CyberArk (NASDAQ: CYBR), the global leader in identity security, announced the launch of FuzzyAI, a cutting-edge open-source framework that has jailbroken every tested AI model. Fuzzy AI helps organisations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models. FuzzyAI’s fully extensible framework is available as open-source software on CyberArk Labs’ GitHub Page.
AI models are transforming industries with innovative applications in customer interactions, internal process improvements and automation. Internal usage of these models also presents new security challenges for which most organisations are unprepared. FuzzyAI helps solve these challenges by offering organisations a systematic approach to testing AI models against various adversarial inputs, uncovering potential weak points in their security systems and making AI development and deployment safer.
At the heart of FuzzyAI is a powerful fuzzer - a tool that reveals software defects and vulnerabilities - capable of exposing vulnerabilities found via more than ten distinct attack techniques, from bypassing ethical filters to exposing hidden system prompts.
According to Thomas Fikentscher, CyberArk’s Area Vice President for ANZ, the use of AI models promises to deliver significant productivity improvements to organisations along with enhanced degrees of automation and far easier interaction with complex technology however the consequences of AI breaches also promise to be significant.
“It’s imperative that when deploying AI, organisations learn from previous instances where new technologies have been introduced without proper consideration of the security consequences. Relying on cybersecurity teams to play 'catch up' after AI security breaches, would be a costly and potentially devastating miscalculation,” said Fikentscher.
Key features of FuzzyAI include:
- Comprehensive Fuzzing: Fuzzy AI probes AI models with various attack techniques to expose vulnerabilities like bypassing guardrails, information leakage, prompt injection or harmful output generation.
- An Extensible Framework: Organisations and researchers can add their own attack methods to tailor tests for domain-specific vulnerabilities.
- Community Collaboration: A growing community-driven ecosystem ensures continuous adversarial techniques and defense mechanisms advancements.
“The launch of FuzzyAI underlines CyberArk’s commitment to AI security and helps organiations take a significant step forward in addressing the security issues inherent in the evolving landscape of AI model usage,” said Peretz Regev, Chief Product Officer at CyberArk. “Developed by CyberArk Labs, FuzzyAI has demonstrated the ability to jailbreak every tested AI model. FuzzyAI empowers organisations and researchers to identify weaknesses and actively fortify their AI systems against emerging threats.”
CyberArk Labs will run a Capture The Flag (CTF) event at Black Hat Europe Arsenal to showcase its practical applications, highlighting the real-world impacts of jailbreak vulnerabilities and the pressing need for proactive mitigation. To understand first-hand how organisations can adopt AI without creating cyber risk, Black Hat Europe 2024 attendees can explore the tool’s capabilities and applications.