https://example.org/chapter3/s6/index.html Introduction The human element in AI security presents a dual challenge. On one side, users are targets – AI-powered deepfakes, AI-generated phishing, and synthetic voice cloning make social engineering attacks more convincing than ever. On the other side, users are a source of risk – employees adopting unauthorized AI tools, pasting proprietary data into public chatbots, and trusting AI outputs without verification. Layer 4 of the Security for AI Blueprint addresses both dimensions: protecting users FROM AI-powered attacks and protecting the organization FROM users’ uncontrolled AI adoption. Hugo en-us https://example.org/chapter3/s6/activity/index.html Mon, 01 Jan 0001 00:00:00 +0000 https://example.org/chapter3/s6/activity/index.html Test Your Knowledge: Layer 4 - Secure Your Users Let’s see how much you’ve learned! This quiz tests your understanding of deepfake detection, endpoint security for AI-era threats, shadow AI discovery and governance, and user behavior analytics for AI interactions. --- shuffle_answers: true shuffle_questions: false --- ## A CFO receives a video call from what appears to be the CEO, requesting an urgent wire transfer. The video shows the CEO's face and voice with high fidelity. Which Layer 4 control is the most important defense against this attack? > Hint: Think about what happens when technology-based detection is uncertain. - [ ] Video deepfake detection technology that analyzes facial landmarks in real time > While deepfake detection technology is important, the section notes that real-time detection during calls is computationally intensive and face-swap quality improves rapidly. Technology alone may not catch high-quality deepfakes. - [ ] Email security that blocks AI-generated phishing attempts > This attack uses a video call, not email. Email security wouldn't intercept a live video conference. - [x] Multi-factor verification for high-value actions -- requiring out-of-band confirmation through a separate communication channel before processing the wire transfer > Correct! The section explicitly identifies multi-factor verification as the most critical organizational policy against deepfakes. Technology-based detection has limitations (high-quality deepfakes may bypass detection, real-time analysis is computationally intensive). Out-of-band verification -- calling the CEO back on a known phone number, using a pre-arranged code word, or requiring a separate email confirmation -- provides a reliable defense even when the deepfake itself is convincing. - [ ] User behavior analytics to detect that the CFO is processing an unusual transaction > UBA might detect the anomalous transaction after it's initiated, but the defense needs to prevent the transfer before it executes. Multi-factor verification intervenes at the decision point. ## An organization discovers that 40% of employees are using unauthorized AI chatbot services by pasting company data into browser-based interfaces. Which shadow AI discovery technique likely identified this? > Hint: Consider which monitoring approach would detect browser-based AI chatbot usage. - [ ] Expense report analysis -- employees are paying for AI subscriptions > Most browser-based AI chatbots offer free tiers. Employees using unauthorized services may not have any expense trail. - [x] Network traffic analysis -- identifying connections to known AI service endpoints (api.openai.com, api.anthropic.com, etc.) from the enterprise network > Correct! Network traffic analysis monitors outbound connections from the enterprise network. When employees access browser-based AI chatbots, their browsers connect to AI service endpoints. By monitoring DNS queries and HTTP/HTTPS traffic to known AI service domains, the security team can identify which employees are using which unauthorized AI services and how frequently. - [ ] Application inventory on endpoints -- detecting installed AI applications > Browser-based AI chatbots don't require installed applications. Users access them through the standard web browser, making endpoint application inventory insufficient for this scenario. - [ ] SaaS discovery tools -- cataloging AI SaaS subscriptions > SaaS discovery tools (CASBs) can help, but for browser-based free-tier usage without organizational subscriptions, network traffic analysis provides more direct visibility. ## The Samsung data leak case study describes employees pasting proprietary semiconductor data into ChatGPT. The section identifies four Layer 4 controls that would have mitigated this. Which control addresses the root cause -- that employees used an unauthorized tool because it made them more productive? > Hint: Think about why employees bypassed security, not just how to block them. - [ ] Endpoint DLP for AI -- blocking sensitive data from being sent to AI endpoints > DLP blocks the data transmission but doesn't address why employees sought out unauthorized AI tools. Employees will find workarounds for DLP if the underlying need isn't met. - [ ] Acceptable use policies -- clear rules about what data cannot be shared with AI tools > Policies define boundaries but don't address the productivity need that drove the employees to use ChatGPT in the first place. - [x] An approved AI tool catalog with a vetted, data-contained alternative -- if the approved option meets the same productivity need as the unauthorized one, employees will use the approved option instead > Correct! The section emphasizes that "if the approved option is harder to use than the unauthorized one, employees will keep using the unauthorized option." The root cause of the Samsung leak was that employees needed AI assistance for their work, and the fastest option was an unauthorized external service. Providing an approved, secure alternative that meets the same productivity need is the only control that addresses the root cause rather than just the symptom. - [ ] User behavior analytics -- detecting large code blocks being pasted into browser interfaces > UBA would detect the behavior but only after it occurs. The goal is to prevent the behavior by providing a secure alternative, not just to detect it. ## The user behavior analytics table identifies five signals to monitor. A security analyst notices that a user who normally makes 50 AI queries per day suddenly makes 500 queries, mostly after business hours. What does this pattern most likely indicate? > Hint: Consider the "Anomalous Pattern" and "Possible Indicator" columns in the monitoring table. - [ ] The user has been promoted and has new responsibilities requiring more AI usage > A legitimate increase in usage would typically occur during business hours and would increase gradually, not spike suddenly with after-hours concentration. - [ ] The AI system is experiencing latency issues causing query retries > Retry-induced volume increases would be distributed during normal usage hours, not concentrated after hours. The after-hours pattern suggests deliberate activity. - [x] The account may be compromised and is being used for automated data extraction -- the sudden spike combined with after-hours activity matches the pattern for a compromised account > Correct! The section's UBA table maps "sudden spike in queries, especially after hours" to "automated data extraction, compromised account." An attacker who gains access to a legitimate user's credentials would use automated tools to systematically extract data, generating a high volume of queries. After-hours timing reduces the chance of the legitimate user noticing their account is active. - [ ] The user is simply catching up on a backlog of work that requires AI assistance > A 10x increase (50 to 500) concentrated after hours is far beyond normal catch-up patterns. This level of anomaly warrants investigation, not assumption of normal behavior. ## The section describes how endpoint security must evolve in two directions for AI-era threats. What are these two directions? > Hint: Think about both the threats that AI enables and the risks that AI tool usage creates. - [ ] Protecting against AI-generated malware and protecting AI models stored on endpoints > While AI-generated malware is a concern, the section's two directions focus on social engineering defense and AI tool usage monitoring, not malware or model storage. - [x] Defending against AI-enhanced attacks (AI-generated phishing, voice cloning, deepfake video calls) AND monitoring AI tool usage on endpoints (browser extensions, clipboard activity, application inventory) > Correct! The section identifies two complementary directions: (1) defending users FROM AI-powered attacks -- where AI makes social engineering more convincing through personalized phishing, voice cloning, and deepfake video -- and (2) protecting the organization FROM users' AI tool usage -- monitoring what AI tools are installed, what data is being copied to AI services, and which browser-based AI interfaces are being accessed. Both directions are essential for complete Layer 4 endpoint security. - [ ] Blocking AI services at the network level and educating users about AI risks > Network-level blocking is a DLP/governance control, not an endpoint security direction. User education is an organizational practice, not an endpoint security evolution. - [ ] Scanning endpoints for AI-related vulnerabilities and enforcing AI-safe configurations > These are general security hygiene practices, not the two specific directions the section identifies for AI-era endpoint security evolution. ## Shadow AI governance includes maintaining an "Approved AI Tool Catalog." Why does the section emphasize that the approved option must be easy to use? > Hint: Consider the human behavior that drives shadow AI adoption. - [ ] Ease of use increases the number of tools in the catalog > The number of tools in the catalog isn't the goal. The goal is that employees actually use the approved tools instead of unauthorized alternatives. - [ ] Complex tools require more training, which increases security costs > While training costs matter, the section's emphasis is on user adoption behavior, not training economics. - [x] If the approved AI tool is harder to use than the unauthorized alternative, employees will keep using the unauthorized option -- making the governance program ineffective > Correct! The section explicitly states this principle. Shadow AI exists because employees find AI tools that make them more productive. If the organization provides an approved alternative that's slower, more cumbersome, or less capable, employees will work around the governance program. Effective shadow AI governance aligns security with usability -- making the secure path also the easy path. - [ ] Easy-to-use tools have fewer security vulnerabilities > Usability and security vulnerability count are unrelated. The emphasis on ease of use is about driving user adoption of approved tools, not about the tools' security posture. ## The section describes DLP for AI as a technical control that monitors outbound traffic to AI service endpoints. What types of sensitive data patterns should DLP detect when monitoring traffic to AI services? > Hint: Review the acceptable use policy and DLP descriptions in the shadow AI governance section. - [ ] Only PII patterns like social security numbers and credit card numbers > PII is important but insufficient. The Samsung case involved proprietary source code, not PII. DLP for AI must cover a broader range of sensitive data. - [ ] Only large file transfers because small text inputs are not a data loss risk > Data loss through AI services often occurs through small text inputs -- pasting code snippets, meeting transcripts, or business strategies into chatbot interfaces. Size-based filtering misses the most common exfiltration path. - [x] API keys, PII (SSNs, credit card numbers), proprietary source code, code signatures, and confidential business data -- the full range of sensitive content that employees might paste into AI service interfaces > Correct! The section specifies that DLP for AI should detect "patterns like API keys, social security numbers, credit card numbers, and proprietary code signatures in outbound traffic to AI endpoints." The Samsung case involved source code and meeting transcripts. Comprehensive DLP for AI covers credentials, PII, proprietary code, financial data, legal communications, and business strategy -- any content that shouldn't leave the organization's control. - [ ] Only encrypted data because unencrypted data is already protected by other controls > DLP monitors the content of outbound data regardless of encryption. The concern is that employees are sending sensitive data to external AI services, not whether the transport layer is encrypted.