Apidays Paris 2023 - Cloud APIs, ChatGPT 4-Turbo, and Attack Path Visualization, Doug Dooley, Data Theorem
0 likes26 views
The document discusses the evolving landscape of API security in the context of AI advancements, particularly highlighting the use of ChatGPT 4-turbo for external API interactions. It emphasizes the need for improved security measures, such as attack path visualization, to protect enterprise APIs from vulnerabilities. The acceleration of generative AI technologies is expected to significantly increase API data consumption and necessitate the evolution of security and data discovery practices.
![Playground has changed…
Sam Altman - Nov 7, 2023 at DevDay, OpenAPI’s first conf
“Assistants API will make everything easier.”
“[API] retrieval… and
using your own
functions” makes
better Assistants
Ramon Huet, OpenAI’s head of developer experience](https://image.slidesharecdn.com/apidaysparis2023dougdooleycloudapischatgpt4turboandattackpathvisualization-231218131815-f38c159a/85/Apidays-Paris-2023-Cloud-APIs-ChatGPT-4-Turbo-and-Attack-Path-Visualization-Doug-Dooley-Data-Theorem-3-320.jpg)
![AI concepts Generative AI (GenAI)
Foundation
Models
LLM (Large
Language
Models)
ChatGPT
(AI app)
AGI
(Artificial General Intelligence)
Today
Not yet… [process more data]](https://image.slidesharecdn.com/apidaysparis2023dougdooleycloudapischatgpt4turboandattackpathvisualization-231218131815-f38c159a/85/Apidays-Paris-2023-Cloud-APIs-ChatGPT-4-Turbo-and-Attack-Path-Visualization-Doug-Dooley-Data-Theorem-11-320.jpg)
![“[Not-for-profit Open AI that I named and help start] should be
renamed Super Closed Source for Maximum Profit AI.”
AGI defined as "smarter than the smartest human at anything…
less than three years away.” said on Nov 23, 2023
How far is AGI from reality?](https://image.slidesharecdn.com/apidaysparis2023dougdooleycloudapischatgpt4turboandattackpathvisualization-231218131815-f38c159a/85/Apidays-Paris-2023-Cloud-APIs-ChatGPT-4-Turbo-and-Attack-Path-Visualization-Doug-Dooley-Data-Theorem-12-320.jpg)
Apidays Paris 2023 - Cloud APIs, ChatGPT 4-Turbo, and Attack Path Visualization, Doug Dooley, Data Theorem
- 1. Cloud External APIs with ChatGPT 4-Turbo and Attack Path Visualization AI Innovations bring new attacks to Enterprise APIs
- 2. Agenda • Playground has changed for APIs… • AI innovation makes it easier to find new data insights • Barriers (costs) are dropping for API experimentation • Data is AI fuel. APIs are the new charging stations. • GenAI proliferation accelerates 2024+ • API data consumption will explode alongside AI assistants • API Security & App, Data, SCS Discovery must evolve. • Context becomes necessary for API and data safety • “Attack Path Visualization” helps with security & privacy
- 3. Playground has changed… Sam Altman - Nov 7, 2023 at DevDay, OpenAPI’s first conf “Assistants API will make everything easier.” “[API] retrieval… and using your own functions” makes better Assistants Ramon Huet, OpenAI’s head of developer experience
- 4. ChatGPT 3.0 or earlier = no external APIs (Nov 2022) gpt-3.0
- 5. Enterprise API Security & Data Classification API target: https://retoolapi.dev/rv0soy/sensitivedata API key: sensitivetH16uqkjUPiTX9T6y8S1E0d8myj39f2j1co0w0EzdKF3RfYmtIymyKJ Data Theorem (API Secure) Teleskope.ai (Cloud Data Security Platform) Other Security Tools
- 6. OpenAI: Nov 7 (Functions & Retrieval)
- 7. gpt-4.0-turbo After analyzing the provided API response, I found a total of 42 instances of PII. These instances include credit card numbers, social security numbers, and zip codes. If you have any further questions or need assistance with anything else, please let me know. API Key, OAuth 2.0, Azure AD ChatGPT 4.0 Turbo = yes to External APIs (Nov 2023)
- 8. Cost = $0.25-$0.35 2-3X lower cost with Chat GPT-4
- 9. Data is AI fuel. APIs are the charging stations. Elon Musk - Nov 23,2023 at NYT DealBook summit “Data is probably more valuable than gold.”
- 10. Growth of OpenAI
- 11. AI concepts Generative AI (GenAI) Foundation Models LLM (Large Language Models) ChatGPT (AI app) AGI (Artificial General Intelligence) Today Not yet… [process more data]
- 12. “[Not-for-profit Open AI that I named and help start] should be renamed Super Closed Source for Maximum Profit AI.” AGI defined as "smarter than the smartest human at anything… less than three years away.” said on Nov 23, 2023 How far is AGI from reality?
- 13. API security and data discovery must evolve. Satya Nadella, Microsoft - Nov 2023 at Ignite 2023 “We are making the age of AI real for people and businesses everywhere.”
- 16. Defending Enterprise APIs and apps…
- 17. API exploits and vulnerabilities… so what?
- 18. Visualize the API connective tissue
- 19. Transparency can improve security VISUAL CONTEXT What? ● Vulnerabilities ● Priority Level ● Data Types Who? ● Owner ● IAM ● CIEM When? ● Last Changed ● Last accessed ● Alert Time How? ● Attack Path ● Public/Private ● Exploit Details MRI for APIs
- 20. Attack Path Visualization MRI for APIs
- 21. Highlight: API Security Leaders #1 Pure Play #3 Overall
- 22. Comprehensive analyst report on the broadening landscape of API Security & Management New Research: API Security & Mgmt Alexei Balaganski, Analyst
- 23. Come see us - Booth #5