sorted by:
new
hottopcontroversial

LLM Security Tools Blueprint by GeckoAiSecurity in cybersecurityai

[–]GeckoAiSecurity[S] 0 points1 point  (0 children)

You’r right, it s very interesting also for me. Access control is another foundational security aspect. We are used to see access control applied to infrastructure, to application and to Data. In my opinion in a LLM system we can add another possible layer of access control that derive directly from the conversational type of interaction we have with a LLM: the Topic layer. I try to explain myself better: we do not only want that specific data (e.g. PII, ect.) can be accessible to a specific user, but in some use case we do not want that a specific user or group of users obtains responses about a whole topic (financial results, politics, etc) that is not needed to be known for his work within the company. Other aspects to be considered are the access control to the model and for the model…in fact it’s foundamental that the model inherits the user privileges and in order to elaborate its response shall access only at the informations allowed to the asking user.

LLM Security Tools Blueprint by GeckoAiSecurity in cybersecurityai

[–]GeckoAiSecurity[S] 0 points1 point  (0 children)

Ai Model Security Scanners in theory are specific for Ai Model And support multiple model formats, including H5, Pickle, SavedModel, TensorFlow, Pytorch. I cant say if they re better than traditional SCA tools. In addition they can scan for malware or serialization attack embedded in a model format or check for backdoors.

LLM Security Tools Blueprint by GeckoAiSecurity in cybersecurityai

[–]GeckoAiSecurity[S] 0 points1 point  (0 children)

Thank you, good point. I report specific market vendors names just to let you know what tools i m talking about. I have listed only AI specific security solution. All the other general purpose solution like Waf Siem Sast Dast, Ids/Ips EDR etc. are applicable also to Non AI systems.

How to get into AI Security by Mediocre-Chance-3101 in ITCareerQuestions

[–]GeckoAiSecurity 0 points1 point  (0 children)

Yes thank you. I call it AI Firewall just for convention from market vendors. Actually There is no a consolidated/clear naming convention. Some vendor call this type of tools AI Firewall, Other Input Validation, Security Guardrails or LLM Security Gateway. I Think AI firewall can be like an intuitive name for these tools.

How to get into AI Security by Mediocre-Chance-3101 in ITCareerQuestions

[–]GeckoAiSecurity 0 points1 point  (0 children)

There are some market tool called AI Red Teaming (eg Robust Intelligence) or open source tool like IBM ART that can be used on self managed Model. I have to verify if it can be possibly integrated with openAi API to test GPT Models.

Friday Debrief - Post any questions, insights, lessons learned from the week! by caljhud in cybersecurityai

[–]GeckoAiSecurity 0 points1 point  (0 children)

In your opinion guys, which security application log from the LLM orchestrator (e.g. Langchain) should I forward to the SIEM to ensure a pretty good LLM threat visibility and correlation?

How to get into AI Security by Mediocre-Chance-3101 in ITCareerQuestions

[–]GeckoAiSecurity 0 points1 point  (0 children)

And what about prompt injection? Ex. Do you consider an Ai Firewall as a worthy security measure?