AI Security

ByStefan Karg 20.02.202325.08.2025

What is the role of us security professionals when it comes to AI powered systems?

The image presents a scenario titled "Scenario 1" with a focus on the use of artificial intelligence (AI) in attacking traditional systems. The visual features two hands, one human and one robotic, reaching towards each other against a dark background, symbolizing the interaction between humans and AI.

The text in the image highlights the concern that AI is being used to attack traditional systems. It emphasizes the role of security management in ensuring that this new risk is accounted for and mitigated. The image poses a critical question to the viewer: "⚠️ Have you updated your risk analysis?" This suggests the importance of regularly updating risk assessments to address emerging threats posed by AI.

In the bottom right corner, the image is credited to "thecyberstefan," indicating the source or creator of the content. The overall message of the image underscores the evolving landscape of cybersecurity threats and the necessity for proactive risk management in the face of advancements in AI technology.

The image provides examples of different types of attacks on AI systems, highlighting the vulnerabilities and potential risks associated with each type of attack. Here is a detailed summary of the attacks mentioned:

Prompt Injection Attack:

Description: This type of attack involves injecting malicious input into an AI system.
Question: How stable is your model against malicious input?
Explanation: In AI systems, malicious input modifications can be very subtle and might be difficult for humans to recognize. However, these modifications can lead to completely unintended results, potentially causing the AI to behave in unexpected or harmful ways.
Data Poisoning Attack:

Description: This attack involves inserting malicious data into the training dataset of an AI model.
Question: How do you ensure that no malicious data is inserted into your training data?
Explanation: Changes in the training data might be hard to identify by humans due to the large amount of data involved. Malicious data can skew the learning process, leading to incorrect or biased model outputs.
Model Stealing:

Description: This attack involves an attacker gaining knowledge by stealing the AI model itself.
Question: Which knowledge could an attacker gain when being able to steal the model?
Explanation: If an attacker can steal the model, they can gain insights into the model's structure, training data, and decision-making processes. This knowledge can be used to prepare further attacks or exploit the model's vulnerabilities.
The image is credited to "thecyberstefan," indicating the source or creator of the content. The overall message emphasizes the importance of securing AI systems against various types of attacks to ensure their integrity and reliability.

OT | Security | Standardization

IEC 62443-3-2 Risk Assessment Workflow
ByStefan Karg 01.02.202525.08.2025

Critical infrastructure faces a growing number of security threats.. Critical infrastructure typically relies on Industrial Automation and Control Systems (IACS) and other non-IT components, often referred to as “Operational Technology.” To effectively assess cybersecurity risks within operational technology (OT) systems, adhering to the internationally recognized IEC 62443 standard is best practice. IEC 62443-3-2, part of…

Read More IEC 62443-3-2 Risk Assessment Workflow
AI

AI in the rail sector
ByStefan Karg 08.06.202325.08.2025

We are already seeing real-world applications of artificial intelligence in the rail sector. Deutsche Bahn is using artificial intelligence to reduce delays on its network. My prediction: This is just the beginning of ML/AI applications in our sector. We will see machine learning and AI algorithms becoming more and more widespread in the coming years….

Read More AI in the rail sector
AI

How will AI affect the security of industrial systems?
ByStefan Karg 07.06.202325.08.2025

This excellent talk from RSA Conference 2023 tries to answer this question with what is currently known regarding: A clear recommendation to watch this presentation by Jason Kramer and Dr. Ulrich Lang, CEO to anyone in the OT/ICS industry.

Read More How will AI affect the security of industrial systems?
Vulnerabilities

CVE-2024-3094: xz-utils backdoor
ByStefan Karg 30.03.202425.08.2025

The newly discovered xz-utils backdoor, which was published yesterday (NVD – CVE-2024-3094 (nist.gov)) also affects one of the Linux distributions most used by penetration testers: Kali Linux. ❗Make sure, that you are updating your Kali installations as fast as possible, especially when you updated them before in the time frame between 26.03.2024 and 29.03.2024. 💡For…

Read More CVE-2024-3094: xz-utils backdoor
Conferences / Events

Security for Safety pitch at it-sa 2021
ByStefan Karg 19.10.202125.08.2025

A short excerpt from my pitch on ‘Security for Safety’ as part of the BW-International Session at it-sa 2021 is available here: Post | LinkedIn

Read More Security for Safety pitch at it-sa 2021
Conferences / Events

CNA Railway Technology Forum 2024
ByStefan Karg 17.04.202425.08.2025

Today I attended the CNA e.V. railway technology forum 2024 in Nuremberg for ICS GmbH. The title of the conference was “Unlocking the opportunities of railtech”, which is both necessary and possible with the help of digital systems such as ETCS, ATO and CTMS – if it’s done in the right way. Cybersecurity plays a vital role in…

Read More CNA Railway Technology Forum 2024

Similar Posts