Python Conference APAC 2024

Hacking and Securing Serverless Generative AI applications
2024-10-27 , CLASS #6 - 3C
Language: English

These last few years, we’ve seen a significant increase in the number of serverless generative AI-powered applications being developed by organizations and professionals globally. Unfortunately, companies are unable to keep up with the security considerations and requirements and often end up unprepared for various types of attacks. There are different ways to attack serverless Generative AI-powered systems and most organizations are not equipped with the skills to secure these systems. In this talk, we will talk about the different ways these systems can be attacked and then we will share relevant strategies to protect these systems.


Designing and building serverless generative AI-powered systems require a lot of skill, time, and experience. Data scientists, developers, and ML engineers work together in building ML systems and pipelines that automate different stages of the machine learning process. Once these systems have been set up, these systems need to be secured properly to prevent these systems from being hacked and compromised. At this point, some professionals assume that making use of a serverless implementation would automatically secure these Gen AI-powered systems. Unfortunately, such assumptions often result in overlooked security vulnerabilities.

Some attacks have been customized to take advantage of vulnerabilities present in certain libraries used by these serverless applications. Other attacks may take advantage of vulnerabilities present in the custom code of ML engineers as well. There are different ways to attack serverless Generative AI systems and most data science teams are not equipped with the skills required to secure the systems they built. In this talk, we will discuss in detail the cybersecurity attack chain and how this affects a company’s strategy when setting up different layers of security. We will discuss the different ways these systems can be attacked and compromised and along the way, we will share the relevant strategies to mitigate these attacks.

Joshua Arvin Lat is the Chief Technology Officer (CTO) of NuWorks Interactive Labs, Inc. He previously served as the CTO of 3 Australian-owned companies and also served as the Director for Software Development and Engineering for multiple e-commerce startups in the past. Years ago, he and his team won 1st place in a global cybersecurity competition with their published research paper. He is also an AWS Machine Learning Hero and he has been sharing his knowledge in several international conferences to discuss practical strategies on machine learning, engineering, security, and management. He is also the author of the books "Machine Learning with Amazon SageMaker Cookbook", "Machine Learning Engineering on AWS", and "Building and Automating Penetration Testing Labs in the Cloud". Due to his proven track record in leading digital transformation within organizations, he has been recognized as one of the prestigious Orange Boomerang: Digital Leader of the Year 2023 award winners.

This speaker also appears in: