Data security with AI powered agents
Key Takeaways
Secures AI deployments using Google's Secure AI Framework and AI powered agents
Full Transcript
I a security engineer on the product security team at my company my company wants to develop and release a new application built on vertex AI that leverages an AI powered agent to answer customer questions I'm fully on board the large language model wagon but I'm also scared what if it exposes sensitive data generative AI models can speed up my coding my operations tasks and my pattern matching but I want to make sure I can build my application without putting my data at risk I'm fully aware that vertex AI is built securely and is backed by Google Cloud's secure highly available infastructure I just like a little additional layer of the fence luckily Google published a jupyter notebook that helps protect my data by preventing AI applications from exposing my company's sensitive data to the end user so join me as I explain how Google approaches protecting generative AI applications [Music] Google is serious about protecting generative Ai and they approach securing AI applications from three perspectives secure the model secure the application and secure the infrastructure today we're going to focus on ways to secure your AI applications by applying sensitive data protection across the data pipeline so you can make sure your output is safe and clean we've seen many models ingest and handle sensitive personal information so in this video we'll see how we can prevent an AI agent from exposing sensitive data while retaining its usefulness in this case let's start with a customer service AI agent built on vertex AI the agent will be able to access account information but is also exposed to a wide and unpredictable audience it needs to understand their request but should never share sensitive data with them we could craft a messy set of regular Expressions to handle this but there's a more secure automated way to take care of our filtering so the AI agent is useful but doesn't expose our sensitive data let's walk through how to set up sensitive data protection on the data or model processes so you can prevent pii from being compromised our sensitive data Protection Service which includes our data loss prevention or DP API provides a suite of detection and transformation options to help you address these challenges organizations can use sensitive data protection to add additional layers of data protection throughout the life cycle of a model from Discovery tuning augmenting and maintenance sensitive data protection includes more than 150 built-in information types or infotypes types to help quickly identify sensitive data elements like names personal identifiers financial data medical context or demographic data you can identify these elements to choose which records to remove from pipelines or leverage inline transformation to obscure only the sensitive elements while retaining the surrounding context you can choose what kind of data transformation methods best suit your needs from simple redaction to randomize replacement to format preserving encryption sometimes a simple replacement is not enough but with random replacement you can produce an output that looks much like the input sample but has randomized values in place of the identified sensitive elements this enables you to reduce risk while preserving the utility of your data inline transformation can be used when tuning data for AI models and can protect AI generated responses in real time this becomes important since generative AI models take unstructured prompts from users some of these prompts may attempt to manipulate the model into sharing unintended information and lead the model to generate new possibly unseen responses you can protect against this by scanning the input prompt and generated response to ensure that sensitive data elements are identified or removed [Music] we've tuned the large language model or llm with data that may be inadvertently exposed via a generative AI application we want to ensure that an attacker will be completely unable to extract sensitive information from the large Corpus of data used to tune the model let's see how sensitive data protection can help protect that data to start we've developed some code that Imports the vertex Ai and sdp apis we defined a d identification configuration that replaces the data it finds with the infotype category sensitive data protection uses information types or infotypes to Define what it SCS for an infotype is a type of sensitive data such as a name email address telephone number identification number credit card number and others and every time the vertex AI API receives a prompt or generates a response sdp will check that data to find and potentially de identify sensitive information to test our implementation we decided to test different threat categories and compare the model's original response to the filter response altered by sdp let's see how well it handles emails we prompted the model to generate Homer Simpsons email it generated the wrong email but thankfully we can see that cloud sdp identified the email and replaced it with the email address infotype and likewise we can repeat this process for data that's even more sensitive and critical to people's lives National identification numbers in this example we've prompted the model to share examples of names and US Social Security numbers our data set is unlikely to contain this information but we want to be extra careful and add some levels of protection better yet we can see that cloud sdp helps redact multiple types of national identification numbers shufa IDs used to indicate personal credit worthiness in Germany can be sensitive data and luckily sdp is helping us protect them now let's see if we can find and redact credit card numbers after all our data set could include real credit card numbers and we don't want to expose them once again we can see that the model responds helpfully and generates an example of a credit card number however sdp Saves the Day by ensuring that the number is not visible this could very well have been a real credit card number and like a truly helpful agent this model tries to generate a helpful response when prompt proed to generate source code nevertheless we don't want end users or developers to use our agent to generate code we don't know the license terms for that code and the code may be insecure or Worse malicious speaking of licenses what if a curious user wants to use the agent for help in drafting legal documents let's say the user wants to patent her cool new invention but needs some help in understanding the patent process and and of course our helpful agent is happy to oblige and help the user understand the patenting process there isn't any sensitive information provided so sdp doesn't need to block this response the user needs an example and request an example of a patent from the agent this response is blocked we don't want the agent producing an existing or hypothetical patent in this case it might be best for our user to consult a patent attorney now that we've explored how we can use sensitive data protection to filter our llm responses let's chat with Jim Miller a Google Cloud security architect who created this Jupiter [Music] notebook so Jim what challenges did you see your customers experiencing that led you to build this Jupiter notebook well customers were asking what happens when they use their own data to tune a foundational model what dat data leakage risk exist for generative AI applications sensitive data protection is a Cornerstone of robust data security strategy so naturally The Next Step was applying it to LM responses and what were some of the decisions customers should think about when deciding to use sensitive data protection to filter their llm responses When developing gen applications customers should think about striking a balance between creating Innovative and engaging user experiences and protecting against sensitive data exposure to do that I'd recommend thinking about how to calibrate a few variables first scope your inspection set to a set of info types that make sense for your organization and application sdp comes with 150 predefined info types that are great but if you have something specific to your organization like a secret project name or a funky customer ID think about creating a custom info type too now the next piece would to calibrate an appropriate risk tolerance for your organization by defining the sdp sensitivity level this will allow developers and security teams to tailor the control to ensure the application remains both secure and userfriendly so with that in mind how do you hope customers build off of your jupyter notebook you know Louis I wonder what type of unique user experiences customers will come up with when stdp discovers sensitive data within an LM application you don't necessarily need to block the response toact the sensitive data let's say the application was an IT assistant for employees of your organization and sdp discovers a response that had the office guest Wi-Fi password instead of redacting the password you could replace it with a link and instructions on how to register a device for the production Wi-Fi network and are there additional security measures you would recommend customers consider as they work towards building a secure AI application yeah definitely well this jupyter notebook addresses a specific risk for data and application security customers should approach AI development with a comprehensive framework Google has published the security AI framework that aims to help organizations manage AI security risk it's a great place to start great thanks Jim for building this and allowing others to benefit from it if you want to learn more about these features and try things out for yourself check out the links in the description to get started building your own input and output parser using sensitive data protection learn more best practices for securing AI deployments on Google cloud and learn about Google's secure AI framework [Music]
Original Description
Google’s Secure AI Framework (SAIF) → https://goo.gle/4cmX60X
Best practices for securing AI deployments → https://goo.gle/3zrZRzE
Build AI securely on Google Cloud (Full report) → https://goo.gle/3XBvy3P
Large language models can speed up coding, operations tasks, pattern matching, and more for developer workflows. However, exposing sensitive data with these models is top of mind for organization decision-makers and developers alike. Watch along as Luis Urena, Developer Advocate at Google Cloud, discusses best practices for securing AI deployments, how to build an input and output parser using Sensitive Data Protection, and interviews Cloud Security Architect, Jim Miller, on his experience supporting Google Cloud customers deploy AI.
Chapters:
0:00 - Intro
1:04 - Google’s commitment to AI security
2:26 - What is Sensitive Data Protection?
4:32 - Demo: Large Language Models in action
8:44 - Interview with Jim Miller
11:19 - Wrap up
Build your own input and output parser using Sensitive Data Protection (Github)→ https://goo.gle/3VJgwHR
Watch more Making with AI → https://goo.gle/MakewithAI
Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech
#MakingwithAI #GoogleCloud
Speakers: Luis Urena, Jim Miller
Products Mentioned: Cloud - AI and Machine Learning - Vertex AI
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from Google Cloud Tech · Google Cloud Tech · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
I’m going for it #GoogleCloudCertified
Google Cloud Tech
I had to get #GoogleCloudCertified
Google Cloud Tech
Be better overall at what you do #GoogleCloudCertified
Google Cloud Tech
Cloud Monitoring on our radar #Analysis #Uptime
Google Cloud Tech
Introduction to Generative AI Studio
Google Cloud Tech
How to use Github Actions with Google's Workload Identity Federation
Google Cloud Tech
Introduction to Responsible AI
Google Cloud Tech
Networking updates and CDMC-certified architecture
Google Cloud Tech
Create and use a Cloud Storage bucket
Google Cloud Tech
How to digitize text from documents
Google Cloud Tech
Faster analytical queries with AlloyDB
Google Cloud Tech
Next ‘23 sessions and FaaS Wave
Google Cloud Tech
Introduction to Assured Open Source Software
Google Cloud Tech
BigQuery Cost Optimization: Storage
Google Cloud Tech
BigQuery Cost Optimization: Compute
Google Cloud Tech
BigQuery Cost Optimization: Select Queries
Google Cloud Tech
Remote Field Equipment Management with Manufacturing Data Engine
Google Cloud Tech
Supercharging your applications with Cloud SQL Enterprise Plus
Google Cloud Tech
Vector Support on our radar #GenAI
Google Cloud Tech
Architecting a blockchain startup with Google Cloud
Google Cloud Tech
Kubernetes and multitasking updates!
Google Cloud Tech
GKE: Using Kubernetes Events
Google Cloud Tech
How to configure firewall rules for Cloud Composer
Google Cloud Tech
Vertex AI Embeddings API + Matching Engine: Grounding LLMs made easy
Google Cloud Tech
Geospatial analytics on our radar #EarthEngine #BigQuery
Google Cloud Tech
Ensuring requests are set in Kubernetes
Google Cloud Tech
Cloud Next 2023, Google research program, and more!
Google Cloud Tech
How to migrate projects between organizations with Resource Manager
Google Cloud Tech
How to run #MySQL in Google Cloud
Google Cloud Tech
#GenerativeAI for enterprises and #Next2023
Google Cloud Tech
How Google Photos scales to store 4 trillion photos and videos
Google Cloud Tech
Google Cross-Cloud Interconnect (Demo 2)
Google Cloud Tech
GKE Cost Optimization Golden Signals: Introduction
Google Cloud Tech
GKE Cost Optimization Golden Signals: Workload Rightsizing
Google Cloud Tech
GKE Load Balancing: Overview
Google Cloud Tech
GKE Load Balancing: Best Practices
Google Cloud Tech
Disaster Recovery in GKE
Google Cloud Tech
How to configure IP masquerade agent in GKE Standard clusters
Google Cloud Tech
Enable and use GKE Control plane logs
Google Cloud Tech
Compliance in Australia with Assured Workloads
Google Cloud Tech
Creating budgets and budget alerts in Google Cloud #FinOps
Google Cloud Tech
Cloud SQL Enterprise Plus on our radar #mySQL
Google Cloud Tech
What's Next for Google Cloud?
Google Cloud Tech
How Loveholidays scaled with Contact Center AI
Google Cloud Tech
What is fleet team management in GKE?
Google Cloud Tech
Troubleshoot VPC Network Peering
Google Cloud Tech
Introduction to DocAI and Contact Center AI
Google Cloud Tech
Cloud Run Direct VPC egress explained
Google Cloud Tech
Database deployment options in GKE
Google Cloud Tech
Analyze cloud billing data with #BigQuery
Google Cloud Tech
Tips to becoming a world-class Prompt Engineer
Google Cloud Tech
Serverless is simple. Do I need CI/CD?
Google Cloud Tech
Accelerating model deployment with MLOps
Google Cloud Tech
How Hawaii's Department of Human Services scaled with CCAI
Google Cloud Tech
Pricing API on our #Radar
Google Cloud Tech
How Recommendations AI for Media can boost customer retention
Google Cloud Tech
Troubleshooting: Node Not Ready Status
Google Cloud Tech
One weekend until Cloud Next 2023!
Google Cloud Tech
#GoogleCloudNext starts tomorrow!
Google Cloud Tech
#GoogleCloudNext will be demand!
Google Cloud Tech
More on: AI Security
View skill →Related Reads
📰
📰
📰
📰
I Taught an AI to Recognize the Shadows of Four-Dimensional Objects
Medium · Data Science
Changes to LLM pricing: Novita, OpenInference and StreamLake
Dev.to AI
ChatGPT in 2026: Why It’s Still the Most Searched AI Tool on Google (And How to Master It)
Medium · ChatGPT
A Tiny LLM Request Recorder I Use to Reproduce Production Failures
Dev.to AI
Chapters (6)
Intro
1:04
Google’s commitment to AI security
2:26
What is Sensitive Data Protection?
4:32
Demo: Large Language Models in action
8:44
Interview with Jim Miller
11:19
Wrap up
🎓
Tutor Explanation
DeepCamp AI