attackers targeting employee accounts may gain access to proprietary or confidential enterprise data, causing reputational harm and financial loss.


API Abuse (Exploitation of API Vulnerabilities)

The reliance on APIs to power Gen AI tools introduces another layer of vulnerability.

Gen AI APIs exposed to user interactions are often susceptible to exploitation, such as excessive calls, injection attacks, or manipulation of API logic to extract sensitive information or disrupt operations.

GenAI tools embedded in applications connect to various internal and external databases via APIs to retrieve data. Attackers can leverage those connections to hack into databases and poison the data. They can feed the LLM with malware, fake data, malicious scripts, worms, and nefarious URLs, distributed to legitimate users via the Gen AI tools. These attacks can damage an organisation's reputation, breach regulatory standards, and cause substantial financial damages due to litigation, fines, and penalties.

 

The Defence

The costly ramifications of these attacks underscore the importance of implementing robust security measures to protect Gen AI tools and the applications that integrate with them.

The recommended approach to security is grounded in a fight against AI with AI philosophy; otherwise, by doing things manually, organizations will lose a cat-and-mouse game, unable to maintain a fast mean time to resolution (MTTR). A practical AI-driven approach is multi-layered and should include:

  • Real-time intelligence feeds of known attackers, IPs, and identities integrated with a web application firewall to block unwanted

    requests and API calls automatically.
     
  • AI-driven detection of sophisticated bots that rotate IPs and identities while communicating with embedded Gen AI tools.
     
  • AI-powered analysis of API business logic to detect and block anomalous behaviour and prompts in real time.
     
  • An AI-driven SecOps solution that provides on-the-fly root cause analysis to minimise MTTR.
     
  • Cross-correlation of different protection layers to quickly identify and mitigate malicious actors trying to abuse the Gen AI prompt fields or chat boxes.
     

While Gen AI shows endless potential, it does not come without risks. Securing Gen AI prompt fields demands innovative and adaptive security measures.

SecOps teams will be better prepared to protect their critical systems from future cyber threats by leveraging AI-powered defences and remaining vigilant.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Why email security needs automated incident response
Aryaka unveils AI-driven observability in SASE update
RMIT offers free IT diploma for women in Victoria 2025
CompTIA launches CloudNetX certification for IT experts
IP Fabric unveils Version 7.0 to boost network security
Top stories
Matt Milne appointed Access4's Chief Revenue Officer
Why There Is Growing Demand For Flexible IT Infrastructure
BT & Equinix expand to boost global interconnectivity
Case Study: SAHMRI leverages CommScope’s advanced network infrastructure
Zoom enhances productivity with new automation tools