Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The AI ecosystem is rapidly changing, and with this growth comes unique challenges in securing the infrastructure and services that support it. In Part 1 of this series, we explored how attackers target the underlying resources that host and run AI applications, such as cloud infrastructure and storage. In this post, we'll look at threats that affect AI-specific resources in supply chains, which are the software and data artifacts that determine how an AI service operates.

In Parts 1 and 2 of this series, we looked at how attackers get access to and take advantage of the infrastructure and supply chains that shape generative AI applications. In this post, we'll discuss AI interfaces, which we define as the entry points and logic that determine how a user interacts with an AI application. These elements can include chat interfaces, such as AI assistants, and API endpoints for supporting services.

The swift adoption of generative AI (GenAI) by the software industry has introduced a new area of focus for security engineers: threats targeting the various components of their AI applications. Understanding how these areas are vulnerable to attacks will become increasingly significant as the space evolves. In this series, we'll look at common threats that target the following components of AI applications.

Adyen is a global payment platform that supports transactions across web, mobile, and in-person channels. By consolidating payment flows into a single process, the platform helps merchants simplify operations and deliver consistent purchasing experiences. But payment processes are complex, often involving multiple steps that include authorization, capture, and refunds.

Following our commitment to achieve High and Impact Level 5 authorization for the Federal Risk and Authorization Management Program (FedRAMP), our sponsoring agency has begun the review process and granted us an “In Process” status for FedRAMP High authorization.

AI adoption is rapidly increasing, and with that comes a steady influx of useful but potentially vulnerable tools and services still maturing in the AI space. The Model Context Protocol (MCP) is one example of new AI tooling, providing a framework for how applications integrate with and supply context to large language models (LLMs). MCP servers are central to developing AI assistants and workflows that are deeply integrated with your environment.

Modern websites have become increasingly reliant on third-party applications and open source tools to deliver functionality and enhance the user experience. However, this reliance introduces both security and privacy risks, as external code can act as a vector for sophisticated attacks, such as Magecart and web skimming. Without visibility into these apps and tools, organizations are left vulnerable to undetected threats, unauthorized data access, and regulatory violations.

Many organizations face significant challenges with onboarding teams to a new or existing SIEM. Security teams grapple with escalating expenses tied to data ingestion, storage, and retention at scale. Steep learning curves can make setup an ongoing and frustrating chore, leading to mistakes and gaps in coverage. Further, SIEMs with constrained ecosystem integrations block users from the tools and customizable workflows they need and are comfortable with.

Security teams rely on SIEMs to aggregate and analyze data from a wide range of sources, including cloud environments, identity providers, endpoint protection platforms, network appliances, SaaS apps, and more. But every source delivers logs in its own format, with different field names, structures, and semantics. This fragmentation makes it difficult to build scalable, reusable detection rules or correlate threats across systems.

Security teams often struggle to keep up with rapidly evolving threats, especially when they have to manually manage detection rules. Without automation or version control, it's difficult to maintain consistency across environments, track changes, or deploy updates quickly. Datadog Cloud SIEM supports detection as code, a structured approach to authoring, testing, deploying, and managing detection rules using code and infrastructure-as-code tools like Terraform.