This interview podcast episode focuses on the unique challenges of penetration testing (pentesting) AI applications, particularly Generative AI (GenAI) applications. The host interviews Ante Gojsalic from Splix AI, who highlights key differences from traditional application pentesting, such as the non-deterministic nature of LLMs, the continuous evolution of models, and the inherent mixing of data and application logic within the AI model itself. Gojsalic emphasizes the importance of both automated pentesting (to cover a wide attack surface) and manual red teaming (for targeted, critical vulnerabilities). He also discusses common client mistakes, such as over-aggressive content filtering leading to poor user experience and the failure to integrate AI security into the design phase. Listeners gain insights into the evolving landscape of AI security and practical advice on securing GenAI applications.
