0
1.0.0
Zurich Patch 4, Yokohama Patch 11
Standalone Application
Vulnerability management teams can use AI Security Exposure Management to help them import various types of security exposures in the AI assets including AI model vulnerabilities, AI model validation (automated red teaming) alerts, etc., and manage these issues along with other types of exposures in the Unified Security Exposure Management workspace. The AI Exposures dashboard provides you with a view into the critical security vulnerabilities of your AI attack surface. You have the option to use a generative AI skill to help you determine if any of the threats might be already mitigated and help you prioritize high risk exposures and defer lower risk exposures that have mitigations or guardrails already in place.
- Filter two categories of AI exposures that are displayed on a dedicated dashboard in the AI Exposures module in the Unified Security Exposure Management workspace:
- Model vulnerabilities - Vulnerabilities discovered in open source AI models that are published in repositories. These vulnerabilities are detected by third-party AI security tools and imported into AI security exposure management.
- Model validation findings - Findings from third-party automated penetration testing or automated red teaming done to verify the behavior of some of these models.
- Use automated response workflows for prioritization and remediation of AI exposures.
- Supports AI security platform integrations: Cisco AI Defense and HiddenLayer.
- For customers using Now Assist for Vulnerability response:
- Ingest data related to runtime guardrails enabled in AI security platforms.
- Use a Now Assist skill to help you determine if any of the model validation findings are mitigated by these guardrails. This generative AI skill can help explain why a guardrail helps mitigate a threat for a particular validation finding.
- Use an AI agent to help you defer and request exceptions for validation findings with eligible guardrails already in place as identified by the Now Assist skill. You can also chat with the AI agent to help you create exception rules to automatically defer similar findings in the future.
- Supported AI security platforms for this functionality: Cisco AI Defense.
Initial release of Innovation Lab
This application requires the AI Discovery (sn_ai_disc) application to permit AI assets imports and the creation of vulnerability findings for AI assets by the automated workflows of Unified Security Exposure management (Vulnerability Response).
Supported family releases:
Yokohama Patch 11 (YP11)
Zurich Patch 4 (ZP4)
Supported integrations:
- AI Security Exposure Management 1.0.0
- The HiddenLayer Service Graph Connector and the HiddenLayer Integration for AI Security Exposure Management are third-party integrations supported by AI Security Exposure Management to import AI model vulnerability data.
- The Cisco AI Defense application is a third-party integration supported by AI Security Exposure Management to import AI Defense scan results and AI model validation data for AI and machine learning models.