Protecting the Keys to the Kingdom with Fortinet

The Three Pillars of Fortinet AI Security: Protect from AI, Assist with AI, and Secure AI. This demonstration illustrates how Fortinet combines AI-driven analytics for SOC assistance with deep protection for AI workloads themselves. Showcasing a simulated attack on a cloud-based e-commerce application powered by an AI chatbot, and highlighting vulnerabilities that can be exploited through prompt injection and server-side request forgery (SSRF). Julian, acting as the attacker, successfully gains access to AWS metadata, steals credentials, and manipulates the chatbot to respond in “ducky language” by injecting malicious content into the S3 bucket storing review data. The attack demonstrated how an attacker could exploit hidden or overlooked API features, underscoring the importance of input sanitization and proper configuration of cloud resources.

Srija then demonstrates Fortinet’s web application firewall (FortiWeb) capabilities in mitigating SSRF attacks through input validation and parameter filtering. By creating rules to block requests originating from local or auto-configuration IPs, FortiWeb successfully prevents Julian from obtaining a new token. Derek showcases FortiCNAP’s ability to monitor API calls, detect malicious activity based on IP address geolocation, and identify misconfigured roles with excessive entitlements.

Finally, Derek initiates an automated remediation workflow using FortiSOAR, triggered by the detection of malicious activity. The workflow cleans the malicious file from the S3 bucket, blocks access from the attacker’s IP address, and revokes the temporary credentials, showcasing a comprehensive approach to threat detection, response, and remediation in a cloud environment. The presentation concludes by reinforcing the importance of a layered security approach that combines preventive measures, monitoring, and automated responses to protect AI-powered applications and cloud infrastructure.