Qualys has announced the release of Qualys TotalAI, a new solution aimed at addressing the critical risks associated with large language model (LLM) applications, including prompt injection, sensitive information disclosure, and model theft. The solution, which expands Qualys' existing enterprise security and compliance capabilities, will be showcased at Black Hat 2024.
Philip Bues, senior research manager at IDC, remarked on the importance of this development.
"As the global adoption of AI and large language models (LLMs) accelerates, outpacing governance and safety measures, it's crucial for organisations to implement robust protections," he said.
"Qualys TotalAI is focused on providing businesses with the tools they need to confidently secure their AI investments, offering comprehensive visibility and defence against emerging cyber threats."
The increasing integration of AI and LLMs into various products and solutions has significantly widened the attack surface for many organisations, creating new cybersecurity challenges. Traditional cybersecurity practices have proven insufficient in addressing these new risks. They include the potential for model theft, data leaks due to existing vulnerabilities or misconfigurations, and accidental data loss, all of which can lead to compliance issues and reputational damage resulting from inappropriate content or AI hallucinations generated by these models.
Qualys TotalAI aims to empower organisations by expanding their existing asset visibility, vulnerability detection, and remediation capabilities to cover generative AI and LLM technologies.
Specifically, the solution addresses the top 10 most critical risks for LLM applications identified by OWASP, including prompt injection, sensitive information disclosure, and model theft.
"We're only beginning to scratch the surface of AI and LLMs' potential for driving value for enterprises," stated Sumedh Thakar, president and CEO of Qualys.
"At the same time, we need to secure this burgeoning journey, so it doesn't add new risk to the business. At Qualys, we are committed to helping our customers stay ahead of emerging cybersecurity risk. With Qualys TotalAI, enterprises can focus on growth and innovation, knowing they will stay protected from the most critical AI threats."
Qualys TotalAI brings several features to the table, allowing organisations to discover, inventory, and classify all AI and LLM assets, including GPUs, software, packages, and models. The solution helps organisations prevent model and data theft by assessing, prioritising, and remediating AI software vulnerabilities. Additionally, it aims to secure AI infrastructure by leveraging comprehensive remediation capabilities to exceed security requirements, align with service level agreements (SLAs), and meet business needs. The solution also includes tools to assess LLMs for critical attack exposures like prompt injection and sensitive information disclosure.
Qualys TotalAI will be available in the fourth quarter of 2024.