How Generative AI Can Dupe SaaS Authentication Protocols — And Effective Ways To Prevent Other Key AI Risks in SaaS

Security and IT teams are routinely forced to deploy software before the security risks are fully understood. AI tools are no exception.

Employees and business leaders alike are flocking to generative AI software and similar programs, often unaware of the critical security vulnerabilities of SaaS deployed in enterprises. In a generative AI survey of 1,000 executives in February 2023, 49% of respondents said they currently use ChatGPT, and 30% plan to use the ubiquitous generative AI tool soon. It became clear. Of those who use ChatGPT, 99% of them claimed some form of cost savings, and 25% testified that it had saved them over $75,000 in spending. The researchers conducted this study just three months after ChatGPT became generally available, so his usage of ChatGPT and AI tools is arguably higher today.

Security and risk teams have already put a lot of effort into protecting SaaS assets (now business operating systems) from common vulnerabilities such as misconfigurations and over-authorized users. I’m here. This leaves little bandwidth to assess the threat landscape of AI tools, the unsanctioned AI tools currently in use, and their impact on SaaS security.

With threats emerging both inside and outside the organization, CISOs and their teams need to understand the AI ​​tool risks most relevant to SaaS systems and how to mitigate those risks.

1 — Threat actors can abuse generative AI to trick SaaS authentication protocols

Just as ambitious employees devise ways to leverage AI tools to help them do more with less, so do cybercriminals. Malicious use of generative AI is inevitable and already possible.

AI’s ability to impersonate humans makes weak SaaS authentication protocols particularly vulnerable to hacking.according to Tecopedia, threat actors can abuse generative AI for password guessing, CAPTCHA cracking, and building stronger malware. While these methods may sound like they have limited attack range, January 2023 CircleCI Security Breach The cause was that one engineer’s laptop was infected with malware.

Similarly, three prominent technologists recently made the plausible hypothesis that generative AI performs phishing attacks.

“Hackers use ChatGPT to generate personalized spear phishing messages based on your company’s marketing materials and past successful phishing messages. It succeeds in deceiving people.It’s like a message they’re trained to detect.”

Malicious attackers bypass the most hardened entry point (usually the SaaS platform itself) and instead target the more vulnerable sidedoor. They don’t mind a deadbolt or guard dog by the front door if they can sneak back to the unlocked patio door.

Relying solely on authentication to keep SaaS data secure is not a viable option. In addition to implementing multi-factor authentication (MFA) and physical security keys, security and risk teams need visibility and continuous monitoring across the SaaS perimeter, as well as automated alerts for suspicious login activity.

These insights are necessary not only for cybercriminals’ generative AI activities, but also for connecting employee AI tools to SaaS platforms.

2 — Employees connect unapproved AI tools to SaaS platforms without considering the risks

Employees now rely on unapproved AI tools to make their jobs easier. After all, who would want to work more if AI tools made them more effective and efficient? As with all forms of shadow IT, employee adoption of AI tools is driven by the best of intentions.

For example, employees believe they can manage their time and responsibilities better, but monitoring and analyzing task management and meeting participation feels like a big task. AI is easy to monitor and analyze, and provides near-instant recommendations so your employees can get the productivity boost they want in a fraction of the time. Signing up for the AI ​​Scheduling Assistant is easy and (seemingly) harmless from an end-user’s perspective:

• Sign up for a free trial or sign up with a credit card
• Agree to the AI ​​Tools read/write permission request
• Connect AI Scheduling Assistant to corporate Gmail, Google Drive, and Slack accounts

However, this process creates an invisible pathway to your organization’s most sensitive data. Connections from these AIs to her SaaS inherit the user’s permission settings, so a hacker who successfully compromises an AI tool can silently move laterally between her authorized SaaS systems. can. Hackers can access and exfiltrate data, which can take weeks or years, until suspicious activity is noticed and acted upon.

AI tools, like most SaaS apps, OAuth access token for continuous connection to the SaaS platform. Once approved, the AI ​​Schedule Assistant’s token maintains consistent API-based communication with Gmail, Google Drive, and Slack accounts without requiring users to log in or authenticate regularly.. Attackers who can abuse this OAuth token stumbled across a SaaS equivalent of a “hidden” spare key under your doormat.

Figure 1: Diagram of AI tools establishing OAuth token connections with leading SaaS platforms. Credit: AppOmni

Security and risk teams often lack the SaaS security tools to monitor or control risks in these attack surfaces. Traditional tools like cloud access security brokers (CASB) and secure web gateways (SWG) do not detect or alert on connections from AI to SaaS.

But these AI-to-SaaS connections aren’t the only way employees can unintentionally expose sensitive data to the outside world.

3 — Sensitive information shared with generative AI tools can be leaked

The data employees submit to generative AI tools, often intended to speed up and improve the quality of their work, can end up in the hands of the AI ​​provider itself, the organization’s competitors, or the public. There is a nature.

Most generative AI tools are free and exist outside of an organization’s tech stack, leaving security and risk professionals unable to monitor or control security over these tools. This is a growing concern among companies, and generative AI data leaks have already occurred.

An incident in March allowed ChatGPT users to accidentally view other users’ chat titles and histories in the website’s sidebar. Concerns were raised not only about leaking sensitive organizational information, but also about users’ identities being revealed and compromised. ChatGPT developer OpenAI has announced the ability for users to turn off chat history. In theory, this option would stop his ChatGPT from sending data back to OpenAI for him to improve the product, but it would require the employee to manage data retention settings. Even with this setting enabled, OpenAI retains conversations for 30 days, exercising the right to review them “for abuse” before they expire.

This bug and data retention details have not gone unnoticed. In May, Apple restricted the use of ChatGPT by its employees due to concerns over sensitive data leaks. The tech giant took this stance when developing its own generative AI tools, but joined the ban along with companies like Amazon, Verizon and JPMorgan Chase & Co. Apple also instructed developers to avoid GitHub Co-pilot, owned by top competitor Microsoft, for automating code.

Common generative AI use cases carry the risk of data leakage. Consider a product manager directing ChatGPT to make the message in a product roadmap document more compelling. That product roadmap almost certainly contains product information and plans that were never intended for public consumption, let alone the prying eyes of competitors. A similar ChatGPT bug of his (which his IT team at the organization does not have the ability to escalate or fix) could result in a serious data breach.

Standalone generative AI poses no SaaS security risks. But what is isolated today will lead tomorrow. Ambitious employees will naturally seek to extend the usefulness of unsanctioned generative AI tools by integrating them into SaaS applications. ChatGPT’s his Slack integration currently requires more work than the average his Slack connection, but it’s not too much of a hurdle for a knowledgeable and motivated employee. This integration uses OAuth tokens exactly like the AI ​​Scheduling Assistant example above and exposes your organization to the same risks.

How organizations can protect their SaaS environments from the critical risks of AI tools

Organizations should put guardrails in place for data governance of AI tools, especially in SaaS environments. This requires comprehensive SaaS security tools and proactive diplomacy across departments.

Employees are using unapproved AI tools primarily due to the limitations of the approved tech stack. The desire to increase productivity and improve quality is a virtue, not a vice. There is an unmet need, so CISOs and their teams should approach employees with an attitude of cooperation rather than blame.

Honest conversations with leaders and end users about AI tool requests are essential to building trust and goodwill. At the same time, CISOs should also communicate legitimate security concerns and the potential impact of unsafe AI behavior. Security leaders need to think of themselves as accountants explaining the best ways to work within the tax code, not her IRS auditor who is perceived as an enforcer who doesn’t care about anything but compliance. I have. Whether deploying the right security settings for the AI ​​tools they need or sourcing viable alternatives, the most successful CISOs strive to maximize employee productivity.

A comprehensive and robust SaaS security posture management is required to fully understand and address the risks of AI tools (SSPM) resolved. SSPM provides security and risk professionals with the insight and visibility they need to address her ever-changing SaaS risk landscape.

To improve authentication strength, security teams can use SSPM to enforce MFA across all SaaS apps in their estate and monitor configuration drift. SSPM allows the security team and her SaaS app owner to apply best practices without having to consider the complexities of setting up each SaaS app or AI tool.

Being able to inventory the unapproved and approved AI tools connected to the SaaS ecosystem reveals the most pressing risks to investigate. Continuous monitoring automatically alerts security and risk teams when new AI connections are established. This visibility plays a key role in reducing the attack surface and taking action when unapproved, insecure, or over-permissive AI tools emerge in the SaaS ecosystem.

Our reliance on AI tools will almost certainly continue to spread rapidly. A complete ban is never certain. Instead, a hands-on mix of security her leaders who share with their colleagues the goal of increasing productivity and reducing repetitive tasks. A suitable SSPM solution This is the best approach to significantly reduce the risk of SaaS data exposure or compromise.