23 subscribers
התחל במצב לא מקוון עם האפליקציה Player FM !
פודקאסטים ששווה להאזין
בחסות


1 72: If You Want to Grow—Stop Fixing the Wrong Problem 16:32
API Security: Indirect Prompt Injection Threats and the Rise of AI-Driven Exploits
Manage episode 484494873 series 2555839
API security has evolved from being primarily an infrastructure issue to a complex challenge centered around language and design flaws. Jeremy Snyder, CEO of Firetail, discusses the findings from their latest state of API security report, emphasizing the alarming rise of indirect prompt injection as a significant threat in AI-integrated systems. As APIs underpin much of modern application architecture, understanding how they function and the potential vulnerabilities they present is crucial for organizations aiming to protect themselves from increasingly sophisticated attacks.
Snyder highlights the shared responsibility model in API security, where both developers and security teams must collaborate to ensure robust protection. While infrastructure teams manage the basic security measures, developers are responsible for the design and logic of the APIs they create. This evolving understanding of security responsibilities is essential as threat actors become more adept at exploiting API vulnerabilities, particularly through authorization failures, which continue to be a leading cause of breaches.
The conversation also delves into the distinction between authentication and authorization, illustrating how both are critical to API security. Authentication verifies a user's identity, while authorization determines what actions that user can perform. Snyder emphasizes that many organizations still struggle with authorization issues, which can lead to significant security risks if not properly managed. The report reveals that the time to resolve security incidents remains alarmingly high, while the time for attackers to exploit vulnerabilities has drastically decreased, raising concerns about the effectiveness of current security measures.
As AI technologies become more integrated into applications, the potential for indirect prompt injection attacks increases, necessitating a reevaluation of security practices. Snyder advises organizations to focus on secure design principles and maintain visibility over AI usage within their systems. By implementing governance frameworks and monitoring tools, organizations can better manage the risks associated with shadow AI and ensure that their API security measures are both effective and comprehensive.
All our Sponsors: https://businessof.tech/sponsors/
Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/
Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/
Support the show on Patreon: https://patreon.com/mspradio/
Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech
Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com
Follow us on:
LinkedIn: https://www.linkedin.com/company/28908079/
YouTube: https://youtube.com/mspradio/
Facebook: https://www.facebook.com/mspradionews/
Instagram: https://www.instagram.com/mspradio/
1707 פרקים
Manage episode 484494873 series 2555839
API security has evolved from being primarily an infrastructure issue to a complex challenge centered around language and design flaws. Jeremy Snyder, CEO of Firetail, discusses the findings from their latest state of API security report, emphasizing the alarming rise of indirect prompt injection as a significant threat in AI-integrated systems. As APIs underpin much of modern application architecture, understanding how they function and the potential vulnerabilities they present is crucial for organizations aiming to protect themselves from increasingly sophisticated attacks.
Snyder highlights the shared responsibility model in API security, where both developers and security teams must collaborate to ensure robust protection. While infrastructure teams manage the basic security measures, developers are responsible for the design and logic of the APIs they create. This evolving understanding of security responsibilities is essential as threat actors become more adept at exploiting API vulnerabilities, particularly through authorization failures, which continue to be a leading cause of breaches.
The conversation also delves into the distinction between authentication and authorization, illustrating how both are critical to API security. Authentication verifies a user's identity, while authorization determines what actions that user can perform. Snyder emphasizes that many organizations still struggle with authorization issues, which can lead to significant security risks if not properly managed. The report reveals that the time to resolve security incidents remains alarmingly high, while the time for attackers to exploit vulnerabilities has drastically decreased, raising concerns about the effectiveness of current security measures.
As AI technologies become more integrated into applications, the potential for indirect prompt injection attacks increases, necessitating a reevaluation of security practices. Snyder advises organizations to focus on secure design principles and maintain visibility over AI usage within their systems. By implementing governance frameworks and monitoring tools, organizations can better manage the risks associated with shadow AI and ensure that their API security measures are both effective and comprehensive.
All our Sponsors: https://businessof.tech/sponsors/
Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/
Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/
Support the show on Patreon: https://patreon.com/mspradio/
Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech
Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com
Follow us on:
LinkedIn: https://www.linkedin.com/company/28908079/
YouTube: https://youtube.com/mspradio/
Facebook: https://www.facebook.com/mspradionews/
Instagram: https://www.instagram.com/mspradio/
1707 פרקים
כל הפרקים
×
1 The Future of Legal Tech: Jonathan Rhyne on AI's Role in Document Workflow and Accountability 22:59

1 The Future of AI in Document Intelligence: Balancing Automation and Human Accountability with Ryan Morris 43:57

1 AI Job Demand Soars 985%, Trust Issues Emerge, VMware Faces Security Patch Crisis 16:28

1 AI Oversight Eases as Trump Pushes Exports; 400+ Breaches from SharePoint Zero Day Attack 12:27

1 OpenAI's Usage Surge, Kindrel's AI Framework, and the Comeback of Dedicated Servers 16:35

1 Half of MSPs Prepare for Ransomware, SaaS Security Gaps, and Open AI Servers Found 12:06

1 Microsoft SharePoint Flaw Exposes Thousands; Fortune 100 Firms Push FullReturn to Office 13:44

1 From Data to AI: How ProArch Transforms Industries with Smart Start and Microsoft Solutions with Santosh Kaveti 20:16

1 From Legacy to Cloud: How MSPs Can Leverage Intune for Effective Endpoint Management with Hugo Salazar and Rolando Jimenez 51:29

1 Delta's AI Pricing Sparks Trust Issues, OpenAI's ChatGPT Agent Goes Autonomous, Intel Cuts Jobs 14:59

1 Microsoft Cuts 9,000 Jobs, Boosts AI Partner Incentives; OpenAI Expands Multi-Cloud E-Commerce Tools 15:36

1 Windows 10 Cutoff and VMware Licensing Chaos: MSPs Must Navigate New Cybersecurity Demands 15:46

1 AI Breakthroughs: 92% Health Accuracy, Nonprofit Literacy Tools, and Coding Tool Challenges 18:14

1 Critical Vulnerabilities in Kaseya and McDonald's Chatbot Highlight MSP Security Risks 12:26

1 Rethinking Cybersecurity: Why Traditional MFA Fails and the Future of Phishing-Resistant Solutions with Bob Burke 21:11

1 AI as the New Operating System: Transforming SMBs, Security Risks, and Unified Experience Platforms with Anurag Agrawal 44:19

1 Political Hack at Columbia University, Malware Surge, and Microsoft Authenticator's New Direction 13:48

1 AI Adoption Grows but Burnout and Governance Gaps Widen; Major Tech Updates Announced 16:22

1 MSPs Under Pressure: Navigating AI Impersonation, Phishing Exploits, and Ransomware Fallout 16:12

1 Small Businesses Seek AI Efficiency Amid Digital Gaps; New Regulations Impact Data Privacy 16:42

1 Ingram Micro Cyber Attack, Windows 11 Market Growth, and Cloudflare's AI Scraper Blockade 17:30

1 Building Trust in MSP Cyber Insurance: Edouard von Herberstein Discusses Spectra's Impact 25:26

1 Unlocking Value: Effective Pricing Governance and Models for SaaS and MSPs with Dan Balcauski 25:02

1 Unlocking SEO Success: How AI and Data Science Transform Organic Growth Strategies with Andreas Voniatis 21:14

1 Cybersecurity Overhaul: AI, Ransomware, and 400M Fewer Windows PCs Challenge SMBs in 2025 18:48

1 AI-Powered Productivity Disruption: Microsoft, OpenAI, and Legal Challenges in Copyright Training 14:56

1 Malware in ConnectWise, Telecom Hacks, and MSPs' False Confidence in Cybersecurity 14:43

1 AI to Drive 50% of Business Decisions by 2027; SMBs Struggle with Skills and Adoption 14:46

1 CEO Confidence Plummets as Small Businesses Thrive; Data Blind Spots Challenge Strategic Planning 19:06

1 Unlocking AI for SMBs: Data Readiness, Cybersecurity, and Community-Driven Investments with Hunter Jensen and Barbara Paluszkiewicz 37:42
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.