New solution, Qualys TotalAI, enables holistic discovery and vulnerability assessment of AI workloads to detect data leaks, injection issues and model theft
Qualys, Inc. announced it is expanding its portfolio with Qualys TotalAI, designed to address the growing challenges and risks associated with securing generative AI and large language model (LLM) applications.
As organizations increasingly integrate AI and LLMs into their products and solutions, they face an expanded attack surface and heightened cyber risks. Traditional cybersecurity practices are proving insufficient to address these new challenges. The need to discover unknown or unapproved LLMs or AI models, known as shadow models, significantly increases exposure to threats, including model theft and data leaks from existing CVEs or misconfigurations. Additionally, there is a rising risk of accidental data loss, compliance issues, and reputational damage due to inappropriate content and AI hallucinations generated by these models. These concerns highlight the urgent need for robust security solutions in the evolving AI landscape.
Qualys TotalAI harnesses the powerful features the Qualys platform is known for to empower organizations in confidently adopting AI technologies. It expands Qualys’ renowned asset visibility, vulnerability detection, and remediation capabilities to generative AI and adds LLM scanning. The solution specifically addresses the OWASP Top 10 most critical risks for LLM applications: prompt injection, sensitive information disclosure, and model theft. With Qualys TotalAI, organizations can securely leverage the benefits of AI while upholding rigorous security standards.
“As the global adoption of AI and large language models (LLMs) accelerates, outpacing governance and safety measures, it’s crucial for organizations to implement robust protections,” said Philip Bues, senior research manager at IDC. “Qualys TotalAI is focused on providing businesses with the tools they need to confidently secure their AI investments, offering comprehensive visibility and defense against emerging cyber threats.”
Qualys TotalAI will allow organizations to:
- Discover All AI Workloads: Discover, inventory, and classify all AI and LLM assets, including GPUs, software, packages, and models, in production and development while correlating their exposure with the attack surface.
- Prevent Model Theft: Extend the power of TruRisk to assess, prioritize and remediate AI software vulnerabilities with 650+ AI-specific detections, correlated with threat feeds and asset exposures, to prevent the risk of model and data theft.
- Secure AI Infrastructure: Leverage comprehensive remediation capabilities to exceed security requirements, align with SLAs, and meet business needs. Proactively mitigate potential threats to ensure seamless operations and a strong AI and LLM security posture.
- Detect Sensitive Data Disclosure: Assess LLMs for critical attack exposures like prompt injection, sensitive information disclosure, and model theft per the OWASP Top 10 for LLMs. This will ensure confidence in AI risk management and make models audit and compliance ready.
“We’re only beginning to scratch the surface of AI and LLM’s potential for driving value for enterprises. At the same time, we need to secure this burgeoning journey, so it doesn’t add new risk to the business,” said Sumedh Thakar, president and CEO of Qualys. “At Qualys, we are committed to helping our customers stay ahead of emerging cybersecurity risk, and with Qualys TotalAI, enterprises can focus on growth and innovation, knowing they will stay protected from the most critical AI threats.”
Availability
Qualys TotalAI will be available in Q4 of 2024. Sign up for early access to Qualys TotalAI and a custom Qualys TotalAI Risk Insights Report, providing visibility into your AI and LLM risk.