Officials from the Department of Energy (DoE) and cloud security provider Zscaler said that having a secure zero trust architecture (ZTA) in place can help agencies be prepared for cyber threats related to generative AI.
Zach Benz, senior manager for cyber operations and deputy CISO at DoE’s Sandia National Laboratories, said during the Zscaler Public Sector Summit on April 4 that his team is taking a proactive approach to generative AI because “our adversaries are not going to wait.”
Benz said he is leveraging a “lean in, proactive approach” to generative AI.
“There are of course many risks, specific risks, that have to do with a threat actor being able to make use of generative AI or these other tools to improve their phishing, to spoof voice, to spoof appearance, and all these types of things,” Benz said. “That really speaks to the primary risk here, at the high level, is that our adversaries are not going to wait to use all these tools, they are already using them so we can’t wait ourselves.”
Deepen Desai, the CISO at Zscaler, highlighted that AI will play an important role in agencies’ zero trust journeys.
“There’s so much unknown unknowns that we all CISOs will have to worry about, but that’s where having that fundamental zero trust architecture implementation will help you be in a better state to defend against the newer things that the threat actors will start using on the generative AI side,” Desai said.
“I see generative AI and the whole combination of generative and predictive models playing a very important role in helping organizations fast track their zero trust transformation journey,” the CISO said.
“Zero trust architecture, enabled by generative AI, will also allow you to secure your internal adoption of generative AI applications. This is going to be very, very important,” he continued, adding, “Adversaries are already targeting those private LLMs because that’s where it’s a crown jewel, that’s where all your sensitive data resides, depending on the application that you’re building. So very, very important to move it behind something like ZTA, keep it away from VPN, and have zero trust enabled security protecting your crown jewel LLM environment.”