Pillar Security

🚀 We're thrilled to Introduce “The State of Attacks on GenAI” Report! This industry-first report delivers cutting-edge insights into real-world attacks on generative AI systems, based on telemetry data collected during 2024 from over 2,000 LLM applications. While numerous theoretical studies, surveys, and potential scenarios exist, there's been limited analysis of real-world attacks and risks—until now. 🔍 What's Inside: * Curated Real-World Attacks: Explore a selection of attacks seen in the wild, including techniques used and their impact. * Adversary Jailbreak Techniques: Gain detailed observations of the top methods adversaries use to exploit and bypass GenAI systems. * Adversary Goals & Motivations: Understand what drives attackers and what they aim to achieve. * Key Technical Insights: Access critical technical knowledge that will help you safeguard your AI systems effectively. * Future Threat Forecasts: Receive expert predictions for 2025 and actionable suggestions on how your security team can prepare and defend against upcoming threats. Download the report here: https://lnkd.in/dSJEyZmU

What are the limitations of existing AppSec solutions in managing AI-related risks? Our new blog explores how AI systems demand different security approaches and introduce new controls to protect non-deterministic, agentic-driven applications. Read the full blog here: https://lnkd.in/dTCXk9Zg

Thanks to everyone who attended yesterday's webinar! Special shoutout to our amazing speakers James Berthoty, Ron Bitton, PhD, and Dor Sarig for sharing their insights. In case you missed it, you can now watch the webinar on-demand here → https://lnkd.in/ddxcWpcU

📣 Tomorrow! Join a live webinar on AI security. Explore how agentic systems are reshaping traditional DevSecOps practices and discover top AI security use cases in today’s enterprises. Join James Berthoty, Ron Bitton, PhD, and Dor Sarig for an in-depth discussion on agentic-related risks and a 2025 forecast. Don’t miss out! 📅 Wednesday, January 15th, 11:30am ET 👉 Register here: https://lnkd.in/gPat7M6k

Our very own Guy Grinapell joined 👨🏻💻 Ran Tavory and Ori Lahav on Reversim—Israel’s leading developers’ podcast—for an intriguing conversation on how to develop with LLMs securely. If you’re exploring practical ways to integrate AI while maintaining its integrity and security, be sure to listen! Hear the full interview (in Hebrew) here: https://lnkd.in/d6yeNZzC

🚨 What are the limitations of existing security tools in managing AI-related risks? Learn practical approaches to identify blind spots and protect against emerging threats across your AI lifecycle—from development to production. 🎙️ Join James Berthoty, Ron Bitton, PhD and Dor Sarig, as they explore: ✅ Traditional application security Vs AI security ✅ AI security use cases in the modern enterprise ✅ Analysis of AI-related risks and vulnerabilities ✅ Strategic recommendations for 2025 📅 January 15th, 11:30am ET 👉 Don’t miss out—Reserve your spot for this exclusive webinar: https://lnkd.in/gFqGzRbx

Over the past year, our work with AI & security teams has revealed the key use cases and challenges in securing AI. We're bringing these insights to an exclusive webinar on January 15th at 11:30am ET, featuring a panel of industry experts who will share practical strategies to protect AI systems. Key topics: - Traditional vs. AI security – understanding the gaps - AI security use cases in modern enterprises - Insights from Pillar's "State of Attacks on GenAI" report - Current threat landscape and 2025 forecast 🔗 Save your spot: https://lnkd.in/dKNFnRbd Dor Sarig, James Berthoty, Ron Bitton, PhD

When I talk about the future of AI security, I tend to focus more on the application security side than the browser, DLP, or SaaS security side of it. Recently I saw Pillar Security and saw that they have really built out what I've been looking for on the app side - you connect a GitHub app and get discovery of what models you're using where, and what they're doing; then have an SDK or an API you can use for more granular monitoring, DAST like testing, and response/redaction controls. I love the discovery -> testing -> monitoring -> response workflow, and it looks like there's a lot of value here for teams trying to figure out what they're devs are up to (also, I suggest just talking to them first to try and save some money 😂)

Happy Holidays from Pillar Security! As we wrap up another remarkable year, we want to express our heartfelt gratitude to our incredible community of customers, strategic partners, and dedicated team members. Your trust, collaboration, and unwavering support have fueled our passion and guided our success. Over the past year, our work with forward‑thinking organizations has revealed invaluable insights into emerging AI security trends and the real‑world challenges businesses face. We couldn’t have done this without your dedication—thank you for being an integral part of our journey. Happy holidays and best wishes for a secure and innovative 2025!

🤔 "A new kind of digital species"—AI is challenging us to rethink security from the ground up. Mustafa Suleyman’s bold statement at TED 2024 (link in comments) isn’t just provocative—it’s a wake-up call for security leaders. If AI agents are evolving into “digital employees,” then we must ask: Shouldn’t they be governed by the same rigorous security controls as human workers? The challenge is clear: Agentic systems don’t just assist; they act, learn, and adapt autonomously. To secure them effectively, we need to map their capabilities to precise security measures: 📧 When AI processes emails → Deploy email security & anti-phishing safeguards 🌐 When AI browses the web → Implement Secure Web Gateways (SWG) 🔍 When AI downloads/executes files → Use EDR and sandbox solutions 🔑 When AI writes/executes code → Apply Software Composition Analysis (SCA) and Static Application Security Testing (SAST) 🔒 When AI handles sensitive data → Enforce Data Loss Prevention (DLP) .. Yet, these are only the starting points. The broader implications demand attention: 1️⃣ AI needs its own digital identity: Authentication, access controls, and behavioral monitoring must extend to AI agents. 2️⃣ Security policies must evolve: Traditional approaches won’t suffice. AI-specific threats like model poisoning and adversarial attacks require novel solutions. 3️⃣ Incident response must adapt: Playbooks should anticipate scenarios involving rogue or compromised AI systems. 4️⃣ Zero Trust principles apply to AI too: Always verify, never trust—whether it’s a human or an AI making decisions. As Suleyman envisions "personal AI" that’s "infinitely knowledgeable," our security infrastructure must scale and evolve. We’re no longer just securing tools; we’re safeguarding collaborators—the digital species working alongside us. The next decade will define how we protect this new frontier. #AISecurity #Cybersecurity #AITransformation