Search
Mitigant Blog

Feature Release: Adversary Emulation Meets GenAI & More

We are excited to release powerful features to the Mitigant Security Platform: Attack Emulation for AWS GenAI services, Mitigant API, and support for AWS Organizations. These features empower organizations to use GenAI cloud services securely.
1.8.2024
Kennedy Torkura
5 Minutes
Feature Release: Adversary Emulation Meets GenAI & More
Table of Contents
Example H2
Example H3
Example H4
Example H5
Example H6
Contributors
Kennedy Torkura
Kennedy Torkura
Co-Founder & CTO
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Introduction

We are excited to announce the release of several features on the Mitigant Cloud-Native Security Platform. These new features enhance holistic cloud-native security, including GenAI workloads, improve integration capabilities, and support large enterprise cloud environments. The new features include Attack Emulation for AWS GenAI Services, Mitigant API, and support from AWS Organizations. The blog post describes these new features including advantages and use-cases.

Attack Emulation for AWS GenAI Services

With the increasing use of Generative AI (GenAI) for innovation, the security of cloud services offering GenAI capabilities is of utmost importance. Rather than reacting to attacks on cloud GenAI services, we provide our customers with proactive defenses. The Attack Emulation for AWS GenAI services feature is designed to support customers running GenAI workloads on AWS by enabling automatic adversary emulation for these services, such as SageMaker and Amazon Bedrock.

MITRE ATLAS & MITRE Cloud IaaS Matrix

Over thirteen attack actions and six scenarios are now available, implemented explicitly for Amazon Bedrock, AWS's premier GenAI service. Launched in April 2023, Amazon Bedrock has seen impressive adoption across various industries, highlighting the critical need for robust security measures. These attacks all align with the MITRE ATLAS and MITRE ATT&CK, this gives practitioners clearer insights into the impact, and possible remediation of these attacks. 

This feature empowers organizations to leverage adversary emulation to stay ahead of cloud attacks aimed at AWS GenAI services. This feature addresses several critical security aspects for GenAI cloud workloads, including Threat detection, Incident Response, and Security assurance. Let us examine these three aspects in the following sections.

Automated AI Red Teaming 

AI red teaming is a foundational aspect of GenAI security. Organizations adopting GenAI must have the means to quickly and continuously run red teaming exercises against LLMs and other components of GenAI infrastructure to ensure responses are delivered as expected. Recently, MITRE released a whitepaper calling for the institutionalizing of AI Red teaming due to its importance in keeping AI systems safe. Mitigant Attack Emulation for GenAI integrates into the AWS fabric, including GenAI services, allowing automation of AI red teaming. This feature extends the existing coverage of Mitigant Cloud Attack Emulation to include GenAI services, allowing for a holistic approach to cloud security. The new features includes attack emulation for several Amazon Bedrock's components including: Guardrails, Knowledge Bases, Data stores and Agents. In a recent blog post, we demonstrated how to automatically execute a data poisoning attack. This attack is included in the Mitigant Cloud Attack Emulation, organizations can easily run it to validate defenses against data poisoning attacks.

Attack Surface of an Amazon Bedrock Powered Restaurant Chat Bot

Threat Detection for GenAI Services

Threat detection for GenAI differs from traditional threat detection, and organizations need to understand these differences as a prerequisite for enabling efficient security for GenAI workloads.  Attackers are already lurking to gain access to GenAI workloads, including malicious access to models, data poisoning of training data, and intellectual theft. Therefore, organizations leveraging GenAI must ensure tht threat detection systems adapt to GenAI-specific requirements. The new Mitigant Attack Emulation for GenAI allows organizations to evaluate whether threat detection systems provide efficient coverage allowing for tangible decision-making. 

Incident Response for GenAI Services

Layered security architectures are imperative for securing GenAI workloads in the cloud.  Incident response plays a critical role in deploying a Defense-In-Depth architecture that empowers organizations to promptly respond to security incidents. Incident response cuts across people, processes, and technology; hence, a balanced approach is imperative. With this new feature, organizations can efficiently run incident response drills to validate incident response readiness for GenAI workloads. 

Security Assurance for GenAI Services

Like other cloud infrastructures, security assurance is essential to GenAI workloads. The efficiency of security measures adopted to secure GenAI workloads cannot be assumed to be sufficient or efficient. Organizations must validate the implemented security measures rather than hoping for efficient security. Common cloud security assurance areas include correct configuration management (e.g., AI-SPM) and compliance.

 

Mitigant Attack Emulation Showing Several Attack Action for Amazon Bedrock

Mitigant API: Extending the Platform's Capabilities

The release of the Mitigant API marks a significant step forward in extending the platform's capabilities. Modern security systems expose APIs, allowing customers to flexibly integrate with other security systems for further analysis and security optimization efforts. Therefore, the Mitigant API allows deeper integration of the composed products with enterprise security workflows, including integration with SIEM, detection engineering development lifecycle, SOC platforms, etc. 

Executing Attacks With The Mitigant API 

Adversary Emulation in the CI/CD Pipeline

We are particularly excited about how the Mitigant API empowers detection engineers to validate detection logic quickly in the development pipeline. The Mitigant API empowers the mplementation of adversary emulation as Detection-as-Code, an approach that is increasingly becoming the gold standard in detection engineering and SOC in general. Furthermore, integrating adversary emulation into the CI/CD offers further advantages,; including running purple/red teaming exercises, automating penetration/infrastructure testing, etc. Consultants and MSPs can also automate security and compliance testing for their clients. 

Integrating the Mitigant API with Detection-as-Code

There are several advantages to leveraging the Mitigant API, including:

Agility: Quickly adapt and respond to new threats by incorporating security testing into the development process.

Productivity: Streamline security practices, reducing the time and effort required to identify and mitigate security issues.

Repeatability: Ensure consistent and reliable security measures, including security testing and dynamic compliance checks, across all stages of development, from code to production.

Benefits of Leveraging the Mitigant API 

By integrating adversary emulation into the CI/CD pipeline, organizations can identify potential security gaps earlier, enhancing their overall security posture. Key benefits of the Mitigant API include:

  • Advanced Integration: Seamlessly integrate Mitigant with existing security tools and workflows, enhancing detection and response capabilities.
  • Automated Adversary Emulation: Move adversary emulation to the left, identifying potential security gaps earlier in the development lifecycle. 
  • Automated Penetration Testing: Run dynamic tests on your cloud infrastructure, simulating real-world attacks to evaluate your defenses continuously.
  • Support for Service Providers and Consultants: The Mitigant API further empowers service providers (MSP, MSSPs) and consultants to support their clients while maintaining agility and productivity easily.

The Mitigant API provides the flexibility and power to extend the platform in numerous ways, ensuring that security measures evolve alongside emerging threats.

AWS Organizations Support: Scaling Security for Large Enterprises

Managing security across multiple AWS accounts can be challenging for large enterprises. AWS organizations was introduced to simplify multi-account management for organizations of any size. Mitigant platform now supports AWS Organizations, thus aligning with this goal, and thus offering a streamlined solution for companies with extensive AWS footprints. With the support for AWS Organizations, the Mitigant platform empowers large enterprises to maintain robust security across their entire cloud infrastructure. Here are some key benefits of this feature:

  • Centralized Management: Security teams can easily manage multiple AWS accounts and enforce security policies and configurations from a single unified point. 
  • Enhanced Visibility: Gain comprehensive insights into your entire AWS environment, making identifying and addressing potential vulnerabilities easier.
  • Scalable Security: Consistent security practices can be applied across multiple AWS accounts, regardless of size or complexity. These include running cloud attack emulations, compliance checks, drift analysis, and Kubernetes security.

Mitigant Platform Showing The  Feature Supporting AWS Organizations

Conclusion

These new features underscores Mitigant’s commitment to providing advanced security solutions that meet align with the requirements of modern organizations in a GenAI world. The Attack Emulation for GenAI, The Mitigant API,  and AWS Organizations support is now available, offering enhanced integration, robust protection for critical workloads, and scalable security management. Do not hesitate to reach out and sign up for a FREE Trial - https://www.mitigant.io/en/sign-up

Stay tuned for more updates as we continue to innovate and expand the capabilities of the Mitigant Platform. Please contact our support team if you have any questions or need assistance with these new features. Thank you for choosing Mitigant as your trusted security partner.

We look forward to seeing how you leverage these new capabilities to strengthen your security posture.

Ready to Secure Your Cloud Infrastructures?
Connect with the Mitigant Team and proactively protect your clouds today.
Book DemoStart Free Trial

Read Other Interesting Blog Posts

View Blogs
Cyber Resilience
Security Chaos Engineering 101: Fundamentals
March 25, 2024
This article discusses the positioning of Security Chaos Engineering (SCE) as an aspect of security engineering. The primary motivation i
Read More
Cloud Security
Bedrock or Bedsand: Attacking Amazon Bedrock’s Achilles Heel
July 10, 2024
Amazon Bedrock's Achilles heel is the adoption of S3 as a RAG data source, leading to several GenAI attack vectors, including data poisoning, denial of service & S3 ransomware. This article delves into these attack vectors, detection, and mitigation.
Read More
Cloud Security
Emulating and Detecting Scattered Spider-like Attacks
July 23, 2024
This article shows how to leverage Threat-Informed Defense to effectively tackle cloud threat actors, e.g., Scattered Spider. Practical attacks & appropriate defense are demonstrated using Mitigant Cloud Attack Emulation & the Sekoia SOC Platform.
Read More

Join The Cloud Security Revolution Today!

Take control of your cloud security in minutes. No credit card required.
Start 30-day Free Trial