Startup Competition Secures ML Systems, Vulnerabilities in Automation

RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.

Paul Shomo, Cybersecurity Analyst

May 11, 2023

5 Min Read
Rolled up balls of paper as exhaust from a rocket ship
Source: Ink Drop via Alamy Stock Photo

Cybersecurity has traditionally secured the use of off-the-shelf IT hardware and software. Yet almost all the finalists at this year's RSA Innovation Sandbox centered around securing attack surfaces arising from the building of applications, machine learning systems, and API integrations. And while that may sound like the SecDevOps and software supply chain security of old, these innovators are focused on a larger opportunity.

Innovation Sandbox is RSA's Shark Tank-like competition bringing 10 startup finalists to present onstage before judges. HiddenLayer took the top prize for defending ML systems against adversarial AI.

Today, every company is a software company, and more developers and data scientists arrive each year. Yet nondevelopers have begun to build software, too. Anyone can ask ChatGPT to code API integrations to their favorite SaaS app. Or to drag tasks into the playbooks of orchestration tools. This year's finalists highlighted new attack surfaces produced by this growing business activity of software building.

Surprising Vulnerabilities in ML Systems

Cylance was hit with an adversarial AI attack in 2019, directly targeting its ML systems. Those involved were so sure they witnessed the future of cyber warfare, they built the Innovation Sandbox winner, HiddenLayer.

HiddenLayer defends ML systems against attacks that the public may have heard of, like poisoned training data. Yet the industry hasn't really addressed how easy it is to steal intellectual property (IP) from ML systems. As an example, inference attacks probe deployed ML models, learning to create labels that automatically train new models to mimic the victim's now stolen IP.

HiddenLayer protects customer models while they’re still being staged, detects their vulnerabilities, then protects and obfuscates models once deployed. In addition to their product, HiddenLayer offers a managed detection and response service for this unfamiliar world.

Many want the insights and automation that third-party AI providers, such as OpenAI, can deliver. Yet they don't want to share sensitive data. Enter Zama, the finalist working on the holy grail of AI privacy, fully homomorphic encryption.

Zama's fully homomorphic encryption allows their end customer's application developers to encrypt sensitive data into structures of ciphertext, then share it with third-party AI providers. After this third-party AI provider has completed its work on the structured ciphertext, the new analytic insights are handed back to the customer who originally shared their data. Homomophic's magic now happens as it's decrypted, with the integrity of the third-party AI's insights and their relation to the customer's private data intact. Yet no secrets were ever shared, only encrypted cyphertext.

Zama's twist is a quantization technique that optimizes by using integers instead of decimals, the latter of which require extra CPU instructions for even basic math.

Enabling Software Developers Instead of Critiquing Code

The shift-left movement has failed to make developers fix insecure code. This year's startups focused less on analyzing code and more on helping developers write secure code in the first place.

Taking second place was Pangea, which provides already working security functionality that can be built into applications with one-line API integrations. Pangea calls it shifting left-of-left: enable developers, instead of creating arguments with SecDevOps.

Other finalists in this mold include Endor Labs, which comes from the founder of cloud posture management pioneer RedLock, which became Palo Alto Networks' Prism cloud. Endor Labs targets the open source side of software composition analysis. Open source libraries are everywhere. As Endor Labs tells it, there’s even foundational Internet code maintained by single part-time developers. And some of these folks have even served time in prison. Endor Labs helps developers choose open source wisely, as they develop.

Relyance AI enforces privacy by asserting compliance against a company's custom code. The advanced intelligence they built in only three years may cause a double take. Relyance AI cites advances in NLP, and generative AI's ability to rapidly prototype as having accelerated R&D. They've built an AI product that understands privacy clauses in compliance documents, and enforces these on developer code.

Dazz focuses on orchestrating remediation across the sprawling software development life cycle. Today a diverse set of code-to-cloud personnel deploy applications on numerous continuous integration and continuous development (CI/CD) pipelines. They maintain their own container images, write code and include who-knows-what libraries and artifacts. Dazz auto-maps these CI/CD pipelines, then orchestrates remediating vulnerabilities across sprawling departments and actors.

API Integrations Threaten Software Supply Chain

The most important supply chain issue no one is talking about is back-end API integrations. Hidden data flows between commercial SaaS vendors arise as business users build "shadow integrations" with orchestration platforms and generative AI — even without coding skills. Because these integration apps automate and authenticate, these integrations are often handled by nonhuman identities, and there are a lot more nonhumans than humans.

Astrix Security maps the web of APIs, monitors, and reins in these API-to-API shadow integrations. By Astrix's count, there are 45 times more nonhumans traversing these connections than employees, making this the new identity problem.

Valence Security maps the SaaS-to-SaaS mesh, handles misconfigurations, and remediates — including an education step. They explain how in the new decentralized world, business users may essentially end up as SaaS admins.

Timely Topics: SBOMs, Blockchain Contracts

SafeBase builds a secure role-based trust center allowing a vendor's salespeople and customers to share supply chain information, share software bills of materials (SBOMs), and facilitate the expensive questionnaire process.

The final competitor, AnChain, showcased a Web3 SOC product that monitors, detects, responds to, and investigates blockchain smart contracts.

Innovation Sandbox gave us a first glimpse at securing the upcoming automation era where developers, data scientists, and business users go to work every day and build potentially vulnerable software.

About the Author

Paul Shomo

Cybersecurity Analyst

Paul Shomo is an experienced analyst focusing on emerging cybersecurity and early-growth startups. A prescient forecaster, Paul is featured in Dark Reading, CSO Online, eWeek, and the Genealogy of Cybersecurity podcast. A patent holder and engineering leader behind EnCase, Paul was a founding pioneer of DFIR and enterprise forensics from 2006 to 2015. Paul was also a former kernel developer for Wind River Systems.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights