TÜV SÜD supports companies by conducting penetration tests for AI systems. Maintaining network security by combating phishing, ransomware attacks, and DNS hijacking has long been part of everyday life for CISOs, as attacks via AI systems are becoming increasingly common. Cybercriminals use methods such as prompt injection and model inversion. They also target companies‘ sensitive data and trade secrets. AI penetration tests ensure the integrity, fairness, and robustness of AI systems.
AI penetration tests are specialized assessments designed to uncover gaps in AI and machine learning systems. They evaluate the robustness of the model, the security of the data pipeline, and the vulnerability to threats such as adversarial attacks, model inversion, or data poisoning. The goal is to ensure the confidentiality, integrity, and reliability of AI-powered applications under realistic attack scenarios.
Application scenarios
There are various application scenarios for AI penetration testing: They can help identify LLM security vulnerabilities in web applications early in the development phase, assess the risk of data leaks, misuse, or manipulation of LLMs in applications, or comprehensively review predictive and user-defined LLMs in terms of data, training, and algorithms.
Five steps to more robust AI systems
Experienced AI experts from TÜV SÜD support companies in improving their AI systems in five steps. In a kick-off meeting, goals are defined and processes discussed. Then, relevant information is gathered. The third step is the actual pentesting. Unlike traditional pentesting of networks or servers, AI pentesting requires knowledge in the areas of machine learning, testing input/output behavior, and model logic. TÜV SÜD bases its assessments on the NIST AI Risk Management Framework, OWASP Top 10 for LLMs/ML Security, and MITRE ATLAS testing standards. The results are then analyzed by TÜV SÜD and finally discussed with the company.
“The more widespread AI becomes, the more attractive it becomes to criminals. Due to its rapid development, security is often not yet optimally integrated. Whether companies are optimizing AI models or integrating LLMs into applications, AI system-specific vulnerabilities must be identified at an early stage,” says Vaibhav Pulekar, Senior General Manager Cybersecurity at TÜV SÜD. "Those who do not have their models or applications checked risk serious security and data protection risks due to gaps in the system."
Further information on TÜV SÜD’s AI services is available at tuvsud.com/en/topics/artificial-intelligence.
Über die TÜV SÜD Customer Engagement and People GmbH
Founded in 1866 as a steam boiler inspection association, TÜV SÜD is now a global company. Around 30,000 employees at over 1,000 locations in around 50 countries ensure the optimization of technology, systems, and expertise. They make a significant contribution to making technical innovations such as Industry 4.0, autonomous driving, and renewable energies safe and reliable. tuvsud.com/en
Firmenkontakt und Herausgeber der Meldung:
TÜV SÜD Customer Engagement and People GmbH
Westendstraße 199
80686 München
Telefon: +49 (89) 5791-0
Telefax: +49 (89) 5791-1551
http://www.tuvsud.com/de
Ansprechpartner:
Laura Albrecht
Pressesprecherin
Telefon: +49 (89) 5791-2935
E-Mail: laura.albrecht@tuvsud.com
Pressesprecherin
Telefon: +49 (89) 5791-2935
E-Mail: laura.albrecht@tuvsud.com
Weiterführende Links
Für die oben stehende Story ist allein der jeweils angegebene Herausgeber (siehe Firmenkontakt oben) verantwortlich. Dieser ist in der Regel auch Urheber des Pressetextes, sowie der angehängten Bild-, Ton-, Video-, Medien- und Informationsmaterialien. Die United News Network GmbH übernimmt keine Haftung für die Korrektheit oder Vollständigkeit der dargestellten Meldung. Auch bei Übertragungsfehlern oder anderen Störungen haftet sie nur im Fall von Vorsatz oder grober Fahrlässigkeit. Die Nutzung von hier archivierten Informationen zur Eigeninformation und redaktionellen Weiterverarbeitung ist in der Regel kostenfrei. Bitte klären Sie vor einer Weiterverwendung urheberrechtliche Fragen mit dem angegebenen Herausgeber. Eine systematische Speicherung dieser Daten sowie die Verwendung auch von Teilen dieses Datenbankwerks sind nur mit schriftlicher Genehmigung durch die United News Network GmbH gestattet.
