当前位置:首页 > 报告详情

理查德·哈朗_实际LLM安全性收获一年中的经验教训.pdf

上传人: 张** 编号:175553 2024-09-13 94页 2.84MB

1、Practical LLM Security:Takeaways From a Year in the TrenchesRich Harang,Principal Security Architect(AI/ML)|August 7,2024IntroWho am I and why should you listen to me about LLM security?PhD in Statistics and Applied Probability Working at intersection of machine learning,security,and privacy since 2

2、010 U.S.Army Research Laboratory making and breaking ML tools for applied network security in partnership with CNDSP;source code and binary stylometry;adversarial examples for sequence models;frog-boiling for anomaly detection Invincea/Sophos making and breaking ML tools for endpoint security;web co

3、ntent classification;malicious script detection;deterministic systems to compensate for ML uncertainty;trying to quantify that uncertainty Duo Security building ML into authentication workflows;privacy-preserving location matching;fraud detection at scale;getting good labels from crappy data NVIDIA

4、security architecture for ML-enabled systems;Product Security and AI Red Team:Helped test and secure dozens of LLM systems TL;DR 14+years of:Building ML into security products and seeing where it fails Attacking the ML components of those products Fixing the breaks With NVIDIA ProdSec/AIRT:Building

5、and securing LLM integrations since LLMs were A ThingtmNVIDIA AI Red Team/Product Security AI folksOne teamBecca LynchDaniel MajorLeon DerczynskiErick GalinkinAnusha GhoshKai GreshakeJohn IrwinNaser IssaJoe LucasMartin SablotnyLaura SeletosRich HarangScoping the problemSecurity Properties(CIAAN)Ethi

6、cs,Fairness,TrustworthinessScoping the problemSecurity Properties(CIAAN)Ethics,Fairness,TrustworthinessWhat were going to talk aboutImportant,but not“security”as were going to use the termSome notes about focus and contentFocusing on problems weve actually observed in deployed systems This means tha

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要讨论了大型语言模型(LLM)的安全问题,并提供了实用的安全建议。文章首先介绍了LLM的工作原理,然后详细讨论了LLM可能面临的安全威胁,包括训练数据污染、模型推理攻击、模型泄露等。文章还强调了LLM在实际应用中可能出现的问题,如信息泄露、权限错误、日志记录不安全等。最后,文章给出了针对LLM安全性的建议,包括识别和分析信任和安全边界、追踪数据流、最小权限原则、隔离敏感数据等。文章还强调了在设计LLM应用程序时,应将LLM输出视为不受信任的,并采取相应的安全措施。
"如何防范LLM模型中的安全漏洞?" "LLM模型在实际应用中存在哪些安全风险?" "如何确保LLM模型输出的可靠性和安全性?"
客服
商务合作
小程序
服务号
折叠