AI Risk Overview
Scenarios
AI Risk Overview displays the compliance status of the AI models in real time. It supports data corpus, inference services, and environment security risk operations. So, you can identify risks and potential threats of AI models in a timely manner. On the AI Risk Overview page, you can learn of your inference security, corpus security, and environment security.
- Inference security: SecMaster analyzes WAF attack and access logs and displays the number of API calls, the number of API calls that match protection policies, the domain names of top 5 inference models matching protection policies and the number of risks, prompt injection attack distribution, and inference model attack type distribution.
- Corpus security: SecMaster analyzes DSC alarm logs and displays the corpus risk types and quantity, and the distribution of top 5 corpus risk assets.
- Environment security: SecMaster analyzes its baseline checks, vulnerabilities, and alerts and displays the top 5 compliance check risks, top 5 vulnerability risks, top 5 alerts, and recent attacks in the current workspace.
Prerequisites
- Inference security depends on the Web Application Firewall (WAF). To use Inference Security in AI Risk Overview module, ensure that you have a valid cloud WAF edition in use. For details, see Buying a Cloud WAF Instance.
- Corpus security depends on Data Security Center (DSC). To use Corpus Security in AI Risk Overview module, ensure that the data security protection of AI models are within the validity period. For details about, see Buying DSC.
- You have integrated WAF attack logs, WAF access logs, and DSC alarm logs on the SecMaster console. For details about how to access cloud service logs, see Enabling Log Access.
- Only SecMaster professional edition supports this function.
Viewing the AI Risk Overview
- Log in to the SecMaster console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose .
- On the AI Risk Overview page, you can view the following information.
Table 1 Parameters on the AI Risk Overview page Module
Parameter
Description
Statistics period
Statistics Period
You can select or customize a time range to check the risk overview. The options are as follows:
- Last 24 hours
- Last 3 days
- Last 7 days
- Last 30 days
- Custom: You can customize the start time and end time.
Inference Security
Inference Security
The Inference Security module displays the risk operation results of the AI model inference service within the specified statistical period.
- Total Requests: the total number of requests for AI models in WAF request logs.
- Hit Protection Policies: the total number of prompt injection attack, prompt content compliance, and response content compliance alerts identified in WAF attack logs.
- Prompt Injections: the total number of prompt injection attacks identified in WAF attack logs.
- Prompt Content Compliance Risks: the total number of prompt content compliance alerts identified in WAF attack logs.
- Response Content Compliance Risks: the total number of response content compliance alerts identified in WAF attack logs.
Request Trends
Request Trends: displays Total Requests and Hit Protection Policies over time. The data is updated in real time. Where,
- Total Requests: the number of requests for AI models in WAF request logs.
- Hit Protection Policies: the total number of prompt injection attack, prompt content compliance, and response content compliance alerts in WAF attack logs.
Top 5 Assets by Risks
This chart displays the domain names of the top five inference models that hit protection policies most based on WAF attack logs. You can also learn of how many attacks or risks have been identified for these models.
Prompt Injection Distribution
This chart displays the number of prompt injection attacks by type, including jailbreak, prompt leakage, role playing, insecure command topics, insecure viewpoints, reverse inducement, inappropriate content, compliance violations, and personal data, based on WAF attack logs.
LLM Attack Types
This chart displays the number of prompt injection, prompt content compliance, and response content compliance alerts identified in WAF attack logs. Attacks are displayed by type.
Corpus Security
Top 5 Corpus Assets by Risks
This chart displays the top 5 OBS buckets with the most alerts reported in DSC attack logs. The number of alerts is calculated by bucket ID.
Text Risks by Category
This chart displays the number of text risks reported in DSC attack logs. Text risks include personal privacy, content compliance, and source or copyright compliance violations.
Environment Security
Top 5 Compliance Checks
This chart displays the top 5 non-compliant risks with the most affected assets.
Top 5 Vulnerabilities
This chart displays the top 5 vulnerabilities within Statistical Period you specify in AI Risk Overview. Vulnerabilities with the same risk severity are sorted by vulnerability name.
Top 5 Alerts
This chart displays the top 5 alerts by the alert discovery time.
Latest Attacks
This chart displays attacks identified in Statistical Period you specify in AI Risk Overview.
Attacks are alarms reported by other security services configured for each defense layer in SecMaster. For details about the seven defense layers, see Overview.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot