Today on Runtime: the promise and peril of generative AI in cybersecurity, SAP sees stronger days ahead, and this week in enterprise startup funding.
Runtime is an enterprise tech newsletter that comes out three times a week on Tuesdays, Thursdays, and Saturdays. If you like it, tell a friend!
Attac and protec
Security has often been an afterthought during the rush to embrace new enterprise tech trends over the past decade. The rise of generative AI and large-language models over the last six months, however, presents both a challenge and an opportunity.
Software using generative AI can be both an attack surface and a valuable defensive tool, creating new security issues for businesses but also providing a powerful new tool to analyze their weaknesses and defend against novel types of intrusions.
- "There's some really strong evidence that you really should not be using large language models, especially not the ones that are commercially available right now, for extremely sensitive tasks, which could be financial advice, or legal advice, or potentially even a medical task," said Liz O'Sullivan, CEO of Vera, which helps customers securely implement AI tech.
- And while nothing defines the average mindset of a CISO so much as constant worrying about the unknown, generative AI could also be a huge benefit to security operations.
- "Network defenders also have an incredible opportunity to utilize generative AI in ways that I can't even imagine yet, but they're going to be able to use this to speed (up) their own detection," said Ryan Kovar, distinguished security strategist at Splunk.
Two types of basic security concerns have accompanied the rise of generative AI in the enterprise: One is Introducing security holes into existing products by connecting powerful large language models (LLMs) to customer or corporate data.
- Sprinklr, a customer-experience SaaS company, has licensed OpenAI's enterprise product to use alongside its own homegrown research to help improve the quality of the interactions between the users of its product and those users’ own customers, said Gerald Beuchelt, the company's CISO.
- At some point, companies that adopt generative AI and LLMs are going to want to train their own models using internal data for internal product development, but they should tread carefully.
- "Our position is that it's a fallacy to think that any team can be as good as these multibillion-dollar companies that are training these models at scale; that's all they do," she said.
The potential for internal business users to inadvertently expose sensitive corporate data by using LLMs to write a quick memo is another pressing concern.
- "Unlike traditional data loss prevention (tools), we don't really have forensic capabilities for data that gets leaked through AI."said Boaz Gelbord, senior vice president and chief security officer at Akamai.
- However, this is a concern that has come up time and time again as businesses have embraced cloud services.
- "It's easy to sometimes forget those basics when the enthusiasm for something occurs; managing the data and the access, knowing what's being used, knowing the configuration of your web servers, baking into your frameworks input validation, all that," said Royal Hansen, vice president of privacy, safety, and security engineering at Google.
Generative AI security technology is very likely to impact the cat-and-mouse game played by criminal hacking elements and the defenders who try to stop them.
- "There's just this tidal wave of those types of attacks that are coming, where you couldn't reasonably expect a person, even someone who's relatively vigilant about these kinds of things, to be able to spot that," Gelbord said.
- However, generative AI technologies are also generating a lot of excitement among security "blue" teams, those responsible for detecting intrusions and attacks often launched by internal "red" teams simulating malicious actors in training exercises.
- "If people realized how much network defenders were already using ChatGPT they'd be shocked," Kovar said.
Generative AI technologies could also allow defenders to write detection scripts and workarounds much, much faster than they could have with older processes, Kovar said.
- "To me, the idea of generative AI is to augment staff quickly," he said. "And it expands the capabilities of a network security team in ways that I don't think we've fully recognized yet."
Signs of growth
If SAP is any indication, one of the slowest periods for enterprise tech growth in recent memory is starting to pick up.
SAP raised its full-year revenue guidance by just over $4 billion Tuesday, citing increased demand for its cloud software. While a chunk of that interest is fueled by SAP's massive customer base finally making the switch from on-premises data center hardware and software to cloud services, it's still a positive sign that businesses are feeling more comfortable about making enterprise tech investments than they have been over the last two quarters.
There are tricky existential questions ahead for SAP, which enjoys widespread support from huge companies that have been using its software for decades and are more or less stuck with it, but is less common inside the tech stacks of newer companies reaching their enterprise stage. Yet there are still so many companies with huge operating budgets that have yet to move off older on-premises software bundles, and two new partnerships with Microsoft and Google Cloud announced Tuesday should help prod those latecomers into taking action.
Together raised $20 million in seed funding to develop an open-source approach to developing generative AI models.
Zip landed $100 million in Series C funding as it builds out its procurement software business.
Kustomer spun out of Meta with $60 million in new funding, valuing the customer-experience software company at $250 million after Meta (then Facebook) bought it for $1 billion in 2020.
Huntress raised $60 million in Series C funding with plans to bring its endpoint security tech to larger-sized businesses.
The Runtime roundup
Zoom jumped on the generative AI bandwagon with plans to add Anthropic's chatbot to its contact-center software first before rolling it out across other parts of its portfolio.
Microsoft is under "informal" scrutiny by the European Union over charges it could be using its influence in the enterprise software market to squash competitors.
A judge ruled that Larry Ellison acted properly during the sale of NetSuite to Oracle back in 2016, dismissing claims that Oracle overpaid for NetSuite because Ellison was a NetSuite shareholder.
The recovery process from a prolonged Datadog outage was a little more complicated than usual because of its multicloud architecture, according to its postmortem report.
Thanks for reading — see you Thursday!