Large Language Models (LLMs) have recently emerged as a cornerstone technology, reshaping every industry and revolutionizing how we interact with digital systems. Much like the advent of network computing and cloud technology before it, the widespread adoption of LLMs heralds a new era of innovation and, with it, a novel attack surface ripe for exploitation. This talk aims to shed light on the inherent security risks associated with LLMs with the real-world examples of LLM-targeted exploitation, and emphasize the importance of proactive threat management in safeguarding the future of LLM-driven applications. Since LLMs will be widely used in future applications, we will first give an overview of the Open Worldwide Application Security Project (OWASP) Top 10 Application Risks and Top 10 API Risks which are still applicable to LLMs. Next we will focus on the OWASP Top 10 LLM Specific Risks, and delve into three detailed examples of Prompt Injection, Sensitive Information Disclosure, and Training Data Poisoning. Each example is accompanied by a demonstration of the potential for exploitation, and also the strategies for mitigating these threats and protecting against attacks.
The goal of this talk is to educate the broad AI developer community with the potential risks and vulnerabilities of LLMs and also the knowledge to protect against them, and foster a culture of security that keeps pace with the rapid advancements in AI technology.
Dr. Jisheng Wang has more than 15 years of extensive experience in developing industry-leading enterprise software using AI/ML technology with a proven track record of scaling business-critical applications in disruptive markets.
Jisheng is currently serving as VP of Engineering and Head of AI/ML in Traceable AI, a leader in the API Security space. Before that, Jisheng was the Senior Director of Engineering in Juniper Networks - joined through Mist acquisition - and led the development of Gartner’s leading AIOps solution Marvis.
He was also the Senior Director of Data Science in the CTO Office of Aruba, a Hewlett Packard Enterprise company, joined through the acquisition of Niara where he served as the Chief Scientist and developed the industry’s first modular and data-agnostic UEBA solution.
Besides being a seasoned engineering leader, Jisheng is also passionate about driving innovation on multiple fronts. Jisheng holds more than 40 patents in security, networking, and AI/ML, and is also a frequent speaker at different AI/ML and security conferences.