While much focus has been on the AI-versus-AI cyber arms race in cybersecurity, perhaps the focus should be on the virtuous cycle between AI and security…

Broadcom’s acquisitions, like last year’s purchase of VMware, have significantly enhanced its AI capabilities and market position.

At the VMware Explore 2024 Las Vegas conference, one key announcement was Private AI built and run on VMware Cloud Foundation (VCF). With the general availability of VMware Private AI Foundation with NVIDIA in May 2024, Broadcom, in collaboration with NVIDIA, delivered a private and secure generative AI platform for enterprises that can unlock generative AI and unleash productivity.

Other AI developments since Broadcom’s US$69 billion acquisition of VMware in November 2023 includes Spring AI, a framework designed to help Java developers integrate AI capabilities into their applications. It provides a portable API that supports various AI models and vector databases, making it easier to switch between different AI providers and implementations.

VMware’s Tanzu platform has integrated Spring AI to enhance the development and deployment of AI-driven applications. This integration allows for seamless updates, robust security, and compliance features, ensuring that applications remain efficient and secure.

Consider this real-world scenario: A financial services company needed to improve its fraud detection system to handle increasing transaction volumes and sophisticated fraud techniques. Their existing system was slow and often missed complex fraud patterns.

By integrating Spring AI with VMware Tanzu, the company was able to deploy advanced AI models that could analyze transaction data in real-time. The portability of Spring AI allowed them to experiment with different AI models and choose the best-performing ones.

As a result, the company experienced benefits such as:

  • Improved detection rates: The new system significantly increased the accuracy of fraud detection, reducing false positives and catching more fraudulent transactions.
  • Scalability: With VMware Tanzu, the company could scale their AI applications effortlessly to handle peak transaction times.
  • Efficiency: The integration streamlined their development process, allowing for faster updates and deployment of new models.

We can see how such a transformation with AI can not only enhance security but also boost customer trust and satisfaction, and leading to a virtuous cycle of ‘AI in security’ and ‘security in AI’.

At Explore Las Vegas 2024, VMware highlighted its next chapter of security innovations for the GenAI era:

  1. Generative AI for threat defense: VMware has introduced Project Cypress, which uses generative AI to assist with threat defense, including alert triaging, contextualized insights into threat campaigns, and remediation recommendations. The genAI-based security co-pilot functionality supports rapid triage in SOCs without compromising accuracy, helping to manage the noisy environment of large enterprises.
  2. vDefend innovations: VMware’s vDefend (firewall) uses AI and machine learning to create security rules and policy recommendations based on threat assessments. Features include:
    • Enhanced malware and ransomware prevention: Support for both file-based and fileless (in-memory) malware, designed to operate efficiently even in regulated environments with air-gapped deployments.
    • Distributed IDS/IPS: With centralized management, ideal for AI/ML workloads, helping maintain a consistent security posture across multiple sites.
  3. Zero trust lateral security enhancements:
    • Firewall Rule Impact Analysis: Provides immediate visibility into how security policies impact workloads, eliminating ineffective and redundant rules to ensure optimized security effectiveness.
    • Geo IP filtering: Uniquely manages and secures traffic by allowing or blocking connections to a specific geographic location directly at the gateway firewall, enabling precise control over global traffic flows.

Mizuho Research and Technologies Ltd wasrecognizedat VMware Explore 2024 as a ‘Security Innovator’.

With its infrastructure hardware and software maintenance engagement expiring in 2025, the team at Mizuho Research and Technologies knew it was essential to reduce the load on its current operations. Their goal was to achieve trend-setting resilience and enhanced cybersecurity and flexibility, all while limiting service price increases.

Using VMware technologies, Mizuho is moving into the private cloud and now:

  • Adopts the latest architecture to enable a quick and flexible response to security issues.
  • Achieves significant cost savings through self-service on version upgrades.
  • Has built an advanced, secure infrastructure optimized to handle emergency patches./li>

Security in AI

According to VMware FY24 Executive Pulse research, 60% of IT leaders believe that AI presents new risks to data privacy that they don’t know how to address. At the same time, 50% don’t yet have a plan to prevent data leakage around sensitive material and content using generative AI.

Above all else, privacy is the core issue that enterprises need to address. Organizations want to leverage their private, proprietary data and intellectual property (IP) with LLMs to get compelling solutions, but doing this with public models and public APIs introduces the risk of IP or data leakage.

Additionally, organizations need to protect and control access to the AI models themselves.

To ensure generative AI deployments, applications and data are secure, VMware’s Private AI initiative allows enterprises to run customized large language models (LLMs) while ensuring data security and mitigating risks like data leakage.

Observability and platformization embedded in VCF leads to better and faster actionable insights. While AI enhances security capabilities such as predictive analysis and intelligent insights into logs, the embedded security tools in VCF protect the voluminous data that AI development needs.

As an example of this virtuous cycle between AI and security, VDefend is well-integrated into VCF, helping to simplify complexity and compliance. Platformization on VCF enhances observability and management, for better security of all assets and activities within a private cloud environment – for Private AI.