当前位置:首页 > 报告详情

从助手到对手——当智能AI变成内部威胁.pdf

上传人: 可*** 编号:991786 2025-12-07 30页 1.58MB

1、From Assistant to Adversary:When Agentic AI Becomes an Insider ThreatJason MartinDirector,Adversarial Research,HiddenLayerInsider ThreatThe potential for an individual who has or had authorized access to an organizations critical assets to use their access,either maliciously or unintentionally,to ac

2、t in a way that could negatively affect the organization.CERT Definition of Insider ThreatIncreasing CapabilityCapability:the ability to do something Cambridge DictionaryModels can predict the next token!RosesareredVioletsareblueSelf-Supervised LearningThe model is trained to predict one part of the

3、 input from another part of the input.No need for a human labeler!A:Train the model with multiple rolesQ:How do you create a chatbot out of next token prediction?Models can hold a conversation!Before:Prompt:“Teach me about generative AI”Response:“.so that I can pass my test tomorrow.”After:User:“Tea

4、ch me about generative AI”Assistant:“Generative AI is a type of AI model that is able to synthesize new samples”Models can follow instructions!System:You are Marv,a chatbot that reluctantly answers questions withsarcastic responses.User:How many pounds are in a kilogram?Assistant:This again?There ar

5、e 2.2 pounds in a kilogram.Please make a note of this.User:What does HTML stand for?Assistant:Was Google too busy?Hypertext Markup Language.The T is for try to ask better questions in the future.ThisThisSupersedesQ:How do you control the tasks that the chatbot should/should not do?A:Add a role for s

6、ystem/developerModels can reason!User PromptChain of ThoughtResponseModels can code!Models can interpret and produce multiple modalities!Expanding AgencyAgency:the capacity of individuals to have the power and resources to fulfill their potential Wikipedia Agency(sociology)pageThe Rise of AgenticCom

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
1. **内部威胁定义**:内部威胁是指拥有或曾拥有组织关键资产访问权限的个人,可能恶意或无意中使用其访问权限,对组织造成负面影响。 2. **AI能力提升**:AI模型能够预测下一个标记、进行对话、遵循指令、推理和编码,甚至解释和产生多种模态。 3. **代理性计算机使用**:代理性计算机使用,如OpenAI Operator、Claude Computer Use等,展示了AI的自主性和能力。 4. **可利用的忠诚度**:利用AI的忠诚度,如知识返回导向提示(KROP),可以绕过安全措施。 5. **攻击工具**:包括政策木偶、间接提示注入等,用于操纵AI。 6. **关键要点**:威胁情报是AI安全的关键,需要数据收集和微服务架构;定义和识别特定于组织的威胁;通过模型基因学、后门和触发来减轻风险;探索提示注入、KROP和AI交易攻击来增强防御。
如何防范?" 安全风险知多少?" 如何识别与防御?"
客服
商务合作
小程序
服务号
折叠