Welcome to the Atlanta User Group! This community is designed to bring together cybersecurity and tech professionals in the Atlanta area to network and share insights on how others are leveraging Google Cloud Security solutions. Members can connect with their peers and Google Cloud Security Experts, and hear from speakers like Mandiant Consultants and Google Security Architects.

Google offers a multi-layered security approach to protect AI systems, leveraging the expertise of Mandiant and specialized solutions like Apigee and Model Armor. Mandiant, a cybersecurity firm acquired by Google, contributes its threat intelligence and incident response expertise to proactively defend against modern threats. Their experts use AI-assisted tools and up-to-the-minute intelligence from incident response engagements to hunt for threats and scale responses through automation. Apigee acts as a secure API gateway, managing the entire lifecycle of APIs used by AI applications. It enforces security policies like authentication, authorization, and rate limiting to protect against common web vulnerabilities and API-specific attacks. Finally, Model Armor is a firewall-like tool that provides an additional, specialized layer of protection for AI models. It screens both the input prompts and the model-generated responses to prevent prompt injection attacks, sensitive data leakage, the generation of malicious content, and other risks unique to AI. This combination of human-led intelligence, API management, and AI-specific security tools creates a robust defense for your AI systems.

Agenda
12:30 PM

Welcome & Introductions

1:00 PM

Large Language Mischief

Katie Bowen from the Google Threat Intelligence team will present on how cybercriminals are leveraging large language models (LLMs) to enhance their operations. Acting as a powerful force multiplier, these LLMs provide cybercriminals with technical support that boosts the frequency, intensity, and success rates of their malicious activities. This new threat landscape highlights how advanced AI tools, while helpful for many, are also being exploited to create more effective and frequent cyber threats.

Break

2:00 PM

Architecting Defenses for OWASP API & LLM Risks

Christopher Duncan from the Google Cloud Apigee Customer Engineering team will lead a technical deep dive on securing AI and API services on Google Cloud. This session moves beyond the "what" of the OWASP Top 10 for APIs and LLMs to focus on the "how," covering specific configurations and integration patterns. The presentation will explore the AI Gateway Pattern for centralized policy enforcement, ML-Powered Anomaly Detection using Advanced API Security to find shadow APIs and abuse, and Prompt Injection Countermeasures with Model Armor policies to protect backend models like Vertex AI, Gemini, or other 3rd party models.

Break

3:00 PM

Gen AI Combat: A Brief Introduction to Attack & Defense

Mandiant experts, Prachi Shiveshwar and Ryan Allen will speak on a foundational look at the security landscape for generative AI as incorporated into modern business applications. We'll examine real-world vulnerabilities and exploits, leaning on OWASP’s Top 10 for LLMs and Gen AI Apps to help you understand and mitigate related risks. The session will cover common weaknesses and effective prevention strategies, as well as opportunities to enhance security throughout the software development lifecycle.

4:00 PM

Meeting Wrap Up & Networking