Fortinet Presents at Cloud Field Day 24

Defending Cloud AI Applications with Fortinet

Watch on YouTube
Watch on Vimeo

The scalability, GPU access, and managed services of public cloud make it the natural platform for developing and deploying AI and LLM-based applications—and why this changes the architecture of security itself. Fortinet is focusing on securing AI applications in the cloud, a topic that dominates its conversations with customers. They emphasize the cloud’s unique ability to provide the scalability needed to run GPUs and TPUs, simplifying deployment and accelerating the development of agentic services. They are seeing increased reports of model theft and prompt injection attacks, alongside traditional hygiene issues like misconfigurations and stolen credentials, highlighting the growing need for robust security measures in cloud-based AI deployments.

Fortinet’s approach involves a layered security strategy that incorporates tools such as FortiOS for zero-trust access and continuous posture assessment, FortiCNAP for vulnerability scanning throughout the AI workload lifecycle, and FortiWeb for web application and API protection. FortiWeb uses machine learning to detect anomalous activities and sanitize LLM user input, addressing the OWASP Top 10 threats to LLMs. The company also highlights the importance of data protection, implementing data leak prevention measures on endpoints and in-line to control access to sensitive data and training data.

The presentation outlines a demo environment showcasing a segmented network with standard security measures in place. Fortinet will inspect both north-south and east-west traffic between nodes, monitoring the environment with FortiCNAP. The demo will demonstrate how a combination of old and new attacks, such as SQL injection escalating into SSRF and model corruption, can compromise AI applications. The aim is to highlight the importance of securing access, implementing robust data protection measures, and maintaining vigilance against evolving AI-specific threats.

Personnel: Aidan Walden

AI Powered Web Application Protection with Fortinet

Watch on YouTube
Watch on Vimeo

Fortinet’s approach to securing AI workloads involves a layered defense strategy. Their presentation at Cloud Field Day 24 demonstrated SQL injection (SQLi), Server-Side Request Forgery (SSRF), and model manipulation attacks against an AI-powered application using the Model Context Protocol (MCP), showcasing how Fortinet solutions protect at each stage of the attack kill chain. The demonstration highlighted the vulnerabilities introduced by AI agents and the importance of securing this new attack surface.

The presented environment, deployed in AWS as microservices, features a vulnerable e-commerce application (“Juice Shop”) augmented with an AI chatbot. Traffic between VPCs is routed through a security services VPC, where FortiWeb (web application firewall) and FortiGate provide inspection. The attack flow involves a user interacting with the chatbot, which then communicates with a large language model (OpenAI) via MCP. This interaction exposes vulnerabilities, as demonstrated by an attacker successfully injecting SQL code through the chatbot interface, bypassing traditional web application firewall protections.

Fortinet demonstrated how FortiWeb’s machine learning capabilities can detect and mitigate these attacks. By learning normal application traffic and building a model of expected API behavior, FortiWeb can identify anomalous requests, such as SQL injection attempts. The system then evaluates these alerts, leveraging its threat intelligence database to determine appropriate actions, including blocking malicious requests. Furthermore, FortiWeb’s AI assistant provides detailed analysis of attacks, including remediation recommendations, and generates API documentation to keep up with rapidly evolving pre-built APIs.

Personnel: Derrick Gooch, Julian Petersohn, Srija Allam

Protecting the Keys to the Kingdom with Fortinet

Watch on YouTube
Watch on Vimeo

The Three Pillars of Fortinet AI Security: Protect from AI, Assist with AI, and Secure AI. This demonstration illustrates how Fortinet combines AI-driven analytics for SOC assistance with deep protection for AI workloads themselves. Showcasing a simulated attack on a cloud-based e-commerce application powered by an AI chatbot, and highlighting vulnerabilities that can be exploited through prompt injection and server-side request forgery (SSRF). Julian, acting as the attacker, successfully gains access to AWS metadata, steals credentials, and manipulates the chatbot to respond in “ducky language” by injecting malicious content into the S3 bucket storing review data. The attack demonstrated how an attacker could exploit hidden or overlooked API features, underscoring the importance of input sanitization and proper configuration of cloud resources.

Srija then demonstrates Fortinet’s web application firewall (FortiWeb) capabilities in mitigating SSRF attacks through input validation and parameter filtering. By creating rules to block requests originating from local or auto-configuration IPs, FortiWeb successfully prevents Julian from obtaining a new token. Derek showcases FortiCNAP’s ability to monitor API calls, detect malicious activity based on IP address geolocation, and identify misconfigured roles with excessive entitlements.

Finally, Derek initiates an automated remediation workflow using FortiSOAR, triggered by the detection of malicious activity. The workflow cleans the malicious file from the S3 bucket, blocks access from the attacker’s IP address, and revokes the temporary credentials, showcasing a comprehensive approach to threat detection, response, and remediation in a cloud environment. The presentation concludes by reinforcing the importance of a layered security approach that combines preventive measures, monitoring, and automated responses to protect AI-powered applications and cloud infrastructure.

Personnel: Derrick Gooch, Julian Petersohn, Srija Allam