CyberArk Unveils Breakthrough Open-Source Tool That Helps Organizations Safeguard Against AI Model Jailbreaks
CyberArk (NASDAQ: CYBR) has launched FuzzyAI, an open-source framework designed to test and identify vulnerabilities in AI models. The tool has successfully jailbroken every major AI model tested, helping organizations address security challenges in both cloud-hosted and in-house AI implementations.
FuzzyAI features comprehensive fuzzing capabilities to probe AI models for vulnerabilities, including guardrail bypassing, information leakage, and harmful output generation. The framework is extensible, allowing organizations to add custom attack methods, and benefits from community collaboration for continuous improvement.
The tool will be available as open-source software on CyberArk Labs' GitHub Page from December 11, 2024, with a demonstration planned at Black Hat Europe Arsenal through a Capture The Flag event.
CyberArk (NASDAQ: CYBR) ha lanciato FuzzyAI, un framework open-source progettato per testare e identificare vulnerabilità nei modelli di intelligenza artificiale. Lo strumento ha sbloccato con successo ogni principale modello di AI testato, aiutando le organizzazioni ad affrontare le sfide della sicurezza sia nelle implementazioni di AI ospitate nel cloud che quelle interne.
FuzzyAI offre capacità di fuzzing complete per esaminare i modelli di AI alla ricerca di vulnerabilità, tra cui bypass dei guardrail, perdita di informazioni e generazione di output dannosi. Il framework è estensibile, consentendo alle organizzazioni di aggiungere metodi di attacco personalizzati, e beneficia della collaborazione della comunità per un miglioramento continuo.
Lo strumento sarà disponibile come software open-source sulla pagina GitHub di CyberArk Labs a partire dall'11 dicembre 2024, con una dimostrazione prevista all'Arsenal di Black Hat Europe attraverso un evento Capture The Flag.
CyberArk (NASDAQ: CYBR) ha lanzado FuzzyAI, un marco de trabajo de código abierto diseñado para probar e identificar vulnerabilidades en modelos de IA. La herramienta ha logrado desbloquear cada modelo de IA importante probado, ayudando a las organizaciones a abordar los desafíos de seguridad tanto en implementaciones de IA alojadas en la nube como internas.
FuzzyAI cuenta con capacidades de fuzzing completas para sondear modelos de IA en busca de vulnerabilidades, incluyendo el eludir guardrails, filtraciones de información y generación de salidas perjudiciales. El marco es extensible, permitiendo a las organizaciones agregar métodos de ataque personalizados, y se beneficia de la colaboración comunitaria para una mejora continua.
La herramienta estará disponible como software de código abierto en la página de GitHub de CyberArk Labs a partir del 11 de diciembre de 2024, con una demostración programada en el Arsenal de Black Hat Europe a través de un evento Capture The Flag.
CyberArk (NASDAQ: CYBR)는 AI 모델의 취약성을 테스트하고 식별하기 위해 설계된 오픈 소스 프레임워크인 FuzzyAI를 출시했습니다. 이 도구는 테스트된 모든 주요 AI 모델을 성공적으로 탈옥했으며, 조직이 클라우드 호스팅 및 내부 AI 구현 모두의 보안 문제를 해결하는 데 도움을 주고 있습니다.
FuzzyAI는 취약성을 검사하기 위해 AI 모델을 탐색하는 포괄적인 퍼징 기능을 제공하며, 여기에는 가드레일 우회, 정보 유출 및 해로운 출력 생성이 포함됩니다. 이 프레임워크는 확장 가능하여 조직이 사용자 지정 공격 방법을 추가할 수 있으며, 지속적인 개선을 위한 커뮤니티 협력의 이점을 누립니다.
이 도구는 2024년 12월 11일부터 CyberArk Labs의 GitHub 페이지에서 오픈 소스 소프트웨어로 제공될 예정이며, Black Hat Europe Arsenal에서 Capture The Flag 이벤트를 통해 시연이 계획되어 있습니다.
CyberArk (NASDAQ: CYBR) a lancé FuzzyAI, un cadre open-source conçu pour tester et identifier les vulnérabilités des modèles d'IA. L'outil a réussi à déverrouiller chaque modèle d'IA majeur testé, aidant les organisations à relever les défis de sécurité tant pour les implémentations d'IA hébergées dans le cloud que celles en interne.
FuzzyAI dispose de capacités de fuzzing complètes pour interroger les modèles d'IA à la recherche de vulnérabilités, y compris le contournement des garde-fous, les fuites d'informations et la génération de sorties nuisibles. Le cadre est extensible, permettant aux organisations d'ajouter des méthodes d'attaque personnalisées et bénéficie de la collaboration de la communauté pour une amélioration continue.
L'outil sera disponible en tant que logiciel open-source sur la page GitHub de CyberArk Labs à partir du 11 décembre 2024, avec une démonstration prévue à l'Arsenal de Black Hat Europe lors d'un événement Capture The Flag.
CyberArk (NASDAQ: CYBR) hat FuzzyAI gestartet, ein Open-Source-Framework, das entwickelt wurde, um Schwachstellen in KI-Modellen zu testen und zu identifizieren. Das Tool hat erfolgreich jedes getestete große KI-Modell geknackt und hilft Organisationen, Sicherheitsherausforderungen sowohl bei cloudbasierten als auch bei internen KI-Implementierungen zu bewältigen.
FuzzyAI bietet umfassende Fuzzing-Funktionen, um KI-Modelle auf Schwachstellen zu prüfen, einschließlich des Umgehens von Schutzvorrichtungen, Informationsleckagen und der Erzeugung schädlicher Ausgaben. Das Framework ist erweiterbar, sodass Organisationen benutzerdefinierte Angriffsmethoden hinzufügen können, und profitiert von der Zusammenarbeit der Community zur kontinuierlichen Verbesserung.
Das Tool wird ab dem 11. Dezember 2024 als Open-Source-Software auf der GitHub-Seite von CyberArk Labs verfügbar sein, mit einer geplanten Demonstration im Arsenal von Black Hat Europe durch ein Capture The Flag-Event.
- Launch of innovative security testing tool that successfully broke every major AI model tested
- Expansion into the growing AI security market with a unique open-source solution
- Strengthening market position as a leader in identity security through AI-focused offerings
- None.
Insights
The release of FuzzyAI represents a significant advancement in AI security testing. By successfully jailbreaking major AI models, this tool exposes critical vulnerabilities that could have substantial implications for enterprises implementing AI solutions. The open-source framework's ability to test against multiple attack vectors, including guardrail bypassing and prompt injection, addresses a important gap in the AI security landscape.
The tool's extensible nature and community-driven approach position it as a valuable resource for organizations to proactively identify and mitigate AI security risks before deployment. This is particularly relevant as companies increasingly integrate AI models into their core operations. The ability to customize attack methods for domain-specific vulnerabilities makes it especially valuable for sectors with unique security requirements.
This strategic move strengthens CyberArk's position in the rapidly growing AI security market. By offering FuzzyAI as an open-source tool, CyberArk is likely to enhance its market presence and thought leadership in the AI security space, potentially driving increased adoption of its commercial security solutions. The timing is particularly strategic as organizations globally grapple with AI security challenges.
The tool's launch could positively impact CyberArk's market valuation by demonstrating its innovation capabilities and commitment to addressing emerging cybersecurity challenges. This positions CyberArk favorably against competitors in the identity security space, particularly as AI security becomes a critical concern for enterprises.
Why FuzzyAI?
AI models are transforming industries with innovative applications in customer interactions, internal process improvements and automation. Internal usage of these models also presents new security challenges for which most organizations are unprepared.
FuzzyAI helps solve some of these challenges by offering organizations a systematic approach to testing AI models against various adversarial inputs, uncovering potential weak points in their security systems and making AI development and deployment safer. At the heart of FuzzyAI is a powerful fuzzer - a tool that reveals software defects and vulnerabilities - capable of exposing vulnerabilities found via more than ten distinct attack techniques, from bypassing ethical filters to exposing hidden system prompts. Key features of FuzzyAI include:
- Comprehensive Fuzzing: FuzzyAI probes AI models with various attack techniques to expose vulnerabilities like bypassing guardrails, information leakage, prompt injection or harmful output generation.
- An Extensible Framework: Organizations and researchers can add their own attack methods to tailor tests for domain-specific vulnerabilities.
- Community Collaboration: A growing community-driven ecosystem ensures continuous adversarial techniques and defense mechanisms advancements.
“The launch of FuzzyAI underlines CyberArk’s commitment to AI security and helps organizations take a significant step forward in addressing the security issues inherent in the evolving landscape of AI model usage,” said Peretz Regev, Chief Product Officer at CyberArk. “Developed by CyberArk Labs, FuzzyAI has demonstrated the ability to jailbreak every major tested AI model. FuzzyAI empowers organizations and researchers to identify weaknesses and actively fortify their AI systems against emerging threats.”
FuzzyAI Availability
FuzzyAI’s fully extensible framework is available as open-source software on CyberArk Labs’ GitHub Page from December 11, 2024. CyberArk Labs will run a Capture The Flag (CTF) event at Black Hat Europe Arsenal to showcase its practical applications, highlighting the real-world impacts of jailbreak vulnerabilities and the pressing need for proactive mitigation.
About CyberArk
CyberArk (NASDAQ: CYBR) is the global leader in identity security. Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud environments and throughout the DevOps lifecycle. The world’s leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit https://www.cyberark.com, read the CyberArk blogs or follow on LinkedIn, X, Facebook or YouTube.
Copyright © 2024 CyberArk Software. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
View source version on businesswire.com: https://www.businesswire.com/news/home/20241211837303/en/
Investor Relations:
Srinivas Anantha, CFA
CyberArk
617-558-2132
ir@cyberark.com
Media:
Nick Bowman
CyberArk
+44 (0) 7841 673378
press@cyberark.com
Source: CyberArk
FAQ
When will CyberArk's FuzzyAI (CYBR) be available to the public?
What security vulnerabilities can FuzzyAI detect in AI models?
How does CyberArk's FuzzyAI (CYBR) framework work?
Where will CyberArk (CYBR) demonstrate FuzzyAI's capabilities?