When AI is a Bad Actor's Best Friend: Fortinet at CFD24
There’s no one more stressed in the IT arena than the SecOps director. With a list of potential vulnerabilities a mile long and bad actors growing more sophisticated by the minute, SecOps teams have full plates keeping an organization and corporate IP safe. This is what makes Fortinet sessions at Tech Field Day always a highlight, as their solutions sit on the wall between customer security and constant threats.
Enter LLMs: A new attack surface has come into the corporate environment with broad-scale employee utilization of AI, shadow AI app deployments within the confines of the enterprise, and a constant threat of data breaches from these new entry points into corporate systems.
Fortinet has taken this head-on, providing a comprehensive suite of tools (including FortiGate, FortiWeb, FortiAnalyzer, and FortiSOAR) that thwart AI-enabled attackers. The Fortinet team walked us through an example of this working in real time with an example of an e-commerce server running on AWS. Integrated into the configuration resided an AI agent server and Model Context Protocol (MCP) server for a complete commerce solution.
Based on a chat-based query from the attacker, the team showed how attackers were able to gain access to highly sensitive data including control of tokens and IDs on the MCP server. As the attack progressed, the team showed how an authoritative tone led to better attack success with helpful chatbots, and that apps and sites developed with vibe coding pose greater risk for organizations as developers may not be aware of vulnerabilities to close before app deployment.
The TechArena Take
We all are aware of the unknowns that AI application development and deployment represent to the enterprise. In fact, this is one of the foundational blocks to broad-scale adoption in enterprise today. The Fortinet team, as always, brought an insightful scenario that underscored the everyday threats that even the most elementary use of LLMs can introduce to environments, elegantly demonstrating how the Fortinet suite can address these new threats in a way that brought the customer experience to life. There's no question that Fortinet is a leader in this space and has been considering AI as an attack vector for years. Ultimately to me, this was more about showcasing enterprise requirements as they evolve vs. driving a hard-hitting value proposition differentiation story to the audience. I think this underscores the team's confidence that the company's tech is leading and that people know that. Well done!
There’s no one more stressed in the IT arena than the SecOps director. With a list of potential vulnerabilities a mile long and bad actors growing more sophisticated by the minute, SecOps teams have full plates keeping an organization and corporate IP safe. This is what makes Fortinet sessions at Tech Field Day always a highlight, as their solutions sit on the wall between customer security and constant threats.
Enter LLMs: A new attack surface has come into the corporate environment with broad-scale employee utilization of AI, shadow AI app deployments within the confines of the enterprise, and a constant threat of data breaches from these new entry points into corporate systems.
Fortinet has taken this head-on, providing a comprehensive suite of tools (including FortiGate, FortiWeb, FortiAnalyzer, and FortiSOAR) that thwart AI-enabled attackers. The Fortinet team walked us through an example of this working in real time with an example of an e-commerce server running on AWS. Integrated into the configuration resided an AI agent server and Model Context Protocol (MCP) server for a complete commerce solution.
Based on a chat-based query from the attacker, the team showed how attackers were able to gain access to highly sensitive data including control of tokens and IDs on the MCP server. As the attack progressed, the team showed how an authoritative tone led to better attack success with helpful chatbots, and that apps and sites developed with vibe coding pose greater risk for organizations as developers may not be aware of vulnerabilities to close before app deployment.
The TechArena Take
We all are aware of the unknowns that AI application development and deployment represent to the enterprise. In fact, this is one of the foundational blocks to broad-scale adoption in enterprise today. The Fortinet team, as always, brought an insightful scenario that underscored the everyday threats that even the most elementary use of LLMs can introduce to environments, elegantly demonstrating how the Fortinet suite can address these new threats in a way that brought the customer experience to life. There's no question that Fortinet is a leader in this space and has been considering AI as an attack vector for years. Ultimately to me, this was more about showcasing enterprise requirements as they evolve vs. driving a hard-hitting value proposition differentiation story to the audience. I think this underscores the team's confidence that the company's tech is leading and that people know that. Well done!
.png)
