Thursday, 25 May, 2023 UTC


Reed McGinley-Stempel Contributor
Share on Twitter
Reed McGinley-Stempel is co-founder and CEO at Stytch.
Organizations must quickly adapt their application security strategies to address new threats fueled by AI.
They include:
  • More sophisticated bot traffic.
  • More believable phishing attacks.
  • The rise of legitimate AI agents accessing customers’ online accounts on behalf of users.
By understanding the implications of AI on identity access management (IAM) and taking proactive measures, businesses can stay ahead of the AI curve and protect their digital assets. Here are the top three actions organizations preparing their application security for a post-AI world need to consider in their security strategies:
We’re already seeing examples of reverse engineering AI-powered sites to get free AI computing.
Defend against reverse engineering
Any app that exposes AI capabilities client-side is at risk of particularly sophisticated bot attacks looking to “skim” or spam those API endpoints — and we’re already seeing examples of reverse engineering AI-powered sites to get free AI computing.
Consider the example of GPT4Free, a GitHub project dedicated to reverse engineering sites to piggyback on GPT resources. It accumulated an astonishing 15,000+ stars in just a few days in a blatant public example of reverse engineering.
To prevent reverse engineering, organizations should invest in advanced fraud and bot mitigation tools. Standard anti-bot methods like CAPTCHA, rate limiting and JA3 (a form of TLS fingerprinting) can be valuable in defeating ordinary bots, but these standard methods are easily defeated by more complex bot problems like those facing AI endpoints. Protecting against reverse engineering requires more sophisticated tooling like custom CAPTCHAs or tamper-resistant JavaScript and device fingerprinting tools.
3 things businesses must do to secure applications in the AI era by Walter Thompson originally published on TechCrunch