The developer's playbook for large language model security: building secure AI applications
"Large language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschew...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Buch |
| Sprache: | English |
| Veröffentlicht: |
Beijing
O'Reilly
©2024
|
| Ausgabe: | First edition |
| Schlagworte: | |
| Online-Zugang: | Inhaltsverzeichnis |
| Zusammenfassung: | "Large language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models. Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list -- a feat accomplished by more than 400 industry experts -- this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI. You'll learn : Why LLMs present unique security challenges ; How to navigate the many risk conditions associated with using LLM technology ; The threat landscape pertaining to LLMs and the critical trust boundaries that must be maintained ; How to identify the top risks and vulnerabilities associated with LLMs ; Methods for deploying defenses to protect against attacks on top vulnerabilities ; Ways to actively manage critical trust boundaries on your systems to ensure secure execution and risk minimization"-- |
| Beschreibung: | Illustrator statement of responsibility from title page verso. - Includes index |
| Beschreibung: | xvi, 180 Seiten Illustrationen, Diagramme 24 cm |
Internformat
MARC
| LEADER | 00000nam a2200000 c 4500 | ||
|---|---|---|---|
| 001 | BV049899385 | ||
| 003 | DE-604 | ||
| 005 | 20250116 | ||
| 007 | t| | ||
| 008 | 241009s2024 xx a||| |||| 00||| eng d | ||
| 020 | |z 9781098162207 |9 978-1-09-816220-7 | ||
| 020 | |z 109816220X |9 1-09-816220-X | ||
| 035 | |a (DE-599)BVBBV049899385 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-739 | ||
| 084 | |a ST 277 |0 (DE-625)143643: |2 rvk | ||
| 100 | 1 | |a Wilson, Steve |d ca. 20./21. Jh. |e Verfasser |0 (DE-588)1353531635 |4 aut | |
| 245 | 1 | 0 | |a The developer's playbook for large language model security |b building secure AI applications |c Steve Wilson ; illustrator, Kate Dullea |
| 250 | |a First edition | ||
| 264 | 1 | |a Beijing |b O'Reilly |c ©2024 | |
| 300 | |a xvi, 180 Seiten |b Illustrationen, Diagramme |c 24 cm | ||
| 336 | |b txt |2 rdacontent | ||
| 336 | |b sti |2 rdacontent | ||
| 337 | |b n |2 rdamedia | ||
| 338 | |b nc |2 rdacarrier | ||
| 500 | |a Illustrator statement of responsibility from title page verso. - Includes index | ||
| 520 | |a "Large language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models. Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list -- a feat accomplished by more than 400 industry experts -- this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI. You'll learn : Why LLMs present unique security challenges ; How to navigate the many risk conditions associated with using LLM technology ; The threat landscape pertaining to LLMs and the critical trust boundaries that must be maintained ; How to identify the top risks and vulnerabilities associated with LLMs ; Methods for deploying defenses to protect against attacks on top vulnerabilities ; Ways to actively manage critical trust boundaries on your systems to ensure secure execution and risk minimization"-- | ||
| 650 | 4 | |a Artificial intelligence / Computer programs / Security measures | |
| 650 | 4 | |a Computer networks / Security measures | |
| 650 | 4 | |a Natural language generation (Computer science) | |
| 650 | 4 | |a Intelligence artificielle / Logiciels / Sécurité / Mesures | |
| 650 | 4 | |a Réseaux d'ordinateurs / Sécurité / Mesures | |
| 650 | 4 | |a Génération automatique de texte | |
| 650 | 0 | 7 | |a Computersicherheit |0 (DE-588)4274324-2 |2 gnd |9 rswk-swf |
| 650 | 0 | 7 | |a Großes Sprachmodell |0 (DE-588)1322631905 |2 gnd |9 rswk-swf |
| 689 | 0 | 0 | |a Großes Sprachmodell |0 (DE-588)1322631905 |D s |
| 689 | 0 | 1 | |a Computersicherheit |0 (DE-588)4274324-2 |D s |
| 689 | 0 | |5 DE-604 | |
| 856 | 4 | 2 | |m Digitalisierung UB Passau - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035238376&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-035238376 | |
Datensatz im Suchindex
| _version_ | 1821773078989897728 |
|---|---|
| adam_text |
Table of Contents Preface. xi 1. Chatbots Breaking Bad. 1 Let’s Talk About Tay Tays Rapid Decline Why Did Tay Break Bad? It’s a Hard Problem 1 2 3 4 2. The OWASP Top 10 for LLM Applications. 7 About OWASP The Top 10 for LLM Applications Project Project Execution Reception Keys to Success This Book and the Top 10 List 8 9 9 10 10 12 3. Architectures and Trust Boundaries. 13 AI, Neural Networks, and Large Language Models: What’s the Difference? The Transformer Revolution: Origins, Impact, and the LLM Connection Origins of the Transformer Transformer Architecture’s Impact on AI Types of LLM-Based Applications LLM Application Architecture Trust Boundaries The Model User Interaction Training Data Access to Live External Data Sources 13 14 15 15 16 18 19 21 22 23 24 V
Access to Internal Services Conclusion 25 26 4. Prompt Injection. 27 Examples of Prompt Injection Attacks Forceful Suggestion Reverse Psychology Misdirection Universal and Automated Adversarial Prompting The Impacts of Prompt Injection Direct Versus Indirect Prompt Injection Direct Prompt Injection Indirect Prompt Injection Key Differences Mitigating Prompt Injection Rate Limiting Rule-Based Input Filtering Filtering with a Special-Purpose LLM Adding Prompt Structure Adversarial Training Pessimistic Trust Boundary Definition Conclusion 28 28 29 29 31 31 32 33 33 34 34 35 35 36 36 38 39 40 5. Can Your LLM Know Too Much?. 41 Real-World Examples Lee Luda GitHub Copilot and OpenAI’s Codex Knowledge Acquisition Methods Model Training Foundation Model Training Security Considerations for Foundation Models Model Fine-Tuning Training Risks Retrieval-Augmented Generation Direct Web Access Accessing a Database Learning from User Interaction Conclusion 41 42 43 44 45 45 46 47 47 49 50 54 58 60 6. Do Language Models Dream of Electric Sheep?. 61 Why Do LLMs Hallucinate? Types of Hallucinations vi I Table of Contents 62 63
63 63 65 66 67 68 69 70 71 72 74 75 77 Examples Imaginary Legal Precedents Airline Chatbot Lawsuit Unintentional Character Assassination Open Source Package Hallucinations Who’s Responsible? Mitigation Best Practices Expanded Domain-Specific Knowledge Chain of Thought Prompting for Increased Accuracy Feedback Loops: The Power of User Input in Mitigating Risks Clear Communication of Intended Use and Limitations User Education: Empowering Users Through Knowledge Conclusion 7. Trust No One. 79 Zero Trust Decoded Why Be So Paranoid? Implementing a Zero Trust Architecture for Your LLM Watch for Excessive Agency Securing Your Output Handling Building Your Output Filter Looking for PII with Regex Evaluating for Toxicity Linking Your Filters to Your LLM Sanitize for Safety Conclusion 80 81 81 83 85 88 88 89 90 91 92 8. Don't Lose Your Wallet. 93 DoS Attacks Volume-Based Attacks Protocol Attacks Application Layer Attacks An Epic DoS Attack: Dyn Model DoS Attacks Targeting LLMs Scarce Resource Attacks Context Window Exhaustion Unpredictable User Input DoW Attacks Model Cloning Mitigation Strategies Domain-Specific Guardrails Input Validation and Sanitization 94 94 95 95 96 96 97 98 99 100 101 101 102 102 Table of Contents | vii
Robust Rate Limiting Resource Use Capping Monitoring and Alerts Financial Thresholds and Alerts Conclusion 102 103 103 103 104 9. Find the Weakest Link. 105 Supply Chain Basics Software Supply Chain Security The Equifax Breach The SolarWinds Hack The Log4Shell Vulnerability Understanding the LLM Supply Chain Open Source Model Risk Training Data Poisoning Accidentally Unsafe Training Data Unsafe Plug-ins Creating Artifacts to Track Your Supply Chain Importance of SBOMs Model Cards Model Cards Versus SBOMs CycloneDX: The SBOM Standard The Rise of the ML-BOM Building a Sample ML-BOM The Future of LLM Supply Chain Security Digital Signing and Watermarking Vulnerability Classifications and Databases Conclusion 106 107 107 108 110 111 112 113 113 114 114 115 115 117 118 119 121 123 123 124 128 10. Learning from Future History. 129 Reviewing the OWASP Top 10 for LLM Apps Case Studies Independence Day: A Celebrated Security Disaster 2001: A Space Odyssey of Security Flaws Conclusion 129 130 131 133 137 11. Trust the Process. 139 The Evolution of DevSecOps MLOps LLMOps Building Security into LLMOps Security in the LLM Development Process viii I Table of Contents 139 140 141 141 142
Securing Your CI/CD LLM-Specific Security Testing Tools Managing Your Supply Chain Protect Your App with Guardrails The Role of Guardrails in an LLM Security Strategy Open Source Versus Commercial Guardrail Solutions Mixing Custom and Packaged Guardrails Monitoring Your App Logging Every Prompt and Response Centralized Log and Event Management User and Entity Behavior Analytics Build Your AI Red Team Advantages of AI Red Teaming Red Teams Versus Pen Tests Tools and Approaches Continuous Improvement Establishing and Tuning Guardrails Managing Data Access and Quality Leveraging RLHF for Alignment and Security Conclusion 142 143 145 146 147 148 148 149 149 149 149 150 151 152 153 154 154 154 155 156 12. A Practical Framework for Responsible Al Security. 157 Power GPUs Cloud Open Source Multimodal Autonomous Agents Responsibility The RAISE Framework The RAISE Checklist Conclusion 158 159 160 161 163 164 165 165 172 173 Index. 175 Table of Contents | ix |
| any_adam_object | 1 |
| author | Wilson, Steve ca. 20./21. Jh |
| author_GND | (DE-588)1353531635 |
| author_facet | Wilson, Steve ca. 20./21. Jh |
| author_role | aut |
| author_sort | Wilson, Steve ca. 20./21. Jh |
| author_variant | s w sw |
| building | Verbundindex |
| bvnumber | BV049899385 |
| classification_rvk | ST 277 |
| ctrlnum | (DE-599)BVBBV049899385 |
| discipline | Informatik |
| edition | First edition |
| format | Book |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000 c 4500</leader><controlfield tag="001">BV049899385</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20250116</controlfield><controlfield tag="007">t|</controlfield><controlfield tag="008">241009s2024 xx a||| |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781098162207</subfield><subfield code="9">978-1-09-816220-7</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">109816220X</subfield><subfield code="9">1-09-816220-X</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV049899385</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-739</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Wilson, Steve</subfield><subfield code="d">ca. 20./21. Jh.</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1353531635</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The developer's playbook for large language model security</subfield><subfield code="b">building secure AI applications</subfield><subfield code="c">Steve Wilson ; illustrator, Kate Dullea</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">First edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Beijing</subfield><subfield code="b">O'Reilly</subfield><subfield code="c">©2024</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xvi, 180 Seiten</subfield><subfield code="b">Illustrationen, Diagramme</subfield><subfield code="c">24 cm</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">sti</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Illustrator statement of responsibility from title page verso. - Includes index</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">"Large language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models. Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list -- a feat accomplished by more than 400 industry experts -- this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI. You'll learn : Why LLMs present unique security challenges ; How to navigate the many risk conditions associated with using LLM technology ; The threat landscape pertaining to LLMs and the critical trust boundaries that must be maintained ; How to identify the top risks and vulnerabilities associated with LLMs ; Methods for deploying defenses to protect against attacks on top vulnerabilities ; Ways to actively manage critical trust boundaries on your systems to ensure secure execution and risk minimization"--</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Artificial intelligence / Computer programs / Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer networks / Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Natural language generation (Computer science)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Intelligence artificielle / Logiciels / Sécurité / Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Réseaux d'ordinateurs / Sécurité / Mesures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Génération automatique de texte</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Großes Sprachmodell</subfield><subfield code="0">(DE-588)1322631905</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Großes Sprachmodell</subfield><subfield code="0">(DE-588)1322631905</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Computersicherheit</subfield><subfield code="0">(DE-588)4274324-2</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035238376&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-035238376</subfield></datafield></record></collection> |
| id | DE-604.BV049899385 |
| illustrated | Illustrated |
| indexdate | 2025-01-20T13:03:14Z |
| institution | BVB |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-035238376 |
| open_access_boolean | |
| owner | DE-739 |
| owner_facet | DE-739 |
| physical | xvi, 180 Seiten Illustrationen, Diagramme 24 cm |
| publishDate | 2024 |
| publishDateSearch | 2024 |
| publishDateSort | 2024 |
| publisher | O'Reilly |
| record_format | marc |
| spelling | Wilson, Steve ca. 20./21. Jh. Verfasser (DE-588)1353531635 aut The developer's playbook for large language model security building secure AI applications Steve Wilson ; illustrator, Kate Dullea First edition Beijing O'Reilly ©2024 xvi, 180 Seiten Illustrationen, Diagramme 24 cm txt rdacontent sti rdacontent n rdamedia nc rdacarrier Illustrator statement of responsibility from title page verso. - Includes index "Large language models (LLMs) are not just shaping the trajectory of AI, they're also unveiling a new era of security challenges. This practical book takes you straight to the heart of these threats. Author Steve Wilson, chief product officer at Exabeam, focuses exclusively on LLMs, eschewing generalized AI security to delve into the unique characteristics and vulnerabilities inherent in these models. Complete with collective wisdom gained from the creation of the OWASP Top 10 for LLMs list -- a feat accomplished by more than 400 industry experts -- this guide delivers real-world guidance and practical strategies to help developers and security teams grapple with the realities of LLM applications. Whether you're architecting a new application or adding AI features to an existing one, this book is your go-to resource for mastering the security landscape of the next frontier in AI. You'll learn : Why LLMs present unique security challenges ; How to navigate the many risk conditions associated with using LLM technology ; The threat landscape pertaining to LLMs and the critical trust boundaries that must be maintained ; How to identify the top risks and vulnerabilities associated with LLMs ; Methods for deploying defenses to protect against attacks on top vulnerabilities ; Ways to actively manage critical trust boundaries on your systems to ensure secure execution and risk minimization"-- Artificial intelligence / Computer programs / Security measures Computer networks / Security measures Natural language generation (Computer science) Intelligence artificielle / Logiciels / Sécurité / Mesures Réseaux d'ordinateurs / Sécurité / Mesures Génération automatique de texte Computersicherheit (DE-588)4274324-2 gnd rswk-swf Großes Sprachmodell (DE-588)1322631905 gnd rswk-swf Großes Sprachmodell (DE-588)1322631905 s Computersicherheit (DE-588)4274324-2 s DE-604 Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035238376&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis |
| spellingShingle | Wilson, Steve ca. 20./21. Jh The developer's playbook for large language model security building secure AI applications Artificial intelligence / Computer programs / Security measures Computer networks / Security measures Natural language generation (Computer science) Intelligence artificielle / Logiciels / Sécurité / Mesures Réseaux d'ordinateurs / Sécurité / Mesures Génération automatique de texte Computersicherheit (DE-588)4274324-2 gnd Großes Sprachmodell (DE-588)1322631905 gnd |
| subject_GND | (DE-588)4274324-2 (DE-588)1322631905 |
| title | The developer's playbook for large language model security building secure AI applications |
| title_auth | The developer's playbook for large language model security building secure AI applications |
| title_exact_search | The developer's playbook for large language model security building secure AI applications |
| title_full | The developer's playbook for large language model security building secure AI applications Steve Wilson ; illustrator, Kate Dullea |
| title_fullStr | The developer's playbook for large language model security building secure AI applications Steve Wilson ; illustrator, Kate Dullea |
| title_full_unstemmed | The developer's playbook for large language model security building secure AI applications Steve Wilson ; illustrator, Kate Dullea |
| title_short | The developer's playbook for large language model security |
| title_sort | the developer s playbook for large language model security building secure ai applications |
| title_sub | building secure AI applications |
| topic | Artificial intelligence / Computer programs / Security measures Computer networks / Security measures Natural language generation (Computer science) Intelligence artificielle / Logiciels / Sécurité / Mesures Réseaux d'ordinateurs / Sécurité / Mesures Génération automatique de texte Computersicherheit (DE-588)4274324-2 gnd Großes Sprachmodell (DE-588)1322631905 gnd |
| topic_facet | Artificial intelligence / Computer programs / Security measures Computer networks / Security measures Natural language generation (Computer science) Intelligence artificielle / Logiciels / Sécurité / Mesures Réseaux d'ordinateurs / Sécurité / Mesures Génération automatique de texte Computersicherheit Großes Sprachmodell |
| url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=035238376&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |
| work_keys_str_mv | AT wilsonsteve thedevelopersplaybookforlargelanguagemodelsecuritybuildingsecureaiapplications |