AWS Security updates
Azure Security updates (No Major updates)
Security around the world
- OS command Injection in Ivanti Cloud Service Appliance versions (Link)
- Phishing Pages Delivered Through Refresh HTTP Response Header (Link)
- RCE Vulnerability in GCP is fixed (Link)
- OpenAI’s unripe “Strawberry” model hacked its testing infrastructure (Link). But what is Strawberry , It is the new model released by Open AI using reinforcement learning (Link)
AI Gateway
Last week we talked different ways AI can be used/deployed , One of the possibility is to use application using the LLM via API endpoints.
Courtesy Kong documentation
Now you see the problem right ? How are you managing the application against the LLM is below aspects
- Authentication
- Against prompting
- Data Leakage
- Rate limitation
- Governance
- Observability
This is where API Gateway comes in
Courtesy Kong documentation
Azure API Gateway (From azure documentation)
To further cement the need of the API Gateway for AI, Lets delve into well Azure Well-Architected Framework especially into into security pillar.
- By adhering to the CIA trait.
- Confidentiality – Data Leakage can be protected using the API Gateway
- Integrity – Using AuthN and AuthZ at the API Gateway level
- Availability – Using the Load balancer along with circuit breaking (Term from Azure) to make sure application request always reaches the active LLM Models.
So, Next time when there is AI Integration with the application think of API Gateway !!
Cyber Security Shots 
Leave a comment