AI/LLM Findings Report Templates

In an era of rapidly evolving Artificial Intelligence/Large Language Model (AI/LLM) technologies, cybersecurity practitioners face significant challenges in monitoring unauthorized AI solutions, detecting AI vulnerabilities, and identifying unexpected AI/LLM development. Tenable Security Center leverages advanced detection technologies - agents, passive network monitoring, dynamic application security testing, and distributed scan engines - to surface AI/LLM software, libraries, and browser plugins. The risk managers utilize these reports to begin a comprehensive review of the AI/LLM packages in systems and web applications, along with associated vulnerabilities, mitigating risks of exploitation, data leakage, and unauthorized resource consumption.

AI/LLM technologies are promising and can transform many industries and businesses, offering new innovation and efficiency opportunities. However, the technology represents a huge security challenge at many layers and this impact should not be overlooked. By using Tenable Security Center and Tenable Web App Scanning the organization is able to take a security-first approach. When combined with best practices and robust governance policies, the organizations can harness the power of AI/LLM and mitigate the associated emerging threats.

Tenable Vulnerability Management has 3 separate reports, or 3 chapters available for a custom report:

AI/LLM Known Software (Explore): This chapter provides the details for Assets that we found to have one or more of the AI/LLM software plugins detected by Nessus. The chapter will search through plugins that relate to different detected AI/LLM software.

AI/LLM Nessus Browser Detection (Explore): This chapter provides the details for Assets that we found to have one or more of the AI/LLM detection browser extension plugins detected by Nessus. The chapter will search through plugins that include certain keywords: GPT, CopIlot, or AI. The AI /LLM Browser Detection chart shows the count of plugins related to the detection of GPT, AI, or Copilot AI or LLM browser extensions.

AI/LLM Usage Detected using Web Application Security  (Explore): This chapter brings to focus 23 AI/LLM detection and vulnerability plugins available to Tenable Web App Scanning. The web application scanner plugins detect a multitude of AI/LLM instances, many allow access to publicly accessible LLM instances which enable the ability to convert documents or contents into references used by the selected language model. While other detections find AI/LLM instances that provide a collection of tools to help developers build their own AI service around most popular LLMs. The vulnerability plugins enable the detection of AI assisted attacks such as Server-Side Request Forgery (SSRF) and Cross-Site Scripting attacks, allowing remote and unauthenticated attacks.