book

The Developer's Playbook for Large Language Model Security

Name: The Developer's Playbook for Large Language Model Security
Author: Steve Wilson
ISBN: 9781098162207

by Steve Wilson

September 2024

Intermediate to advanced

200 pages

6h 4m

English

O'Reilly Media, Inc.

Audio summary available

Read now

Unlock full access

Includes

Quizzes

Preface
Who Should Read This BookWhy I Wrote This BookNavigating This BookSection 1: Laying the Foundation (Chapters 1–3)Section 2: Risks, Vulnerabilities, and Remediations (Chapters 4–9)Section 3: Building a Security Process and Preparing for the Future (Chapters 10–12)Conventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Chatbots Breaking Bad
Let’s Talk About TayTay’s Rapid DeclineWhy Did Tay Break Bad?It’s a Hard Problem
2. The OWASP Top 10 for LLM Applications
About OWASPThe Top 10 for LLM Applications ProjectProject ExecutionReceptionKeys to SuccessThis Book and the Top 10 List
3. Architectures and Trust Boundaries
AI, Neural Networks, and Large Language Models: What’s the Difference? The Transformer Revolution: Origins, Impact, and the LLM ConnectionOrigins of the TransformerTransformer Architecture’s Impact on AITypes of LLM-Based ApplicationsLLM Application ArchitectureTrust BoundariesThe ModelUser InteractionTraining DataAccess to Live External Data SourcesAccess to Internal ServicesConclusion
4. Prompt Injection
Examples of Prompt Injection AttacksForceful SuggestionReverse PsychologyMisdirectionUniversal and Automated Adversarial PromptingThe Impacts of Prompt InjectionDirect Versus Indirect Prompt InjectionDirect Prompt InjectionIndirect Prompt InjectionKey DifferencesMitigating Prompt InjectionRate LimitingRule-Based Input FilteringFiltering with a Special-Purpose LLMAdding Prompt StructureAdversarial TrainingPessimistic Trust Boundary DefinitionConclusion
5. Can Your LLM Know Too Much?
Real-World ExamplesLee LudaGitHub Copilot and OpenAI’s CodexKnowledge Acquisition MethodsModel TrainingFoundation Model TrainingSecurity Considerations for Foundation ModelsModel Fine-TuningTraining RisksRetrieval-Augmented GenerationDirect Web AccessAccessing a DatabaseLearning from User InteractionConclusion
6. Do Language Models Dream of Electric Sheep?
Why Do LLMs Hallucinate?Types of HallucinationsExamplesImaginary Legal PrecedentsAirline Chatbot LawsuitUnintentional Character AssassinationOpen Source Package HallucinationsWho’s Responsible?Mitigation Best PracticesExpanded Domain-Specific KnowledgeChain of Thought Prompting for Increased AccuracyFeedback Loops: The Power of User Input in Mitigating RisksClear Communication of Intended Use and LimitationsUser Education: Empowering Users Through KnowledgeConclusion
7. Trust No One
Zero Trust DecodedWhy Be So Paranoid?Implementing a Zero Trust Architecture for Your LLMWatch for Excessive AgencySecuring Your Output HandlingBuilding Your Output FilterLooking for PII with RegexEvaluating for ToxicityLinking Your Filters to Your LLMSanitize for SafetyConclusion
8. Don’t Lose Your Wallet
DoS AttacksVolume-Based AttacksProtocol AttacksApplication Layer AttacksAn Epic DoS Attack: DynModel DoS Attacks Targeting LLMsScarce Resource AttacksContext Window ExhaustionUnpredictable User InputDoW AttacksModel CloningMitigation StrategiesDomain-Specific GuardrailsInput Validation and SanitizationRobust Rate LimitingResource Use CappingMonitoring and AlertsFinancial Thresholds and AlertsConclusion
9. Find the Weakest Link
Supply Chain BasicsSoftware Supply Chain SecurityThe Equifax Breach The SolarWinds Hack The Log4Shell Vulnerability Understanding the LLM Supply ChainOpen Source Model RiskTraining Data PoisoningAccidentally Unsafe Training DataUnsafe Plug-insCreating Artifacts to Track Your Supply ChainImportance of SBOMsModel CardsModel Cards Versus SBOMsCycloneDX: The SBOM StandardThe Rise of the ML-BOMBuilding a Sample ML-BOMThe Future of LLM Supply Chain SecurityDigital Signing and WatermarkingVulnerability Classifications and DatabasesConclusion

10. Learning from Future History
Reviewing the OWASP Top 10 for LLM AppsCase StudiesIndependence Day: A Celebrated Security Disaster2001: A Space Odyssey of Security FlawsConclusion
11. Trust the Process
The Evolution of DevSecOpsMLOpsLLMOpsBuilding Security into LLMOps Security in the LLM Development ProcessSecuring Your CI/CDLLM-Specific Security Testing ToolsManaging Your Supply ChainProtect Your App with GuardrailsThe Role of Guardrails in an LLM Security StrategyOpen Source Versus Commercial Guardrail SolutionsMixing Custom and Packaged GuardrailsMonitoring Your AppLogging Every Prompt and ResponseCentralized Log and Event ManagementUser and Entity Behavior AnalyticsBuild Your AI Red TeamAdvantages of AI Red TeamingRed Teams Versus Pen TestsTools and ApproachesContinuous ImprovementEstablishing and Tuning GuardrailsManaging Data Access and QualityLeveraging RLHF for Alignment and SecurityConclusion
12. A Practical Framework for Responsible AI Security
PowerGPUsCloudOpen SourceMultimodalAutonomous AgentsResponsibilityThe RAISE FrameworkThe RAISE ChecklistConclusion
Index
About the Author

Content preview from The Developer's Playbook for Large Language Model Security

Chapter 2. The OWASP Top 10 for LLM Applications

In the spring of 2023, I began researching security vulnerabilities specific to LLMs. At the time, there was a relatively large body of research on security for AI in general, but very little organized research about LLMs. However, I did find some research papers and blogs that covered some ideas in the area. I began the process of collecting these research papers and summarizing them using ChatGPT. Eventually, I provided a few examples from the current Top 10 list of web application vulnerabilities and asked ChatGPT to generate a draft Top 10 for LLMs in a similar format.

I thought what came out looked interesting, so I sent it to Jeff Williams, a founder of OWASP, the Open Worldwide Application Security Project, to see what he thought. Jeff, Contrast Security’s chief technology officer, wrote the first OWASP Top 10 list in 2001. His goal was to create an accessible resource for developers that detailed the most critical risks and vulnerable areas of web applications. At the time, the World Wide Web was still only a few years old, and most developers had little to no understanding of how to create secure web applications. That original Top 10 list became a seminal work and a foundational resource in application security.

I didn’t tell Jeff that my list was primarily machine generated. As the original Top 10 list’s author, I figured he could give me an idea of whether my Top 10 list looked novel and worth pursuing. Jeff encouraged ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Building Applications with AI Agents

Michael Albada

Quick Start Guide to Large Language Models: Strategies and Best Practices for Using ChatGPT and Other LLMs

Sinan Ozdemir

Quick Start Guide to Large Language Models: Strategies and Best Practices for ChatGPT, Embeddings, Fine-Tuning, and Multimodal AI, 2nd Edition

Sinan Ozdemir

Kubernetes: Up and Running, 3rd Edition

Brendan Burns, Joe Beda, Kelsey Hightower, Lachlan Evenson

Publisher Resources

ISBN: 9781098162191Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Developer's Playbook for Large Language Model Security

by Steve Wilson

Chapter 2. The OWASP Top 10 for LLM Applications

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.