Shining a Light on AI: Ensuring Vendor Transparency in Data Sourcing and Delivery
Amidst the proliferation of AI solutions, the focus lies in evaluating transparency, undisclosed system modifications, and data exfiltration within the privacy policies of vendors providing desktop applications, browser plug-ins, and browser-only AI solutions.
SANS_Shining_a_Light_on_AI_Ensuring_Vendor Transparency in Data Sourcing and Delivery - Publ (PDF, 0.93MB)
29 Jan 2024Related Content
Secure By Design: An Exploration of the Application of Generative AI in Threat Modeling Technical Design Documents
Research PaperThis paper explores the efficacy of large language models (LLMs) for creating comprehensive threat models by analyzing technical design documents, particularly when provided with additional contextual information about the product's underlying infrastructure and deployment environment.
- 27 May 2026
Leveraging Large Language Models for Cross-Vendor Firewall Configuration Migration: A Comparative Case Study of Claude and ChatGPT
Research PaperThis paper investigates how two current-generation large language models (LLMs) perform on a single, representative firewall migration task.
- 12 May 2026
No-Cost Detection of Endpoint Hard Drive Removal
Research PaperThis paper analyzes low-cost detection methods, using existing hard drive counters from Self-Monitoring, Analysis, and Reporting Technology (S.M.A.R.T.) and the Windows Registry, for their fidelity in detecting hard drive removal.
- 19 Nov 2025
Structural Vulnerability: Autodesk Revit Server WAN Exposure Versus Cost of Autodesk Construction Cloud
Research PaperAutodesk Revit Server, a critical collaboration tool in the architecture, engineering, and construction (AEC) industry, was designed to operate within trusted networks.
- 7 Nov 2025
Automating Generative AI Guidelines: Reducing Prompt Injection Risk with 'Shift-Left' MITRE ATLAS Mitigation Testing
Research PaperAutomated testing during the build stage of the AI engineering life cycle can evaluate the effectiveness of generative AI guidelines against prompt injection attacks.
- 7 Nov 2025
Can Your Security Stack Handle AI? An Empirical Assessment of Enterprise Controls Versus Generative AI Risks
Research PaperEnterprise security teams face a critical dilemma. Executives want AI productivity gains, but it remains uncertain if existing security controls can handle the risks.
- 6 Nov 2025
Privacy Protections: Are Stronger Laws Changing What We Reveal?
Research PaperAs U.S. states enact privacy laws aimed at giving consumers more control over their personal data, little is known about whether privacy legislation influences individuals’ willingness to disclose their identity on public platforms.
- 26 Sep 2025
Forensic Investigation of Bluetooth-Based Credit Card Skimmers
Research PaperHidden Bluetooth Low Energy (BLE) credit skimmers are a growing threat to credit card fraud. Criminals can set up practical and inexpensive systems built on top of modules, such as the HM-19, to collect and transmit stolen data covertly across wireless channels.
- 3 Sep 2025
Fixing What You Broke: Can AI Be Used to Thwart AI-Generated Malware?
Research PaperSecurity professionals are starting to rethink their approach to access control and monitoring for...
- 3 Sep 2025
Trust But Verify: Evaluating the Accuracy of LLMs in Normalizing Threat Data Feeds
Research PaperThis paper examines whether Large Language Models (LLMs) can be reliably applied to the normalization of Indicators of Compromise (IOCs) into Structured Threat Information Expression (STIX) format.
- 16 Jul 2025
Do AI Coding Assistants Make Bad Coders Worse? A Security Evaluation of GitHub Copilot
Research PaperAs AI coding assistants become increasingly integral to software development, the security of their generated outputs is under greater scrutiny.
- 11 Jul 2025
AI-Driven Insecurity: Assessing Security Gaps in AI Generated IT Guidance
Research PaperThe increasing reliance on AI-generated technical guidance for IT system configuration introduces significant security risks. This study assesses these risks through a case study: setting up an Apache web server on a Rocky Linux system using instructions from seven AI models.
- 13 May 2025
SIEM Detection Logic Conversion with LLMs
Research PaperThis research explores how Large Language Models (LLMs) and automation scripts can expedite the translation of detection logic between SIEMs, converting detections in minutes instead of hours.
- 2 May 2025
A Pebble In the Ocean: Maximizing Log Fidelity In Container Environments
Research PaperLog fidelity is crucial for Incident Response Teams to investigate and contain cyber incidents but...
- 17 Apr 2025
Leveraging Large Language Models for Security-Focused Code Reviews
Research PaperThis study investigates the potential application of Large Language Models (LLMs) in enhancing...
- 26 Mar 2025
Unveiling the Dependency on Network Telemetry: Optimizing Lateral Movement Detection
Research PaperThis study investigates the dependency on network and endpoint telemetry for identifying lateral...
- 17 Jan 2025
MITRE ATT&CK Labeling of Cyber Threat Intelligence via LLM
Research PaperThis paper explores the effectiveness of various online and locally hosted LLMs in classifying an...
- 7 Jan 2025
Beyond Detection: Using Real Phishing Data to Gauge Security Training Program Success
Research PaperIdentification of phishing emails can be cumbersome, accomplished by rule-based filters, machine...
- 7 Jan 2025
Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords
Research PaperAs digital threats grow increasingly sophisticated, traditional password-based authentication...
- 23 Dec 2024
- Rich Greene
Protecting the Poor: A Deep Dive into EBT Skimming and Solutions to Combat It
Research PaperElectronic Benefits Transfer (EBT) cards provide individuals receiving government assistance for...
- 23 Dec 2024