LLM4Shell - Discovering and Exploiting RCE Vulnerabilities in LLM-Integrated Frameworks
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the critical security risks associated with integrating Large Language Models (LLMs) into applications through frameworks like LangChain and LlamaIndex in this 36-minute Black Hat conference talk. Dive deep into the causes of Remote Code Execution (RCE) vulnerabilities, termed LLM4Shell, within LLM-Integrated frameworks. Discover the findings of a systematic investigation that uncovered 15 critical vulnerabilities across 8 popular frameworks, with 13 confirmed by developers and 9 CVE IDs assigned. Examine the exploitation of 51 LLM-Integrated applications, including 16 with RCE vulnerabilities and one susceptible to SQL injection. Learn about the automated prompt-based exploitation method and its real-world implications, from data theft to DoS and phishing attacks. Gain actionable insights and potential mitigations to secure LLM-Integrated frameworks and applications against these emerging threats.
Syllabus
LLM4Shell: Discovering and Exploiting RCE Vulnerabilities in Real-World LLM-Integrated Frameworks
Taught by
Black Hat
Related Courses
Building a Queryable Journal with OpenAI, Markdown, and LlamaIndexSamuel Chan via YouTube Building an AI Language Tutor with Pinecone, LlamaIndex, GPT-3, and BeautifulSoup
Samuel Chan via YouTube Locally-Hosted Offline LLM with LlamaIndex and OPT - Implementing Open-Source Instruction-Tuned Language Models
Samuel Chan via YouTube Understanding Embeddings in Large Language Models - LlamaIndex and Chroma DB
Samuel Chan via YouTube A Deep Dive Into Retrieval-Augmented Generation with LlamaIndex
Linux Foundation via YouTube