TECH NEWS

Confidentiality is not security: Why the real AI runtime crisis Is the Authorization Gap

https://cdn.mos.cms.futurecdn.net/UjSNcAZ5SebctebKAMQNVF-2560-80.jpg

A comforting story is taking hold in enterprise cybersecurity circles: AI is broken at runtime because we haven't protected data while it's in use, and the answer is to wrap workloads in encrypted memory, hardware enclaves, and cryptographic attestation.

Get the confidentiality model right, the argument goes, and AI security will follow.

Confidentiality is necessary. It is not sufficient.

An AI workload running in a perfectly attested, fully encrypted enclave will, with complete fidelity, execute whatever instruction reaches it — including the instruction to exfiltrate a customer database, mutate a production config, or wire money to an attacker's account.

The enclave protects the bytes. It does not ask whether the action should happen.

That question — should this identity be permitted to take this action against this resource, in this context, right now? — is the question almost no one is answering at runtime.

That is the Authorization Gap,...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more

https://assets.bwbx.io/images/users/iqjWHBFdfxIU/iP5Ca8JA715s/v0/1200x800.jpg

Samsung Electronics rejects a labor union-accepted mediation proposal, raising the prospect of a workers' strike; a general work stoppage will proceed on May 21

Sponsor Posts Niantic Spatial: World models need real-world data — Scaniverse is the gateway to spatial services — self-serve and built for AI and robotics. Large-area 3D reconstruction from 360° cameras and precise localization, anywhere machines operate. Protecting your Cloud Applications Data — Backing up Office 365, Google Workspace, Dropbox & Salesforce data