Watch on YouTube
Watch on Vimeo
Fortinet’s approach to securing AI workloads involves a layered defense strategy. Their presentation at Cloud Field Day 24 demonstrated SQL injection (SQLi), Server-Side Request Forgery (SSRF), and model manipulation attacks against an AI-powered application using the Model Context Protocol (MCP), showcasing how Fortinet solutions protect at each stage of the attack kill chain. The demonstration highlighted the vulnerabilities introduced by AI agents and the importance of securing this new attack surface.
The presented environment, deployed in AWS as microservices, features a vulnerable e-commerce application (“Juice Shop”) augmented with an AI chatbot. Traffic between VPCs is routed through a security services VPC, where FortiWeb (web application firewall) and FortiGate provide inspection. The attack flow involves a user interacting with the chatbot, which then communicates with a large language model (OpenAI) via MCP. This interaction exposes vulnerabilities, as demonstrated by an attacker successfully injecting SQL code through the chatbot interface, bypassing traditional web application firewall protections.
Fortinet demonstrated how FortiWeb’s machine learning capabilities can detect and mitigate these attacks. By learning normal application traffic and building a model of expected API behavior, FortiWeb can identify anomalous requests, such as SQL injection attempts. The system then evaluates these alerts, leveraging its threat intelligence database to determine appropriate actions, including blocking malicious requests. Furthermore, FortiWeb’s AI assistant provides detailed analysis of attacks, including remediation recommendations, and generates API documentation to keep up with rapidly evolving pre-built APIs.
Personnel: Derrick Gooch, Julian Petersohn, Srija Allam
Thank you for being part of the Tech Field Day community! Our mailing list is a great way to stay up to date on our events and technical content, and we appreciate your signup.
We promise that we’ll never spam you, send ads, or sell your information. This list will only be used to communicate with our community about our events and content. And we’ll limit it to no more than one message per week.
Although we only need your email address, it would be nice if you provided a little more information to help us get to know you better!
