Merge pull request #270781 from ElazarK/WI233482-rsa-ai

Gen AI rsa

Author: Stacyrch140

articles/defender-for-cloud/TOC.yml

@@ -255,6 +255,11 @@
       items:
         - name: Agentless container posture in Defender CSPM
           href: concept-agentless-containers.md
+    - name: Improve your AI security posture management
+      items:
+      - name: AI security posture management
+        displayName: AI, security, posture, management
+        href: ai-security-posture.md
     - name: Security recommendations
       items:
         - name: Reference list of Azure recommendations
@@ -314,6 +319,14 @@
         - name: Integrate security solutions
           displayName: security, solutions, integrate, integrated, data sources
           href: partner-integration.md
+    - name: AI security posture
+      items:
+        - name: Discover generative AI workloads
+          displayName: AI, workloads, models, applications, apps, AI BOM
+          href: identify-ai-workload-model.md
+        - name: Explore risks to pre-deployment generative AI artifacts
+          displayName: AI, risks, generative, applications, apps
+          href: explore-ai-risk.md
     - name: Data-aware security posture
       items:
         - name: Enable data-aware security posture
@@ -914,6 +927,14 @@
             href: review-pull-request-annotations.md
       - name: Common questions about DevOps security
         href: faq-defender-for-devops.yml
+  - name: Threat protection for AI workloads (preview)
+    items:
+      - name: Overview
+        displayName: AI, Defender for AI
+        href: ai-threat-protection.md
+      - name: Enable threat protection for AI workloads (preview)
+        displayName: AI, Defender for AI
+        href: ai-onboarding.md
 - name: Reference
   items:
     - name: Archived release notes (older than six months)

articles/defender-for-cloud/ai-onboarding.md

@@ -0,0 +1,55 @@
+---
+title: Enable threat protection for AI workloads (preview)
+description: Learn how to enable threat protection for AI workloads on your Azure subscription for Microsoft Defender for Cloud.
+ms.topic: install-set-up-deploy
+ms.date: 05/05/2024
+---
+
+# Enable threat protection for AI workloads (preview)
+
+Threat protection for AI workloads in Microsoft Defender for Cloud protects AI workloads on an Azure subscription by providing insights to threats that might affect your generative AI applications.
+
+> [!IMPORTANT]
+> Threat protection for AI workloads is currently in preview.
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+## Prerequisites
+
+- Read up on [Overview - AI threat protection](ai-threat-protection.md).
+
+- You need a Microsoft Azure subscription. If you don't have an Azure subscription, you can [sign up for a free subscription](https://azure.microsoft.com/pricing/free-trial/).
+
+- You must [enable Defender for Cloud](get-started.md#enable-defender-for-cloud-on-your-azure-subscription) on your Azure subscription.
+
+- We recommend that you don't opt out of prompt based prompt-base triggered alerts for [Azure OpenAI content filtering](../ai-services/openai/concepts/content-filter.md). If you opt out of prompt-based trigger alerts and remove that capability, it can affect Defender for Cloud's ability to monitor and detect such attacks.
+
+## Enroll in the limited preview
+
+To get started, you must [sign up](https://aka.ms/D4AI/PublicPreviewAccess) and be accepted to the limited preview, you can start onboarding threat protection for AI workloads.
+
+1. Fill out the [registration form](https://aka.ms/D4AI/PublicPreviewAccess).
+
+1. Wait to receive an email that confirms your acceptance or rejection from the limited preview.
+
+If you're accepted into the limited preview, you can enable threat protection for AI workloads on your Azure subscription.
+
+## Enable threat protection for AI workloads
+
+Enable threat protection for AI workloads.
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+
+1. Search for and select **Microsoft Defender for Cloud**.
+
+1. In the Defender for Cloud menu, select **Environment settings**.
+
+1. Select the relevant Azure subscription.
+
+1. On the Defender plans page, toggle the AI workloads to **On**.
+
+    :::image type="content" source="media/ai-onboarding/enable-ai-workloads-plan.png" alt-text="Screenshot that shows you how to toggle threat protection for AI workloads to on." lightbox="media/ai-onboarding/enable-ai-workloads-plan.png":::
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Manage and respond to the security alerts](managing-and-responding-alerts.yml)

articles/defender-for-cloud/ai-security-posture.md

@@ -0,0 +1,69 @@
+---
+title: AI security posture management
+description: Learn about AI security posture management in Microsoft Defender for Cloud and how it protects resources from AI threats.
+ms.date: 05/05/2024
+ms.topic: concept-article
+ms.author: elkrieger
+author: Elazark
+#customer intent: As a cloud security professional, I want to understand how to secure my generative AI resources using Defender for Cloud's AI security posture management capabilities.
+---
+
+# AI security posture management
+
+The Defender Cloud Security Posture Management (CSPM) plan in Microsoft Defender for Cloud provides AI security posture management capabilities that secure enterprise-built, multi, or hybrid cloud (currently Azure and AWS) generative AI applications, throughout the entire application lifecycle. Defender for Cloud reduces risk to cross cloud AI workloads by:
+
+- Discovering generative AI Bill of Materials (AI BOM), which includes application components, data, and AI artifacts from code to cloud.
+- Strengthening generative AI application security posture with built-in recommendations and by exploring and remediating security risks.
+- Using the attack path analysis to identify and remediate risks.
+
+:::image type="content" source="media/ai-security-posture/ai-lifecycle.png" alt-text="Diagram of the development lifecycle that is covered by Defender for Cloud's AI security posture management.":::
+
+## Discovering generative AI apps
+
+Defender for Cloud discovers AI workloads and identifies details of your organization's AI BOM. This visibility allows you to identify and address vulnerabilities and protect generative AI applications from potential threats.
+
+Defenders for Cloud automatically and continuously discover deployed AI workloads across the following services: 
+
+- Azure OpenAI Service
+- Azure Machine Learning
+- Amazon Bedrock
+
+Defender for Cloud can also discover vulnerabilities within generative AI library dependencies such as TensorFlow, PyTorch, and Langchain, by scanning source code for Infrastructure as Code (IaC) misconfigurations and container images for vulnerabilities. Regularly updating or patching the libraries can prevent exploits, protecting generative AI applications and maintaining their integrity.
+
+With these features, Defender for Cloud provides full visibility of AI workloads from code to cloud.
+
+## Reducing risks to generative AI apps
+
+Defender CSPM provides contextual insights into an organization's AI security posture. You can reduce risks within your AI workloads using security recommendations and attack path analysis.
+
+### Exploring risks using recommendations
+
+Defender for Cloud assesses AI workloads and issues recommendations around identity, data security, and internet exposure to identify and prioritize critical security issues in AI workloads.
+
+#### Detecting IaC misconfigurations
+
+DevOps security detects IaC misconfigurations, which can expose generative AI applications to security vulnerabilities, such as over-exposed access controls or inadvertent publicly exposed services. These misconfigurations could lead to data breaches, unauthorized access, and compliance issues, especially when handling strict data privacy regulations.
+
+Defender for Cloud assesses your generative AI apps configuration and provides security recommendations to improve AI security posture. 
+
+Detected misconfigurations should be remediated early in the development cycle to prevent more complex problems later on. 
+
+Current IaC AI security checks include:
+
+- Use Azure AI Service Private Endpoints
+- Restrict Azure AI Service Endpoints
+- Use Managed Identity for Azure AI Service Accounts
+- Use identity-based authentication for Azure AI Service Accounts
+
+### Exploring risks with attack path analysis
+
+Attack paths analysis detects and mitigates risks to AI workloads, particularly during grounding (linking AI models to specific data) and fine-tuning (adjusting a pretrained model on a specific dataset to improve its performance on a related task) stages, where data might be exposed. 
+
+By monitoring AI workloads continuously, attack path analysis can identify weaknesses and potential vulnerabilities and follow up with recommendations. Additionally, it extends to cases where the data and compute resources are distributed across Azure, AWS, and GCP.
+
+## Related content
+
+- [Explore risks to predeployed generative AI artifacts](explore-ai-risk.md)
+- [Review security recommendations](review-security-recommendations.md)
+- [Identify and remediate attack paths](how-to-manage-attack-path.md)
+- [Discover generative AI workloads](identify-ai-workload-model.md)

articles/defender-for-cloud/ai-threat-protection.md

@@ -0,0 +1,39 @@
+---
+title: Overview - AI threat protection
+description: Learn about AI threat protection in Microsoft Defender for Cloud and how it protects your resources from AI threats.
+ms.date: 05/05/2024
+ms.topic: overview
+ms.author: elkrieger
+author: Elazark
+#customer intent: As a cloud security professional, I want to understand how to secure my generative AI resources using Defender for Cloud's AI security posture management capabilities.
+---
+
+# Overview - AI threat protection
+
+Threat protection for AI workloads in Microsoft Defender for Cloud continually identifies threats to generative AI applications in real time and assists in the response process, for security issues that might exist in generative AI applications.
+
+> [!IMPORTANT]
+> Threat protection for AI workloads is currently in preview.
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+Defender for Cloud's AI threat protection integrates with [Azure AI Content Safety Prompt Shields](../ai-services/content-safety/concepts/jailbreak-detection.md) and Microsoft's threat intelligence signals to deliver contextual and actionable security alerts associated with a range of threats such as sensitive data leakage, data poisoning, jailbreak, and credentials theft.
+
+:::image type="content" source="media/ai-threat-protection/threat-protection-ai.png" alt-text="Diagram that shows how enabling, detection, and response works for threat protection." lightbox="media/ai-threat-protection/threat-protection-ai.png":::
+
+> [!NOTE]
+> Threat protection for AI workloads relies on [Azure Open AI content filtering](../ai-services/openai/concepts/content-filter.md) for prompt-base triggered alert. If you opt out of prompt-based trigger alerts and removed that capability, it can affect Defender for Cloud's ability to monitor and detect such attacks.
+
+## Defender XDR integration
+
+Threat protection for AI workloads integrates with [Defender XDR](concept-integration-365.md), enabling security teams to centralize alerts on AI workloads within the Defender XDR portal.
+
+Security teams can correlate AI workloads alerts and incidents within the Defender XDR portal, and gain an understanding of the full scope of an attack, including malicious activities associated with their generative AI applications from the XDR dashboard.
+
+## Signing up for the limited public preview
+
+To use threat protection for AI workloads, you must enroll in the limited public preview program by filling out the [registration form](https://aka.ms/D4AI/PublicPreviewAccess).
+
+## Related content
+
+- [Enable threat protection for AI workloads (preview) (Preview)](ai-onboarding.md).
+- [Alerts for AI workloads](alerts-reference.md#alerts-for-ai-workloads)

articles/defender-for-cloud/alerts-reference.md

@@ -3,7 +3,7 @@ title: Reference table for all security alerts
 description: This article lists the security alerts visible in Microsoft Defender for Cloud.
 ms.topic: reference
 ms.custom: linux-related-content
-ms.date: 03/17/2024
+ms.date: 05/01/2024
 ai-usage: ai-assisted
 ---
 
@@ -4367,6 +4367,40 @@ Applies to: Azure Blob (Standard general-purpose v2, Azure Data Lake Storage Gen
 
 **Severity**: Medium
 
+## Alerts for AI workloads
+
+### Detected credential theft attempts on an Azure Open AI model deployment  
+
+**Description**: The credential theft alert is designed to notify the SOC when credentials are detected within GenAI model responses to a user prompt, indicating a potential breach. This alert is crucial for detecting cases of credential leak or theft, which are unique to generative AI and can have severe consequences if successful.
+
+**[MITRE tactics](#mitre-attck-tactics)**: Credential Access, Lateral Movement, Exfiltration 
+
+**Severity**: Medium
+
+### A Jailbreak attempt on an Azure Open AI model deployment was blocked by Prompt Shields
+
+**Description**: The Jailbreak alert, carried out using a direct prompt injection technique, is designed to notify the SOC there was an attempt to manipulate the system prompt to bypass the generative AI’s safeguards, potentially accessing sensitive data or privileged functions. It indicated that such attempts were blocked by Azure Responsible AI Content Filtering (AKA Prompt Shields), ensuring the integrity of the AI resources and the data security.
+
+**[MITRE tactics](#mitre-attck-tactics)**: Privilege Escalation, Defense Evasion 
+
+**Severity**: Medium
+
+### A Jailbreak attempt on an Azure Open AI model deployment was detected by Prompt Shields 
+
+**Description**: The Jailbreak alert, carried out using a direct prompt injection technique, is designed to notify the SOC there was an attempt to manipulate the system prompt to bypass the generative AI’s safeguards, potentially accessing sensitive data or privileged functions. It indicated that such attempts were detected by Azure Responsible AI Content Filtering (AKA Prompt Shields), but were not blocked due to content filtering settings or due to low confidence.
+
+**[MITRE tactics](#mitre-attck-tactics)**: Privilege Escalation, Defense Evasion
+
+**Severity**: Medium
+
+### Sensitive Data Exposure Detected in Azure Open AI Model Deployment 
+
+**Description**: The sensitive data leakage alert is designed to notify the SOC that a GenAI model responded to a user prompt with sensitive information, potentially due to a malicious user attempting to bypass the generative AI’s safeguards to access unauthorized sensitive data.
+
+**[MITRE tactics](#mitre-attck-tactics)**: Collection
+
+**Severity**: Medium
+
 ## Deprecated Defender for Containers alerts
 
 The following lists include the Defender for Containers security alerts which were deprecated.

articles/defender-for-cloud/concept-cloud-security-posture-management.md

@@ -1,9 +1,9 @@
 ---
 title: Cloud Security Posture Management (CSPM)
-description: Learn more about CSPM in Microsoft Defender for Cloud.
-ms.topic: conceptual
-ms.custom: build-2023
-ms.date: 02/28/2024
+description: Learn more about Cloud Security Posture Management (CSPM) in Microsoft Defender for Cloud and how it helps improve your security posture.
+ms.topic: concept-article
+ms.date: 04/15/2024
+#customer intent: As a reader, I want to understand the concept of Cloud Security Posture Management (CSPM) in Microsoft Defender for Cloud.
 ---
 
 # Cloud security posture management (CSPM)
@@ -38,6 +38,7 @@ The following table summarizes each plan and their cloud availability.
 | [Workflow automation](workflow-automation.yml) | :::image type="icon" source="./media/icons/yes-icon.png"::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP, on-premises |
 | Tools for remediation | :::image type="icon" source="./media/icons/yes-icon.png"::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP, on-premises |
 | Microsoft Cloud Security Benchmark | :::image type="icon" source="./media/icons/yes-icon.png"::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |
+| [AI security posture management](ai-security-posture.md) | :::image type="icon" source="./media/icons/yes-icon.png"::: | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS |
 | [Security governance](governance-rules.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP, on-premises |
 | [Regulatory compliance standards](concept-regulatory-compliance.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP, on-premises |
 | [Cloud security explorer](how-to-manage-cloud-security-explorer.md) | - | :::image type="icon" source="./media/icons/yes-icon.png"::: | Azure, AWS, GCP |