Data security with AI powered agents

Google Cloud Tech · Beginner ·🧠 Large Language Models ·2y ago

Key Takeaways

Secures AI deployments using Google's Secure AI Framework and AI powered agents

Full Transcript

I a security engineer on the product security team at my company my company wants to develop and release a new application built on vertex AI that leverages an AI powered agent to answer customer questions I'm fully on board the large language model wagon but I'm also scared what if it exposes sensitive data generative AI models can speed up my coding my operations tasks and my pattern matching but I want to make sure I can build my application without putting my data at risk I'm fully aware that vertex AI is built securely and is backed by Google Cloud's secure highly available infastructure I just like a little additional layer of the fence luckily Google published a jupyter notebook that helps protect my data by preventing AI applications from exposing my company's sensitive data to the end user so join me as I explain how Google approaches protecting generative AI applications [Music] Google is serious about protecting generative Ai and they approach securing AI applications from three perspectives secure the model secure the application and secure the infrastructure today we're going to focus on ways to secure your AI applications by applying sensitive data protection across the data pipeline so you can make sure your output is safe and clean we've seen many models ingest and handle sensitive personal information so in this video we'll see how we can prevent an AI agent from exposing sensitive data while retaining its usefulness in this case let's start with a customer service AI agent built on vertex AI the agent will be able to access account information but is also exposed to a wide and unpredictable audience it needs to understand their request but should never share sensitive data with them we could craft a messy set of regular Expressions to handle this but there's a more secure automated way to take care of our filtering so the AI agent is useful but doesn't expose our sensitive data let's walk through how to set up sensitive data protection on the data or model processes so you can prevent pii from being compromised our sensitive data Protection Service which includes our data loss prevention or DP API provides a suite of detection and transformation options to help you address these challenges organizations can use sensitive data protection to add additional layers of data protection throughout the life cycle of a model from Discovery tuning augmenting and maintenance sensitive data protection includes more than 150 built-in information types or infotypes types to help quickly identify sensitive data elements like names personal identifiers financial data medical context or demographic data you can identify these elements to choose which records to remove from pipelines or leverage inline transformation to obscure only the sensitive elements while retaining the surrounding context you can choose what kind of data transformation methods best suit your needs from simple redaction to randomize replacement to format preserving encryption sometimes a simple replacement is not enough but with random replacement you can produce an output that looks much like the input sample but has randomized values in place of the identified sensitive elements this enables you to reduce risk while preserving the utility of your data inline transformation can be used when tuning data for AI models and can protect AI generated responses in real time this becomes important since generative AI models take unstructured prompts from users some of these prompts may attempt to manipulate the model into sharing unintended information and lead the model to generate new possibly unseen responses you can protect against this by scanning the input prompt and generated response to ensure that sensitive data elements are identified or removed [Music] we've tuned the large language model or llm with data that may be inadvertently exposed via a generative AI application we want to ensure that an attacker will be completely unable to extract sensitive information from the large Corpus of data used to tune the model let's see how sensitive data protection can help protect that data to start we've developed some code that Imports the vertex Ai and sdp apis we defined a d identification configuration that replaces the data it finds with the infotype category sensitive data protection uses information types or infotypes to Define what it SCS for an infotype is a type of sensitive data such as a name email address telephone number identification number credit card number and others and every time the vertex AI API receives a prompt or generates a response sdp will check that data to find and potentially de identify sensitive information to test our implementation we decided to test different threat categories and compare the model's original response to the filter response altered by sdp let's see how well it handles emails we prompted the model to generate Homer Simpsons email it generated the wrong email but thankfully we can see that cloud sdp identified the email and replaced it with the email address infotype and likewise we can repeat this process for data that's even more sensitive and critical to people's lives National identification numbers in this example we've prompted the model to share examples of names and US Social Security numbers our data set is unlikely to contain this information but we want to be extra careful and add some levels of protection better yet we can see that cloud sdp helps redact multiple types of national identification numbers shufa IDs used to indicate personal credit worthiness in Germany can be sensitive data and luckily sdp is helping us protect them now let's see if we can find and redact credit card numbers after all our data set could include real credit card numbers and we don't want to expose them once again we can see that the model responds helpfully and generates an example of a credit card number however sdp Saves the Day by ensuring that the number is not visible this could very well have been a real credit card number and like a truly helpful agent this model tries to generate a helpful response when prompt proed to generate source code nevertheless we don't want end users or developers to use our agent to generate code we don't know the license terms for that code and the code may be insecure or Worse malicious speaking of licenses what if a curious user wants to use the agent for help in drafting legal documents let's say the user wants to patent her cool new invention but needs some help in understanding the patent process and and of course our helpful agent is happy to oblige and help the user understand the patenting process there isn't any sensitive information provided so sdp doesn't need to block this response the user needs an example and request an example of a patent from the agent this response is blocked we don't want the agent producing an existing or hypothetical patent in this case it might be best for our user to consult a patent attorney now that we've explored how we can use sensitive data protection to filter our llm responses let's chat with Jim Miller a Google Cloud security architect who created this Jupiter [Music] notebook so Jim what challenges did you see your customers experiencing that led you to build this Jupiter notebook well customers were asking what happens when they use their own data to tune a foundational model what dat data leakage risk exist for generative AI applications sensitive data protection is a Cornerstone of robust data security strategy so naturally The Next Step was applying it to LM responses and what were some of the decisions customers should think about when deciding to use sensitive data protection to filter their llm responses When developing gen applications customers should think about striking a balance between creating Innovative and engaging user experiences and protecting against sensitive data exposure to do that I'd recommend thinking about how to calibrate a few variables first scope your inspection set to a set of info types that make sense for your organization and application sdp comes with 150 predefined info types that are great but if you have something specific to your organization like a secret project name or a funky customer ID think about creating a custom info type too now the next piece would to calibrate an appropriate risk tolerance for your organization by defining the sdp sensitivity level this will allow developers and security teams to tailor the control to ensure the application remains both secure and userfriendly so with that in mind how do you hope customers build off of your jupyter notebook you know Louis I wonder what type of unique user experiences customers will come up with when stdp discovers sensitive data within an LM application you don't necessarily need to block the response toact the sensitive data let's say the application was an IT assistant for employees of your organization and sdp discovers a response that had the office guest Wi-Fi password instead of redacting the password you could replace it with a link and instructions on how to register a device for the production Wi-Fi network and are there additional security measures you would recommend customers consider as they work towards building a secure AI application yeah definitely well this jupyter notebook addresses a specific risk for data and application security customers should approach AI development with a comprehensive framework Google has published the security AI framework that aims to help organizations manage AI security risk it's a great place to start great thanks Jim for building this and allowing others to benefit from it if you want to learn more about these features and try things out for yourself check out the links in the description to get started building your own input and output parser using sensitive data protection learn more best practices for securing AI deployments on Google cloud and learn about Google's secure AI framework [Music]

Original Description

Google’s Secure AI Framework (SAIF) → https://goo.gle/4cmX60X Best practices for securing AI deployments → https://goo.gle/3zrZRzE Build AI securely on Google Cloud (Full report) → https://goo.gle/3XBvy3P Large language models can speed up coding, operations tasks, pattern matching, and more for developer workflows. However, exposing sensitive data with these models is top of mind for organization decision-makers and developers alike. Watch along as Luis Urena, Developer Advocate at Google Cloud, discusses best practices for securing AI deployments, how to build an input and output parser using Sensitive Data Protection, and interviews Cloud Security Architect, Jim Miller, on his experience supporting Google Cloud customers deploy AI. Chapters: 0:00 - Intro 1:04 - Google’s commitment to AI security 2:26 - What is Sensitive Data Protection? 4:32 - Demo: Large Language Models in action 8:44 - Interview with Jim Miller 11:19 - Wrap up Build your own input and output parser using Sensitive Data Protection (Github)→ https://goo.gle/3VJgwHR Watch more Making with AI → https://goo.gle/MakewithAI Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech #MakingwithAI #GoogleCloud Speakers: Luis Urena, Jim Miller Products Mentioned: Cloud - AI and Machine Learning - Vertex AI
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Google Cloud Tech · Google Cloud Tech · 0 of 60

← Previous Next →
1 I’m going for it #GoogleCloudCertified
I’m going for it #GoogleCloudCertified
Google Cloud Tech
2 I had to get #GoogleCloudCertified
I had to get #GoogleCloudCertified
Google Cloud Tech
3 Be better overall at what you do #GoogleCloudCertified
Be better overall at what you do #GoogleCloudCertified
Google Cloud Tech
4 Cloud Monitoring on our radar #Analysis #Uptime
Cloud Monitoring on our radar #Analysis #Uptime
Google Cloud Tech
5 Introduction to Generative AI Studio
Introduction to Generative AI Studio
Google Cloud Tech
6 How to use Github Actions with Google's Workload Identity Federation
How to use Github Actions with Google's Workload Identity Federation
Google Cloud Tech
7 Introduction to Responsible AI
Introduction to Responsible AI
Google Cloud Tech
8 Networking updates and CDMC-certified architecture
Networking updates and CDMC-certified architecture
Google Cloud Tech
9 Create and use a Cloud Storage bucket
Create and use a Cloud Storage bucket
Google Cloud Tech
10 How to digitize text from documents
How to digitize text from documents
Google Cloud Tech
11 Faster analytical queries with AlloyDB
Faster analytical queries with AlloyDB
Google Cloud Tech
12 Next ‘23 sessions and FaaS Wave
Next ‘23 sessions and FaaS Wave
Google Cloud Tech
13 Introduction to Assured Open Source Software
Introduction to Assured Open Source Software
Google Cloud Tech
14 BigQuery Cost Optimization: Storage
BigQuery Cost Optimization: Storage
Google Cloud Tech
15 BigQuery Cost Optimization: Compute
BigQuery Cost Optimization: Compute
Google Cloud Tech
16 BigQuery Cost Optimization: Select Queries
BigQuery Cost Optimization: Select Queries
Google Cloud Tech
17 Remote Field Equipment Management with Manufacturing Data Engine
Remote Field Equipment Management with Manufacturing Data Engine
Google Cloud Tech
18 Supercharging your applications with Cloud SQL Enterprise Plus
Supercharging your applications with Cloud SQL Enterprise Plus
Google Cloud Tech
19 Vector Support on our radar #GenAI
Vector Support on our radar #GenAI
Google Cloud Tech
20 Architecting a blockchain startup with Google Cloud
Architecting a blockchain startup with Google Cloud
Google Cloud Tech
21 Kubernetes and multitasking updates!
Kubernetes and multitasking updates!
Google Cloud Tech
22 GKE: Using Kubernetes Events
GKE: Using Kubernetes Events
Google Cloud Tech
23 How to configure firewall rules for Cloud Composer
How to configure firewall rules for Cloud Composer
Google Cloud Tech
24 Vertex AI Embeddings API + Matching Engine: Grounding LLMs made easy
Vertex AI Embeddings API + Matching Engine: Grounding LLMs made easy
Google Cloud Tech
25 Geospatial analytics on our radar #EarthEngine #BigQuery
Geospatial analytics on our radar #EarthEngine #BigQuery
Google Cloud Tech
26 Ensuring requests are set in Kubernetes
Ensuring requests are set in Kubernetes
Google Cloud Tech
27 Cloud Next 2023, Google research program, and more!
Cloud Next 2023, Google research program, and more!
Google Cloud Tech
28 How to migrate projects between organizations with Resource Manager
How to migrate projects between organizations with Resource Manager
Google Cloud Tech
29 How to run #MySQL in Google Cloud
How to run #MySQL in Google Cloud
Google Cloud Tech
30 #GenerativeAI for enterprises and #Next2023
#GenerativeAI for enterprises and #Next2023
Google Cloud Tech
31 How Google Photos scales to store 4 trillion photos and videos
How Google Photos scales to store 4 trillion photos and videos
Google Cloud Tech
32 Google Cross-Cloud Interconnect (Demo 2)
Google Cross-Cloud Interconnect (Demo 2)
Google Cloud Tech
33 GKE Cost Optimization Golden Signals: Introduction
GKE Cost Optimization Golden Signals: Introduction
Google Cloud Tech
34 GKE Cost Optimization Golden Signals: Workload Rightsizing
GKE Cost Optimization Golden Signals: Workload Rightsizing
Google Cloud Tech
35 GKE Load Balancing: Overview
GKE Load Balancing: Overview
Google Cloud Tech
36 GKE Load Balancing: Best Practices
GKE Load Balancing: Best Practices
Google Cloud Tech
37 Disaster Recovery in GKE
Disaster Recovery in GKE
Google Cloud Tech
38 How to configure IP masquerade agent in GKE Standard clusters
How to configure IP masquerade agent in GKE Standard clusters
Google Cloud Tech
39 Enable and use GKE Control plane logs
Enable and use GKE Control plane logs
Google Cloud Tech
40 Compliance in Australia with Assured Workloads
Compliance in Australia with Assured Workloads
Google Cloud Tech
41 Creating budgets and budget alerts in Google Cloud #FinOps
Creating budgets and budget alerts in Google Cloud #FinOps
Google Cloud Tech
42 Cloud SQL Enterprise Plus on our radar #mySQL
Cloud SQL Enterprise Plus on our radar #mySQL
Google Cloud Tech
43 What's Next for Google Cloud?
What's Next for Google Cloud?
Google Cloud Tech
44 How Loveholidays scaled with Contact Center AI
How Loveholidays scaled with Contact Center AI
Google Cloud Tech
45 What is fleet team management in GKE?
What is fleet team management in GKE?
Google Cloud Tech
46 Troubleshoot VPC Network Peering
Troubleshoot VPC Network Peering
Google Cloud Tech
47 Introduction to DocAI and Contact Center AI
Introduction to DocAI and Contact Center AI
Google Cloud Tech
48 Cloud Run Direct VPC egress explained
Cloud Run Direct VPC egress explained
Google Cloud Tech
49 Database deployment options in GKE
Database deployment options in GKE
Google Cloud Tech
50 Analyze cloud billing data with #BigQuery
Analyze cloud billing data with #BigQuery
Google Cloud Tech
51 Tips to becoming a world-class Prompt Engineer
Tips to becoming a world-class Prompt Engineer
Google Cloud Tech
52 Serverless is simple. Do I need CI/CD?
Serverless is simple. Do I need CI/CD?
Google Cloud Tech
53 Accelerating model deployment with MLOps
Accelerating model deployment with MLOps
Google Cloud Tech
54 How Hawaii's Department of Human Services scaled with CCAI
How Hawaii's Department of Human Services scaled with CCAI
Google Cloud Tech
55 Pricing API on our #Radar
Pricing API on our #Radar
Google Cloud Tech
56 How Recommendations AI for Media can boost customer retention
How Recommendations AI for Media can boost customer retention
Google Cloud Tech
57 Troubleshooting: Node Not Ready Status
Troubleshooting: Node Not Ready Status
Google Cloud Tech
58 One weekend until Cloud Next 2023!
One weekend until Cloud Next 2023!
Google Cloud Tech
59 #GoogleCloudNext starts tomorrow!
#GoogleCloudNext starts tomorrow!
Google Cloud Tech
60 #GoogleCloudNext will be demand!
#GoogleCloudNext will be demand!
Google Cloud Tech

Related Reads

📰
I Taught an AI to Recognize the Shadows of Four-Dimensional Objects
Learn how a neural network was trained to recognize the shadows of four-dimensional objects, expanding our understanding of higher-dimensional geometry
Medium · Data Science
📰
Changes to LLM pricing: Novita, OpenInference and StreamLake
Learn about recent changes to LLM pricing for Novita, OpenInference, and StreamLake, and how to apply this knowledge to inform your AI strategy
Dev.to AI
📰
ChatGPT in 2026: Why It’s Still the Most Searched AI Tool on Google (And How to Master It)
Master ChatGPT in 2026 by understanding its top use cases, pro tips, and SEO impact to stay ahead in AI search trends
Medium · ChatGPT
📰
A Tiny LLM Request Recorder I Use to Reproduce Production Failures
Learn to build a tiny LLM request recorder to reproduce production failures and improve model reliability
Dev.to AI

Chapters (6)

Intro
1:04 Google’s commitment to AI security
2:26 What is Sensitive Data Protection?
4:32 Demo: Large Language Models in action
8:44 Interview with Jim Miller
11:19 Wrap up
Up next
5 Levels of AI Agents - From Simple LLM Calls to Multi-Agent Systems
Dave Ebbelaar (LLM Eng)
Watch →