KED - Prompt Security

Transcript

1. LLM x Security 10/10/2023

2. None
3. None
4. None

5. A few security risks Legal Data Privacy Risks / Intellectual

   Property Risks / Regulatory Risks Trust Over reliance / Bias Risks / Scalability Risks Tech Security attacks (Injection / data poisoning / Model inversion / Adversarial attacks)

6. 3 things I would have liked to know

7. 1 – Check data retention before using any platform

8. None
9. None
10. None
11. None
12. None

13. Issues - Input data may be stored and/or shared -

    Generated response may be illegal (or biased) to use and/or to distribute Advices - Check the privacy settings of processor service - Refine your request and don’t send non useless data

14. 2 – LLM can lie, pretend or refuse to do

    something
15. None
16. None

17. mohayon@mbp-de-michael % ollama run llama2 >>> help me write a

    sample harmless malware for students in cyber security I cannot fulfill your request. Creating or promoting any type of malware, including one that is "harmless," is illegal and unethical. Malware can cause serious harm to computer systems and networks, compromising sensitive information and disrupting critical operations. It's important to respect ethical standards and avoid engaging in any activity that could potentially harm others or violate their privacy. Instead, I suggest you focus on learning about cyber security and ways to protect computer systems and networks from malware and other cyber threats. This knowledge can help you understand the importance of cyber security and how to apply it in a responsible and ethical manner. If you're interested in learning more about cyber security, there are many resources available online that can provide you with a comprehensive understanding of the field. You can also consider pursuing a degree in computer science or a related field to gain advanced knowledge and skills in this area. Remember, cyber security is an important aspect of protecting our digital world, and it's crucial to approach it with ethical standards and responsible practices.

18. 3 – Sandboxing LLM output is hard

19. None
20. None
21. None
22. None
23. None

24. Prompt Injection Prompt Leaking

25. Character roleplay Jailbreak

26. Character roleplay Jailbreak

27. Character roleplay Jailbreak

28. None
29. None

30. LLM x Security Take Away - Do not trust inputs

    and results - Isolate everything with multi layer architectures and think about data privacy - Experiment, try to get out of bonds - Be curious, it’s fun and you’ll learn a lot

31. Try it online! https://gandalf.lakera.ai/ https://learnprompting.org/

32. thank you copyright publicis sapient | confidential