The coming AI security crisis (and what to do about it) | Sander Schulhoff
Lenny's Podcast: Product | Career | Growth桑德·舒尔霍夫是一位专注于人工智能安全、提示注入和红队测试的AI研究员。他撰写了首部全面的提示工程指南,并主办了首届提示注入竞赛,与顶尖AI实验室和企业合作。他的数据集现已被《财富》500强企业用于评估其AI系统安全性。他投入了比任何人都多的时间研究攻击者如何攻破AI系统,而他的发现并不令人安心:企业购买的防护措施实际上并不奏效,我们至今尚未看到更多危害,仅仅是因为AI智能体目前还不够强大,无法造成实质性破坏。
本期讨论内容:
- AI系统中越狱攻击与提示注入攻击的区别
- 为何AI防护措施形同虚设
- 为何尚未出现重大AI安全事件(但即将发生)
- 为何AI浏览器智能体易受网页嵌入的隐蔽攻击
- 企业应采取哪些实际措施替代无效的安全工具采购
- 为何解决此问题需要融合传统网络安全专长与AI知识
本期节目由以下品牌赞助:
Datadog——现已成为领先实验与功能开关平台Eppo的归属地:现代软件公司的基础架构
Giving Funds——让年终捐赠变得简单
深度解析(面向付费订阅用户):
如何联系桑德·舒尔霍夫:
• X平台:
• 领英:
• 个人网站:
• Maven平台AI红队测试与安全大师课:
如何联系莱尼:
• 新闻通讯:
• X平台:
• 领英:
桑德·舒尔霍夫是一位专注于人工智能安全、提示注入和红队测试的AI研究员。他撰写了首部全面的提示工程指南,并与顶尖AI实验室和企业合作举办了首届提示注入竞赛。他的数据集如今被《财富》500强企业用于评估其AI系统的安全性,他投入了比任何人都多的时间研究攻击者如何攻破AI系统,而他的发现并不令人安心:企业购买的防护措施实际上并不奏效,我们至今尚未看到更多危害只是幸运,因为AI智能体目前还不够强大,无法造成真正的破坏。我们讨论了:1. AI系统越狱与提示注入攻击的区别2. 为何AI防护措施无效3. 为何我们尚未看到重大AI安全事件(但很快会出现)4. 为何AI浏览器智能体易受网页中隐藏攻击的影响5. 组织应采取的实际步骤,而非购买无效的安全工具6. 为何解决此问题需要融合传统网络安全专业知识与AI知识——本期节目由以下赞助商提供:Datadog——现拥有领先的实验和功能标记平台Eppo:https://www.datadoghq.com/lennyMetronome——现代软件公司的变现基础设施:https://metronome.com/GoFundMe Giving Funds——让年终捐赠更轻松:http://gofundme.com/lenny——文字稿:https://www.lennysnewsletter.com/p/the-coming-ai-security-crisis——我的主要收获(面向付费订阅用户):https://www.lennysnewsletter.com/i/181089452/my-biggest-takeaways-from-this-conversation——桑德·舒尔霍夫的联系方式:• X:https://x.com/sanderschulhoff• LinkedIn:https://www.linkedin.com/in/sander-schulhoff• 个人网站:https://sanderschulhoff.com• Maven平台上的AI红队测试与AI安全大师课:https://bit.ly/44lLSbC——莱尼的联系方式:• 新闻通讯:https://www.lennysnewsletter.com• X:https://twitter.com/lennysan• LinkedIn:https://www.linkedin.com/in/lennyrac
原始描述
Sander Schulhoff is an AI researcher specializing in AI security, prompt injection, and red teaming.
He wrote the first comprehensive guide on prompt engineering and ran the first-ever prompt injection competition, working with top AI labs and companies.
His dataset is now used by Fortune 500 companies to benchmark their AI systems security, he’s spent more time than anyone alive studying how attackers break AI systems, and what he’s found isn’t reassuring: the guardrails companies are buying don’t actually work, and we’ve been lucky we haven’t seen more harm so far, only because AI agents aren’t capable enough yet to do real damage.
We discuss:1.
The difference between jailbreaking and prompt injection attacks on AI systems2.
Why AI guardrails don’t work3.
Why we haven’t seen major AI security incidents yet (but soon will)4.
Why AI browser agents are vulnerable to hidden attacks embedded in webpages5.
The practical steps organizations should take instead of buying ineffective security tools6.
Why solving this requires merging classical cybersecurity expertise with AI knowledge—Brought to you by:Datadog—Now home to Eppo, the leading experimentation and feature flagging platform: infrastructure for modern software companies: Giving Funds—Make year-end giving easy: biggest takeaways (for paid newsletter subscribers): to find Sander Schulhoff:• X: LinkedIn: Website: • AI Red Teaming and AI Security Masterclass on Maven: to find Lenny:• Newsletter: • X: LinkedIn: