We're in the OWASP-makes-list-of-security-bug-types phase with LLM chatbots
Some of these risks are relevant beyond those dealing with LLMs. Supply chain vulnerabilities represent a threat that should concern every software developer using third-party code or data. But even so, those working with LLMs need to be aware that it's more difficult to detect tampering in a black-box third-party model than in human-readable open source code.
Likewise, the possibility of sensitive data/information disclosure is something every developer should be aware of. But again, data sanitization in traditional applications tends to be more of a known quantity than in apps incorporating an LLM trained on undisclosed data. Beyond enumerating specific risks that need to be considered, the OWASP list should also help familiarize developers with the range of LLM-based attack scenarios, which may not be obvious because they're relatively novel and don't get detected in the wild as often as run-of-the-mill web or application attacks.
For example, the following Training Data Poisoning scenario is proposed:"A malicious actor, or a competitor brand intentionally creates inaccurate or malicious documents which are targeted at a model’s training data. The victim model trains using falsified information which is reflected in outputs of generative AI prompts to its consumers."
Such meddling, much discussed in academic computer science research, probably wouldn't be top of mind for software creators interested in adding chat capabilities to an app. The point of the OWASP LLM project is to make scenarios of this sort something to fix. ®
Belgique Dernières Nouvelles, Belgique Actualités
Similar News:Vous pouvez également lire des articles d'actualité similaires à celui-ci que nous avons collectés auprès d'autres sources d'information.
Mrs Hinch's favourite 'ten out of ten' fake tan reduced to £10Popular cleaning influencer Mrs Hinch has revealed her favourite ‘ten out of ten’ tanning drops
Lire la suite »
Terence Crawford named Ring Magazine’s pound-for-pound king in updated top ten rankingsTerence Crawford has now claimed top spot in Ring Magazine’s pound-for-pound rankings following his stunning win over Errol Spence. The American star surpassed Naoya Inoue’s victory ove…
Lire la suite »
Big Ten presidents discuss adding 4 Pac-12 schools: SourcesA subgroup of Big Ten university presidents met Wednesday to discuss the potential of expanding membership by two or four teams. Those teams would include: ◻️ Washington ◻️ Oregon ◻️ CAL ◻️ Stanford More details from NicoleAuerbach:
Lire la suite »