Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
Rogue Agents Stop AI from misusing APIs TechTalks SF - Jan ‘24 Dominik Kundel d-k.im/rogue-agents Dominik Kundel | @dkundel
Slide 2
Slide 2 text
Dominik Kundel | @dkundel
Slide 3
Slide 3 text
console.log(` Hi! I’m Dominik Kundel `); dkundel.com @dkundel
[email protected]
github/dkundel Product Lead @ Twilio && JavaScript Hacker Dominik Kundel | @dkundel
Slide 4
Slide 4 text
How can we have AI interact with APIs? Dominik Kundel | @dkundel
Slide 5
Slide 5 text
How can we have AI safely interact with APIs? Dominik Kundel | @dkundel
Slide 6
Slide 6 text
How can we have AI interact with APIs? Dominik Kundel | @dkundel
Slide 7
Slide 7 text
Dominik Kundel | @dkundel How to connect AI to APIs Platforms Frameworks Native LLM Functions 🦜🔗
Slide 8
Slide 8 text
Dominik Kundel | @dkundel Platforms Frameworks Native LLM Functions 🦜🔗 Source: LangChain Documentation
Slide 9
Slide 9 text
Dominik Kundel | @dkundel Platforms Frameworks Native LLM Functions 🦜🔗 Source: LangChain Documentation
Slide 10
Slide 10 text
What’s the problem? Dominik Kundel | @dkundel
Slide 11
Slide 11 text
Dominik Kundel | @dkundel
Slide 12
Slide 12 text
Dominik Kundel | @dkundel
Slide 13
Slide 13 text
Unpredictable Dominik Kundel | @dkundel
Slide 14
Slide 14 text
Dominik Kundel | @dkundel Easily Impressionable
Slide 15
Slide 15 text
Dominik Kundel | @dkundel Source: Simon Willison - Prompt Injections: what’s the worst that can happen?
Slide 16
Slide 16 text
Dominik Kundel | @dkundel Source: Simon Willison - Prompt Injections: what’s the worst that can happen?
Slide 17
Slide 17 text
Dominik Kundel | @dkundel Source: Simon Willison - Prompt Injections: what’s the worst that can happen?
Slide 18
Slide 18 text
Dominik Kundel | @dkundel Rules are “suggestions”
Slide 19
Slide 19 text
Dominik Kundel | @dkundel Source: Simon Willison - Prompt injections explained
Slide 20
Slide 20 text
Dominik Kundel | @dkundel Source: Simon Willison - Prompt injections explained
Slide 21
Slide 21 text
Dominik Kundel | @dkundel The problems with LLMs Unpredictable Easily Impressionable Rules “suggestions”
Slide 22
Slide 22 text
Dominik Kundel | @dkundel
Slide 23
Slide 23 text
How do we “LLM-proof” our APIs? Dominik Kundel | @dkundel
Slide 24
Slide 24 text
Dominik Kundel | @dkundel
Slide 25
Slide 25 text
Dominik Kundel | @dkundel
Slide 26
Slide 26 text
Dominik Kundel | @dkundel
Slide 27
Slide 27 text
Dominik Kundel | @dkundel
Slide 28
Slide 28 text
Dominik Kundel | @dkundel LLM
Slide 29
Slide 29 text
Dominik Kundel | @dkundel
Slide 30
Slide 30 text
Dominik Kundel | @dkundel
Slide 31
Slide 31 text
Dominik Kundel | @dkundel
Slide 32
Slide 32 text
Dominik Kundel | @dkundel
Slide 33
Slide 33 text
Dominik Kundel | @dkundel LLM
Slide 34
Slide 34 text
What security measures? Dominik Kundel | @dkundel
Slide 35
Slide 35 text
Dominik Kundel | @dkundel Security Measures
Slide 36
Slide 36 text
Dominik Kundel | @dkundel Security Measures Data Validation
Slide 37
Slide 37 text
Dominik Kundel | @dkundel Security Measures Data Validation Rate Limiting
Slide 38
Slide 38 text
Dominik Kundel | @dkundel Security Measures Data Validation Authentication Rate Limiting
Slide 39
Slide 39 text
Dominik Kundel | @dkundel Security Measures
Slide 40
Slide 40 text
Dominik Kundel | @dkundel Security Measures Authorization
Slide 41
Slide 41 text
Dominik Kundel | @dkundel Security Measures Authorization Least Privilege
Slide 42
Slide 42 text
Dominik Kundel | @dkundel Security Measures Authorization Eliminate con fi dential & unnecessary data Least Privilege
Slide 43
Slide 43 text
Dominik Kundel | @dkundel Do threat modeling!
Slide 44
Slide 44 text
Dominik Kundel | @dkundel Takeaways?
Slide 45
Slide 45 text
Treat AI-exposed APIs as public Dominik Kundel | @dkundel Takeaways?
Slide 46
Slide 46 text
Treat AI-exposed APIs as public Security mechanisms outside AI world Dominik Kundel | @dkundel Takeaways?
Slide 47
Slide 47 text
Treat AI-exposed APIs as public Security mechanisms outside AI world Dominik Kundel | @dkundel Takeaways? Toddler-proof your home API!
Slide 48
Slide 48 text
console.log(` 💖 Thank You! 🎉 `); dkundel.com @dkundel
[email protected]
github/dkundel d-k.im/rogue-agents Dominik Kundel | @dkundel | #workfromhomeconf |