Large Language Models (LLMs) have recently emerged as a cornerstone technology, reshaping every industry and revolutionizing how we interact with digital systems. Much like the advent of network computing and cloud technology before it, the widespread adoption of LLMs heralds a new era of innovation and, with it, a novel attack surface ripe for exploitation. This talk aims to shed light on the inherent security risks associated with LLMs with the real-world examples of LLM-targeted exploitation, and emphasize the importance of proactive threat management in safeguarding the future of LLM-driven applications. Since LLMs will be widely used in future applications, we will first give an overview of the Open Worldwide Application Security Project (OWASP) Top 10 Application Risks and Top 10 API Risks which are still applicable to LLMs. Next we will focus on the OWASP Top 10 LLM Specific Risks, and delve into three detailed examples of Prompt Injection, Sensitive Information Disclosure, and Training Data Poisoning. Each example is accompanied by a demonstration of the potential for exploitation, and also the strategies for mitigating these threats and protecting against attacks.

The goal of this talk is to educate the broad AI developer community with the potential risks and vulnerabilities of LLMs and also the knowledge to protect against them, and foster a culture of security that keeps pace with the rapid advancements in AI technology.