Getting AI to Do the Unexpected - Exploring LLM Vulnerabilities and Defenses

Explore a conference talk that delves into the unexpected capabilities of AI and the potential vulnerabilities in Large Language Models (LLMs). Learn about prompt engineering techniques, including zero-shot, few-shot, and chain-of-thought prompting. Discover the OWASP Top 10 LLM vulnerabilities, with a focus on prompt injections, insecure output handling, and sensitive information disclosure. Understand real-world scenarios where these vulnerabilities can be exploited and learn about effective defense strategies. Gain insights into secure practices such as audit logging and see practical demonstrations of these concepts in action. This comprehensive presentation covers essential topics for anyone working with or interested in the security aspects of AI and LLMs.

intro
preamble
agenda
who am i?
tax day is on april 15th!
what is an llm?
what is an llm used for?
what is prompt engineering?
zero shot prompting
few shot prompting
chain-of-thought prompting
attacks
owasp top 10 llm vulnerabilities
prompt injections
how do they play out in real-life
prompt leaking
prompt injection
1-step further
real world scenarios
defenses to prompt injections
insecure output handling
sensitive information disclosure
defenses to sensitive information disclosure
prompt jailbreaking
secure practices: audit logging
let's see it in action
thank you + links