Transcript
My name is Max and I'm one of the Zscaler DSPM, Data Security Posture Management product specialists. Today, I would like to walk you through a use case where we're going to build a chatbot application using generative AI, LLM, large language model to enable our customers to ask questions about our products and receive an answer in a friendly way. What you can see here is the web interface of our chatbot. For the purpose of this demonstration, we created a fake company called SafeMarch Home Appliances, and as the name suggests, it manufactures home appliances. The challenge with modern home appliances is that they became so sophisticated that they come with a very long user manual, and probably most customers wouldn't be too happy reading the manual from A to Z. Therefore, we enable them to ask questions using this chatbot. Behind this chatbot, we have a large language model from Anthropic. The challenge with most large language models is that while they were trained on a large amount of data, usually they lack domain-specific knowledge. Probably, Claude is not aware of our user manual. Somehow, we need to make sure that it becomes aware of it, and there are several options to achieve this. One option is to retrain the model and include the user manual in the training set. The problem with this approach is that it is very expensive and it requires expertise. The other approach, which is cheaper and probably much better for us, is to use REG, Retrieval Augmented Generation. Before we start using this chatbot, let's take a look at the architecture. What you can see here is a diagram depicting the flow of a user submitting a prompt and then how they get a response. The user submits a prompt or a query, and this prompt is being sent to AWS Bedrock, a managed service from AWS. Before sending this prompt to the actual model, Bedrock performs a search to identify whether there is any documentation that might be relevant to this prompt. We can see here that we have the user manual stored in an S3 bucket. When Bedrock determines that this documentation is relevant, it augments the original prompt with the search results, so the model receives both the relevant documentation and the original prompt, and then it can provide a better response. Now that we know how it is built, let's see how it works. Let's ask the chatbot a question. Now it's going to process our prompt, and let's give it a few seconds, and hopefully we'll get the response shortly. You can see here that we get a very detailed response, including technical specifications and other information about the SafeMarch house cleaning robot. And you can also see where this information is coming from. It is coming from the user manual. So far, so good. Now let's see if we can actually trick this chatbot to provide information it's not supposed to. Ideally, this kind of a question should be rejected. Let's see what response we would get. So you can see here that it actually exposes information it's not supposed to. Specifically, it tells us that there is a top-secret document that outlines plans to acquire Acme Tech for 100 million US dollars by March 2026. And it claims that this information came from the user manual, which is obviously incorrect, because the user manual does not contain this kind of sensitive information. Now let's take a look at Zscaler DSPM and try to understand why did it happen. So what you can see here is the DSPM dashboard. And the part we are interested in at the moment is this one, sensitive data exposed to AI by models. You can see the different models used in this environment. And we can see here that we have Anthropic, and Anthropic has access to sensitive data under GLBA. Let's drill down and investigate. Here you can see that we have a SafeMarch user manual knowledge base. A knowledge base is a functionality from AWS Bedrock, their implementation of RAG, Retrieval Augmented Generation. So if we click on it, here we can see the actual access path. So we can see here that we have the AWS Bedrock knowledge base. And we can see that it uses one model. We can drill into the model and see that it uses cloud-free SONET. And if we click here on GLBA, we can actually see that financial statements were detected here. That's where the information about the acquisition plan is coming from. So here you can identify this and you can prevent this. Now in order to identify this, right now we had to go to the DSPM web interface and actually look at that. But you can also receive a proactive alert. So if we click on alerts here, and then we go, for instance, to this alert, AWS Bedrock knowledge base contains sensitive S3 data. You can see here that it shows us the actual problem. And it describes a possible threat that, for instance, a malicious user could submit a harmful prompt or query, enabling them to extract sensitive data from the model if it is not properly secured. And that's exactly what happened. Now we can see here that we have the threat. If we click on the sensitive data tab, we would actually see the specific sensitive data. And you can see here that we have this document board resolutions that contains this sensitive information. So that's how DSPM can help you to identify this kind of things. We can trigger an alert. We can create a Jira ticket, a ServiceNow ticket, maybe trigger some other automation, whatever is appropriate in your organization. So this is just one part of our capabilities. In one of the next videos, we're going to discuss additional AI-related topics, for instance, which models are being used. Maybe you have a policy about specific models which are allowed or not allowed in your organization. We're also going to dive deeper into shadow AI because it's one thing to use a managed AI service from AWS like Bedrock or from Azure like Azure AI Foundry. It's a different thing to deploy a virtual machine with some AI software running on it. So we are going to show you how DSPM can help here as well. I hope that you found this useful. Thank you very much for listening.
