LLM based AI has introduced huge shifts in the technology landscape in a very short amount of time, a consequence of which has been the immense pressure on organizations of all types to adopt and/or develop any and all things AI. This pressure has resulted in widespread usage of fledging technologies often with surprising capabilities that are not well understood in terms of their security implications or interactions with other data and APIs. You yourself might be under that very pressure now!
This talk will provide a case study of a real world LLM based app that is vulnerable to a variety of attack vectors that illustrate the challenges to account for when integrating today's LLM technologies into web application stacks as well as how to protect against them. We will walk through a full attack pathway that culminates in the combination of the LLM with SaaS API's in order to gain full control.
Things then get weird as we explore the ways in which attack payloads can be obfuscated for delivery and how we will need to adjust some of our traditional security approaches in response.
No deep AI or LLM knowledge is required for the talk, an overview of LLMs and the general attacks against them will be provided. Basic knowledge of limericks is advised.
Speaker
Rich Smith
Rich Smith is CSO at Crash Override, an NYC based security startup founded in 2022. Prior to Crash Override Rich was CTO at Superlunar Labs, Head of Duo Labs(Cisco), Dir of Security at Etsy, CEO & co-founder of Icelandic security leader Syndis, and held leadership roles on security teams at Gemini, Immunity, Kyrus, Morgan Stanley, and HP Labs among others.
Rich has worked professionally in the security space since the late 90’s and is co-author of Agile Application Security: Enabling Security in a Continuous Delivery Pipeline published by O'Reilly.
Speaker
Rich Smith
Date
Wednesday Apr 10 / 02:45PM BST ( 50 minutes )
Location
Mountbatten (6th Fl.)
