Big data analytics artificial intelligence (AI) firm S2W held a private seminar for clients on April 15 at its headquarters in Pangyo, Seongnam, on "New security strategies for the AI era: countermeasures through real-world cases."

At the event, Yang Jongheon (양종헌), head of S2W's offensive division, introduced AI-specific attack methods such as input manipulation, integrity compromise, agent interaction and synthetic identity, as well as implications drawn from analyses of real cases. He stressed that while traditional security aimed to prevent system bugs, the core of AI security lies in defending loopholes in "cognitive logic."

He also cited CTF (Capture The Flag) and war games based on real scenarios, including "Lakera Gandalf" and "Prompt Airlines." He explained major AI attack techniques, prompt examples and vulnerability patterns, and shared analysis results on the potential impact of AI- and LLM-specific security incidents on business.

Yang also explained security principles to follow in the AI era. He proposed non-use, data minimisation and least privilege and isolation, and said that because the possibility of bypassing guardrails always exists, perfect defence is impossible. He said a realistic approach is to move away from a blocking-focused mindset, embed real-time detection and response systems, conduct frequent penetration testing and continuously manage vulnerabilities.

S2W provides penetration testing services that combine AI technology with white-hat hacker analysis capabilities, taking into account the changed security environment around AI. The company said it uses its own AI tools to shorten the time required for attack surface discovery and initial vulnerability verification. It also uses commercial tools used by real attackers to address blind spots in AI scanning and double-checks the validity of detected vulnerabilities.

Yang said the security goal in using AI is to build a dynamic defence system that quickly detects bypass attempts and continuously updates policies, raising attackers' costs and the likelihood they give up. He added that the company will continue to advance offensive research that discovers vulnerabilities and verifies scenarios from an attacker’s perspective, and focus on providing action items that can ease anxiety in the AI era.