SHOW NOTES

Red Canary experts Brian Donahue and Caleb Fogleman discuss how security operations teams can defend against AI-powered threats. The conversation covers two main aspects: how adversaries use AI in their attack campaigns (for crafting phishing messages, writing code, and automating processes) and how to protect enterprise AI infrastructure from compromise.

Throughout the discussion, these experts emphasize that while AI represents an evolution in adversary tooling, the fundamental defense strategies remain the same – defense in depth, proper authentication, least privilege access, and comprehensive monitoring. They highlight that AI-powered attacks are often noisier and thus more detectable, and recommend leveraging deception technologies and honey tokens as defensive measures.

The discussion also covers how Red Canary uses AI internally for threat detection and analysis, drawing parallels between legitimate and malicious AI usage. The session concludes with practical recommendations for securing AI systems and maintaining human oversight in AI-assisted security operations.

Timestamps:

• 01:31 – Welcome to Red Canary Office Hours
• 04:16 – AI-powered threats and how to defend against them
• 04:40 – How are adversaries leveraging AI?
• 09:57 – How are we using AI and how does that help us infer how adversaries use it?
• 14:32 – How to defend against AI powered threats
• 18:40 – AI-in-the-middle; agent chicanery
• 23:28 – Threats to AI infrastructure and how to protect all those newfangled AI tools
• 23:46 – Adversaries will target corporate AI tools
• 26:57 – Organizations can protect their AI tools
• 28:44 – More ideas for protecting AI infrastructure