Specifically, AI Defense is made up of four components: AI Access, AI Cloud Visibility, AI Model & Application Validation, and AI Runtime Protection.
AI Access offers visibility into who wants or has use of an AI application and then it controls access to protect and enforce data-loss prevention and mitigate potential threats.
The AI Cloud Visibility automatically uncovers AI assets comprising custom-built AI applications across your distributed environment, including unsanctioned AI workloads. This provides a single-pane-of-glass view of AI inventory, Cisco says.
AI Defense discovers all of the various models being used in a customer’s AI development, which is useful because there has already been a proliferation of AI tools and models, Gillis said. “Then we discover who is using what, and we let customers train their own models around their data so they don’t expose company sects etc. So they can make a local version of a model and at the time that model is being built, we’re able to validate it,” Gillis said.
Developers download models and data from public repositories, including Hugging Face and GitHub, inadvertently exposing organizations to considerable risks. AI Validation Model & Application Validation automatically scans open-source models, data, and files to block supply chain threats, such as malicious model files that can allow for arbitrary code execution in the environment. When a new model is entered into a registry, an assessment can be initiated using a simple API call, Cisco says.
AI Runtime inspects every input and automatically blocks malicious payloads before they can cause damage, according to Cisco. “Common attacks include prompt injection, prompt extraction, denial of service (DoS), and command execution. The component also stops sensitive data, such as Personally Identifiable Information (PII), from reaching customer models,” Cisco says.