Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Securing Large Language Models- Threats and Mit...

Sena Yakut
October 13, 2024
29

Securing Large Language Models- Threats and Mitigations

Sena Yakut

October 13, 2024
Tweet

Transcript

  1. Sensitivity: Public ® aws sts get-caller-identity Sena Yakut, Cloud Security

    Architect @CyberWhiz All details, links about me:
  2. LLM01: Prompt Injection How? . Similar to SQL injections .

    Malicious inputs as legitimate prompts . Override developer instructions Impact . Prompt leaks . Remote code execution . Data theft . Spread misinformation Remediation . Hard to prevent . Fllow least privilege principles . Input validation . Human in the loop
  3. LLM02: Insecure Output Handling How? . Outputs from LLM are

    not properly managed, validated before using in app Impact . Harmful content . Data leaks . Misinformation / Bias Remediation . Treat the model like a user . Zero trust approach . Validate the inputs / output filtering . Continuous monitoring
  4. LLM03: Training Data Poisoning How? . Inject false or mislead

    data . Manipulation of pre-training data . Deleting some parts of the data Impact . Reduce accuracy . Bias & Discrimination . Legal & Ethical Issues Remediation . Get data from trusted resources . Validate data quality / quality filtering . Data processing / validation . Privacy – Remove PII
  5. LLM03: Training Data Poisoning Tay AI Case: Tay AI was

    a chatbot developed by Microsoft, launched in 2016. By learning from the tweets it received, effectively adapting its responses based on user interactions. Within 24 hours of its launch, Tay began posting offensive and inappropriate tweets.
  6. LLM04: Model Denial of Service How? . Consumes exceptionally high

    amount of resources. . Large texts . Continuous input overflow . High volume generation of tasks Impact . Quality of service is decreasing . High costs . Unavailable services 5xx, 4xx Remediation . Enforce API rate limits. . Limit the number of queued actions. . Limit input sizes. . Monitor, alert, take action!
  7. LLM05: Supply Chain Vulnerabilities How? . Training data . Vulnerable

    pre-trained models . 3rd party software Impact . Loss of data integrity . Operational downtime . Unauthorized access Remediation . Up-to-date your software / libraries. . Implement a strong patch policy. . Model / code signing when using external models and suppliers. . Anomaly detection (analyze / alert latest vulnerabilities on LLMs – be aware)
  8. LLM06: Sensitive Information Disclosure How? . Reveal sensitive info: PII,

    LLM algorithms, confidential details Impact . Unauthorized access to sensitive data . Privacy violations (GDPR, HIPAA etc) . LLMs interact with another LLMs –> Where is my confidential data? Remediation . Data anonymization . Role based access controls . Review / monitor / alert!
  9. LLM07: Insecure Plugin Design How? . Lack of strong security

    controls . Misconfigured access controls . Untrusted libraries, packages Impact . Data breach . Unauthorized remote access / execution . Privilege escalation Remediation . Enforce parameterized inputs in plugins . Design minimalistic plugins – Less is more . Implement auth methods, API keys . For critical plugins → Manual user auth and approval
  10. LLM08: Excessive Agency How? . Permission exceeds necessary limits .

    Unexpected behaviors based on prompts . Unchecked agency poses risks Impact . System overload . Unwanted decisions . Unauthorized operations, interaction errors with another systems Remediation . Limit plugins / tools – Do not use lots of tools and plugins . Limit the functions that LLM can do . Manual checks are still important . Implement rate limiting – blocks if something goes crazy
  11. LLM09: Overreliance How? . Incorrect, inappropriate or unsafe information .

    LLMs can generate codes without security Impact . Reputational damage . Critical vulnerabilities and misconfigurations in applications . Fake news Remediation . Cross checks – Trust but verify . Regularly monitor and review the LLM outputs . Break down – Complex tasks → Subtasks → Assign them different agents
  12. LLM10: Model Theft How? . Unauthorized access and exfiltration of

    LLM models . With supply chain attacks – could be very complex but possible . Model republishing – Non tech, without your permission . Model extraction – querying model, analyzing results Impact . Brand reputation loss . Unexpected costs in your cloud env Remediation . Strong access controls . Restrict LLM access to network resources . Monitor/audit and alert