866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

Considerations When Including AI Implementations in Penetration Testing Blog Feature
JOSH TOMKIEL

By: JOSH TOMKIEL

Print/Save as PDF

Considerations When Including AI Implementations in Penetration Testing

Penetration Testing | Artificial Intelligence

Did you recently implement a new artificial intelligence (AI) feature within your application and now your customers are starting to ask for AI-specific penetration tests? Are you curious as to how an assessment like that would work? As with all these exercises, it starts with scoping.

Scoping goes beyond just deciding the boundaries of your test—there are other considerations you must make as part of your penetration test—which can also be referred to as “AI Red Teaming”—planning process. Given our wealth of experience, in different kinds of penetration testing as well as AI, we’re here to help.

In this blog post, we’re going to detail six questions you’ll need to ask and answer as part of scoping out a penetration test that includes AI systems. Whether you use our team to perform this exercise or not, you’ll be ready when it comes time to engage your testers in evaluating your AI.

 

AI-Focused Penetration Test Scoping FAQ 

When scoping your penetration test engagement, here are some questions to ask and answer when considering including your AI systems for testing.

 

Are You Using an API from Established Providers? 

You should know that when using an Application Program Interface (API) from proven Large Language Model (LLM) providers like OpenAI, Anthropic, etc., they take on the task of securing their API endpoints, external network, and—at some level—address data privacy concerns.

Despite that, you’ll still want to make sure you protect your API keys, take into consideration output handling—or how the response text is going to be displayed within your application—and have logging and monitoring enabled to make sure you don’t end up with a large bill from your chosen provider. 

 

Are You Self-Hosting Large Language Models (LLMs)? 

If you host your own open-source model from services link AWS Bedrock or Google Cloud’s Model Garden, a penetration test can still be valuable to you, but you’ll also need to ensure the security measures that are in place to protect the model from unauthorized access and that even potential exploitation points are correctly configured. 

 

Did You Fine-Tune and Train A Model? 

If you did in fact decide to fine-tune or train your own model(s) with services like Google Cloud’s Generative AI Studio, we advise that you make sure your penetration testers thoroughly evaluate:

 

  • The data used for training;
  • The potential for data leakage; and
  • The robustness of the model against targeted attacks that exploit model-specific weaknesses.

What are Your Goals for an AI Systems Penetration Test? 

Most people’s first answer will be that they need to satisfy a request for a pen test report, but when considering this kind of exercise and how to maximize the returns, you should take a moment to really think about the potential negative impact on your organization if your AI implementation was exploited—ask, “What’s the worst that could happen in your specific implementation of AI?”

Once you know that, work with your tester to find ways for them to successfully simulate creating that fallout as your penetration test should be a collaborative effort to make your organization—and AI systems—more resilient to adversarial attacks.

Moreover, a penetration test shouldn’t stop with just the mere identification of a vulnerability—encourage your testers to fully show the impact of a finding (within the agreed-upon scope). Once you understand what’s possible, you can start to remediate the root cause.

 

How Will AI Penetration Testing Fit Into Your Broader Security Strategy? 

 

If you’ve already established quarterly or annual penetration testing that’s aligned with your organization’s overall cybersecurity posture or compliance requirements, your AI could be tested in tandem.

But an AI engagement also pairs nicely with the recently published ISO 42001 standard and the related certification, which you can get started with through a gap assessment. Getting certified together with having an AI penetration test performed can go a long way to show your customers that you take security—and their data—seriously.  

 

What Testing Methodology Will Be Used? 

While not a question you’ll need to ask yourself, you may be curious about how your pen testers will approach your assessment. And though guidance for penetration testers to use when examining AI continues to evolve rapidly, documentation does exist to help them right now, including:

 

While these publications help testers use correct terminology and focus on the weaknesses that apply to your AI use case, it’s also worth noting that their attention will not be not solely on the AI solution itself—when you add AI as another feature within an existing application, vulnerabilities highlighted within the OWASP Web Security Testing Guide will still be very much in play.   

 

Next Steps

While these questions represent some of the aspects you’re likely wondering about regarding a potential penetration test of your AI systems, the only way to get a complete picture of what yours will look like is to speak to a tester and undergo a scoping exercise.

Schellman’s team and approach may be the right fit for your needs, and if you’re interested in learning more, schedule time to talk with one of our penetration test practice leaders so we can discuss your implemented AI and how we can best help you achieve your specific goals. 

In the meantime, here are some answers to other questions pertaining to your potential AI penetration test:

 

About JOSH TOMKIEL

Josh Tomkiel is a Managing Director and Penetration Tester based in Philadelphia, PA with over 10 years of experience within the Information Technology field. Josh has a deep background in all facets of penetration testing and works closely with Schellman's other service lines to ensure penetration testing requirements are met. Additionally, Josh leads the Schellman's Red Team service offering, which provides an in-depth security assessment focusing on different tactics, techniques, and procedures (TTPs) for clients with mature security programs.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.