Upgrade to Pro — share decks privately, control downloads, hide ads and more …

AWS re:Invent '24 - Rogue Agents - Stop AI from...

AWS re:Invent '24 - Rogue Agents - Stop AI from misusing APIs

Dominik Kundel

December 03, 2024
Tweet

More Decks by Dominik Kundel

Other Decks in Technology

Transcript

  1. ©2024 TWILIO INC. ALL RIGHTS RESERVED ROGUE AGENTS SECURING YOUR

    CUSTOMER-FACING AI AGENTS Dominik Kundel Head of Product & Design・ Emerging Technology & Innovation
  2. ©2024 TWILIO INC. ALL RIGHTS RESERVED DOMINIK KUNDEL HEAD OF

    PRODUCT EMERGING TECHNOLOGY @ TWILIO [email protected] DKUNDEL.COM IN/DKUNDEL @DKUNDEL
  3. ©2024 TWILIO INC. ALL RIGHTS RESERVED AI system that decides

    when and which action to perform WHAT'S AN AI AGENT? DEFINITION ACTION-ORIENTED
  4. ©2024 TWILIO INC. ALL RIGHTS RESERVED RESOLVING ISSUES HOW AI

    AGENTS WILL CHANGE YOUR CUSTOMER JOURNEY I JUST LANDED AND I CAN'T SEE MY BAGS! YES PLEASE! I'M AT THE FOUR SEASONS IN SF BOTH OF YOUR BAGS (ID #12345, #12931) ARE CURRENTLY STUCK IN TRANSIT AT YOUR LAYOVER LOCATION IN FRANKFURT, GERMANY. DO YOU WANT ME TO SCHEDULE A DELIVERY FOR YOU? CHECK CUSTOMER PROFILE baggage_ids: #12345, #12931 current_flight: ABCREF GET BAG STATUS (#12345) status: delayed location: Frankfurt, Germany GET BAG STATUS (#12931) status: delayed location: Frankfurt, Germany GET FLIGHT DETAILS (ABCREF) destination: SFO connections: FRA LOOKUP LOCATION (FOUR SEASONS IN SF) address: 222 Sansome St, San Francisco, CA 94104 SCHEDULE DELIVERY baggage_ids: #12345, #12931 address: 222 Sansome St, San Francisco, CA 94104 YOUR BAGS HAVE BEEN SCHEDULED TO BE DELIVERED TO 222 SANSOME ST, SAN FRANCISCO, CA 94104 AND SHOULD ARRIVE TOMORROW.
  5. ©2024 TWILIO INC. ALL RIGHTS RESERVED AI system that decides

    when and which action to perform WHAT'S AN AI AGENT? DEFINITION ACTION-ORIENTED User Input and Agent Output doesn't have to be chat or voice MORE THAN A CHATBOT
  6. ©2024 TWILIO INC. ALL RIGHTS RESERVED AI system that decides

    when and which action to perform WHAT'S AN AI AGENT? DEFINITION ACTION-ORIENTED User Input and Agent Output doesn't have to be chat or voice MORE THAN A CHATBOT No fixed decision path. The AI will decide what it does NON-DETERMINISTIC
  7. ©2024 TWILIO INC. ALL RIGHTS RESERVED The LLM might not

    always make the same description LLMs ARE (REALLY SMART) TODDLERS THE PROBLEM WITH AGENTS UNPREDICTABLE
  8. ©2024 TWILIO INC. ALL RIGHTS RESERVED The LLM might not

    always make the same description LLMs ARE (REALLY SMART) TODDLERS THE PROBLEM WITH AGENTS UNPREDICTABLE Any input can manipulate the behavior of the LLM EASILY IMPRESSIONABLE
  9. ©2024 TWILIO INC. ALL RIGHTS RESERVED The LLM might not

    always make the same description LLMs ARE (REALLY SMART) TODDLERS THE PROBLEM WITH AGENTS UNPREDICTABLE Any input can manipulate the behavior of the LLM EASILY IMPRESSIONABLE Making LLMs stick to behavior is more "prompt begging" RULES ARE "SUGGESTIONS"
  10. ©2024 TWILIO INC. ALL RIGHTS RESERVED TWILIO DEVELOPER PREVIEW TRY

    IT TODAY! AN OPINIONATED FRAMEWORK TO BUILD AND HOST AI AGENTS FOR CUSTOMER-FACING USE CASES SOLVES PROBLEMS AUTONOMOUSLY WITH TOOLS & KNOWLEDGE Assistants can perform complex tasks to solve customer problems without the need for ever-growing flow charts. They can interact with other systems and perform tasks using regular HTTP requests as Tools, and use our built-in Retrieval-Augmented-Generation (RAG) pipelines. USE YOUR EXISTING CUSTOMER DATA AI Assistants can leverage existing Segment profiles through the CustomerAI Personalization Engine and enrich them further. Leverage the insights from your AI Assistant using Segment or send it into your own data warehouse. ENGAGE WITH CUSTOMERS HOW THEY PREFER AI Assistants can communicate over a variety of channels so your customers can engage with you in their preferred way.
  11. ©2024 TWILIO INC. ALL RIGHTS RESERVED LLM-PROOF YOUR APIs TAKEAWAYS

    Treat LLMs as an untrusted client the same way we do with browsers or mobile apps. WHAT DO NEXT? ▪ THREAT MODEL! Think what could an attacker do if they had direct access to the same APIs the AI has access to? ▪ SECURITY OUTSIDE OF AI Add any security measures outside the control of the AI ▪ CHECK OUT THE OWASP LLM TOP 10 Check out the newly released OWASP LLM Top 10 risks to learn more about securely building AI agents ▪ TRY OUT AI ASSISTANTS Come by the demo booth or try out Twilio AI Assistants for yourself. SCAN ME LEARN MORE