Add your offcanvas content in here

The Company

Portfolio

Overview Application Security

Simplifying your IT-security journey.

Workshop

LLM Security: Workshop for LLM Applications

01. Basics02. Our Services03. Your Benefit

Since the boom of OpenAI's ChatGPT, Large Language Models (LLMs) have become widespread in the development of modern software solutions. However, the integration of LLMs into procedures, processes, and web-based applications introduces new security risks and a new dimension of complexity.

To avoid attacks and data leaks, it is particularly important to consider security early in the design phase. This workshop aims to highlight the security risks associated with the use of these technologies to the participants and to convey effective security approaches and countermeasures.

  • We rely on the current guidelines OWASP Top 10 for LLMs and Mitre ATLAS. Our approach is based on the structure and integration of an LLM.
  • First, the structure of the LLM infrastructure is examined. This includes the correct selection of the model format, consideration of the hosting platform or the secure integration of an LLM API. The structure of the knowledge databases, such as a RAG vector store, is also considered. The focus is on the secure handling of internal and, above all, sensitive data. Relevant risks include prompt injection (OWASP module LLM01) and training data poisoning (LLM03).
  • In addition, the security of operating the application is examined. The following questions are clarified: Have I taken appropriate steps against prompt injection? Am I integrating my functions and plugins securely? And am I adequately protecting myself against attacks “from within”? Relevant risks at this point include prompt injection (LLM01), insecure output handling (LLM02) and sensitive information disclosure (LLM06).
  • Furthermore, the system architecture is checked. Consideration of the system architecture includes the secure integration of the LLM components into the application landscape and security at the infrastructure level. This also includes the correct connection to logging and monitoring systems, authentication and authorization services, as well as to third-party systems, e.g. for hosting plugins. Relevant risks include supply chain vulnerabilities (LLM05) and insecure plugin design (LLM07).

Particular emphasis is placed on these aspects

  • Early integration of security aspects when integrating LLMs
  • Identification and assessment of associated risks
  • Strategies for securing your systems, adapted to your requirements
  • Support in deciding on the most suitable protection strategy

Text 3

Mirko Richter

Let's talk about the contents of a workshop tailored to your requirements

E-mail