book

The Developer's Playbook for Large Language Model Security

Name: The Developer's Playbook for Large Language Model Security
Author: Steve Wilson
ISBN: 9781098162207

by Steve Wilson

September 2024

Intermediate to advanced

200 pages

6h 4m

English

O'Reilly Media, Inc.

Audio summary available

Read now

Unlock full access

Includes

Quizzes

Preface
Who Should Read This BookWhy I Wrote This BookNavigating This BookSection 1: Laying the Foundation (Chapters 1–3)Section 2: Risks, Vulnerabilities, and Remediations (Chapters 4–9)Section 3: Building a Security Process and Preparing for the Future (Chapters 10–12)Conventions Used in This BookO’Reilly Online LearningHow to Contact UsAcknowledgments
1. Chatbots Breaking Bad
Let’s Talk About TayTay’s Rapid DeclineWhy Did Tay Break Bad?It’s a Hard Problem
2. The OWASP Top 10 for LLM Applications
About OWASPThe Top 10 for LLM Applications ProjectProject ExecutionReceptionKeys to SuccessThis Book and the Top 10 List
3. Architectures and Trust Boundaries
AI, Neural Networks, and Large Language Models: What’s the Difference? The Transformer Revolution: Origins, Impact, and the LLM ConnectionOrigins of the TransformerTransformer Architecture’s Impact on AITypes of LLM-Based ApplicationsLLM Application ArchitectureTrust BoundariesThe ModelUser InteractionTraining DataAccess to Live External Data SourcesAccess to Internal ServicesConclusion
4. Prompt Injection
Examples of Prompt Injection AttacksForceful SuggestionReverse PsychologyMisdirectionUniversal and Automated Adversarial PromptingThe Impacts of Prompt InjectionDirect Versus Indirect Prompt InjectionDirect Prompt InjectionIndirect Prompt InjectionKey DifferencesMitigating Prompt InjectionRate LimitingRule-Based Input FilteringFiltering with a Special-Purpose LLMAdding Prompt StructureAdversarial TrainingPessimistic Trust Boundary DefinitionConclusion
5. Can Your LLM Know Too Much?
Real-World ExamplesLee LudaGitHub Copilot and OpenAI’s CodexKnowledge Acquisition MethodsModel TrainingFoundation Model TrainingSecurity Considerations for Foundation ModelsModel Fine-TuningTraining RisksRetrieval-Augmented GenerationDirect Web AccessAccessing a DatabaseLearning from User InteractionConclusion
6. Do Language Models Dream of Electric Sheep?
Why Do LLMs Hallucinate?Types of HallucinationsExamplesImaginary Legal PrecedentsAirline Chatbot LawsuitUnintentional Character AssassinationOpen Source Package HallucinationsWho’s Responsible?Mitigation Best PracticesExpanded Domain-Specific KnowledgeChain of Thought Prompting for Increased AccuracyFeedback Loops: The Power of User Input in Mitigating RisksClear Communication of Intended Use and LimitationsUser Education: Empowering Users Through KnowledgeConclusion
7. Trust No One
Zero Trust DecodedWhy Be So Paranoid?Implementing a Zero Trust Architecture for Your LLMWatch for Excessive AgencySecuring Your Output HandlingBuilding Your Output FilterLooking for PII with RegexEvaluating for ToxicityLinking Your Filters to Your LLMSanitize for SafetyConclusion
8. Don’t Lose Your Wallet
DoS AttacksVolume-Based AttacksProtocol AttacksApplication Layer AttacksAn Epic DoS Attack: DynModel DoS Attacks Targeting LLMsScarce Resource AttacksContext Window ExhaustionUnpredictable User InputDoW AttacksModel CloningMitigation StrategiesDomain-Specific GuardrailsInput Validation and SanitizationRobust Rate LimitingResource Use CappingMonitoring and AlertsFinancial Thresholds and AlertsConclusion
9. Find the Weakest Link
Supply Chain BasicsSoftware Supply Chain SecurityThe Equifax Breach The SolarWinds Hack The Log4Shell Vulnerability Understanding the LLM Supply ChainOpen Source Model RiskTraining Data PoisoningAccidentally Unsafe Training DataUnsafe Plug-insCreating Artifacts to Track Your Supply ChainImportance of SBOMsModel CardsModel Cards Versus SBOMsCycloneDX: The SBOM StandardThe Rise of the ML-BOMBuilding a Sample ML-BOMThe Future of LLM Supply Chain SecurityDigital Signing and WatermarkingVulnerability Classifications and DatabasesConclusion

10. Learning from Future History
Reviewing the OWASP Top 10 for LLM AppsCase StudiesIndependence Day: A Celebrated Security Disaster2001: A Space Odyssey of Security FlawsConclusion
11. Trust the Process
The Evolution of DevSecOpsMLOpsLLMOpsBuilding Security into LLMOps Security in the LLM Development ProcessSecuring Your CI/CDLLM-Specific Security Testing ToolsManaging Your Supply ChainProtect Your App with GuardrailsThe Role of Guardrails in an LLM Security StrategyOpen Source Versus Commercial Guardrail SolutionsMixing Custom and Packaged GuardrailsMonitoring Your AppLogging Every Prompt and ResponseCentralized Log and Event ManagementUser and Entity Behavior AnalyticsBuild Your AI Red TeamAdvantages of AI Red TeamingRed Teams Versus Pen TestsTools and ApproachesContinuous ImprovementEstablishing and Tuning GuardrailsManaging Data Access and QualityLeveraging RLHF for Alignment and SecurityConclusion
12. A Practical Framework for Responsible AI Security
PowerGPUsCloudOpen SourceMultimodalAutonomous AgentsResponsibilityThe RAISE FrameworkThe RAISE ChecklistConclusion
Index
About the Author

Content preview from The Developer's Playbook for Large Language Model Security

Chapter 4. Prompt Injection

Chapter 1 reviewed the sad tale of how Tay’s life was cut short after abuse by vandal hackers. That case study was the first high-profile example of what we now call prompt injection, but it is certainly not the last. Some form of prompt injection is involved in most LLM-related security breaches we’ve seen in the real world.

In prompt injection, an attacker crafts malicious inputs to manipulate an LLM’s natural language understanding. This can cause the LLM to act against its intended operational guidelines. The concept of injection has been included in almost every version of an OWASP Top 10 list since the original list in 2001, so it’s worth looking at the generic definition before we dive deeper.

An injection attack in application security is a type of cyberattack in which the attacker inserts malicious instructions into a vulnerable application. The attacker can then take control of the application, steal data, or disrupt operations. For example, in a SQL injection attack, an attacker inputs malicious SQL queries into a web form, tricking the system into executing unintended commands. This can result in unauthorized access to or manipulation of the database.

So, what makes prompt injection so novel? For most injection-style attacks, spotting the rogue instructions as they enter your application from an untrusted source is relatively easy. For example, a SQL statement included in a web application’s text field is straightforward to spot and sanitize. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Building Applications with AI Agents

Michael Albada

Quick Start Guide to Large Language Models: Strategies and Best Practices for Using ChatGPT and Other LLMs

Sinan Ozdemir

Quick Start Guide to Large Language Models: Strategies and Best Practices for ChatGPT, Embeddings, Fine-Tuning, and Multimodal AI, 2nd Edition

Sinan Ozdemir

Kubernetes: Up and Running, 3rd Edition

Brendan Burns, Joe Beda, Kelsey Hightower, Lachlan Evenson

Publisher Resources

ISBN: 9781098162191Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Developer's Playbook for Large Language Model Security

by Steve Wilson

Chapter 4. Prompt Injection

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.