Recently, Microsoft's AI Red Team released a new white paper that delves into the security challenges posed by generative AI systems and proposes strategies to address these emerging risks.

The Red Team, established in 2018, has consistently focused on evolving AI security and risk landscapes. Their efforts aim to identify and mitigate potential vulnerabilities by integrating traditional security practices with responsible AI initiatives.

The white paper, titled "Insights from Red Teaming 100 Generative AI Products," highlights how generative AI amplifies existing security risks while introducing new ones. It emphasizes the importance of human expertise, continuous testing, and collaboration in addressing various challenges ranging from traditional cybersecurity flaws to novel AI-specific threats.

The report outlines three key findings. First, generative AI systems not only amplify existing risks but also introduce new ones. Research indicates that generative AI models create new attack vectors such as prompt injection, presenting unique challenges for AI systems.

In one case study, the Red Team discovered that an outdated FFmpeg component in a video processing AI application allowed server-side request forgery attacks. This demonstrates the persistence of traditional issues in AI-driven solutions. The report stresses the need for AI Red Teams to focus on new attack vectors while remaining vigilant about existing security risks, advocating for fundamental cybersecurity hygiene in AI security best practices.

Second, humans play a central role in enhancing and securing AI. While automated tools are useful for creating prompts, organizing cyberattacks, and evaluating responses, red team testing cannot be fully automated. Human expertise is crucial, especially in fields like medicine, cybersecurity, and chemical, biological, radiological, and nuclear domains where automation falls short. Language models can detect general risks like hate speech or adult content but struggle with nuanced domain-specific issues, making human oversight essential for comprehensive risk assessment.

Moreover, AI models trained primarily on English data often fail to capture risks and sensitivities in different languages or cultural contexts. Similarly, detecting psychosocial harms, such as interactions between chatbots and users in distress, requires human judgment to understand broader implications and potential impacts.

Finally, a defense-in-depth approach is critical for ensuring AI system security. The report advocates for a layered strategy combining continuous testing, robust defenses, and adaptive measures to mitigate generative AI risks. Although mitigation efforts can reduce vulnerabilities, they cannot eliminate all risks, underscoring the vital role of ongoing red team testing in strengthening AI systems. Microsoft researchers note that through repeated identification and response to vulnerabilities, organizations can increase attack costs, thereby deterring adversaries and enhancing overall AI security posture.