Open-source ChatGPT, DLP for AI models, GenAI Threat Modelling, Dropbox control character injection attacks, Upcoming regulations, and SPQA

Hey Security Experts! Welcome to another edition of PCU's Generative AI Security Newsletter, the free newsletter that helps you keep up with the advances and impacts of cyber security relating to Generative AI tools and large language models.

It has been another fast-paced week in generative AI security. This week we run through some excellent training videos for those interested in how generative AI works, examples of how threat modelling for generative AI applications, newly released tools for building and securing data in LLMs, latest research papers on prompt injection and adversarial attacks, a look at how institutions around the world are tackling the AI regulation problem, and assess the future of software development and how generative AI will disrupt this field.

Let's explore the most relevant news of the last week: ?

Generative AI Security News

Basics of Generative AI

?? Learn how LLM and Generative AI works

https://medium.com/@yash9439/introduction-to-llms-and-the-generative-ai-part-1-a946350936fd

?? Simple introductory videos for Generative AI & Large language models

https://code.org/educate/resources/videos?

Tooling:

?? Microsoft open-source ChatGPT on Azure, then make it private 2 days later

It seems clear that the top LLM providers are concerned with the rise and success of open-source alternatives. Last week, Microsoft made their Azure-based ChatGPT available on github, essentially open-sourcing ChatGPT and allowing it to be run on a private Azure instance. The Github page was removed less than 2 days later, so watch this space.

https://github.com/microsoft/azurechatgpt

https://www.dhirubhai.net/posts/reuvencohen_github-microsoftazurechatgpt-azure-activity-7096652612904615936-HKCJ/

?? Redact sensitive data from LLM outputs, Google Cloud DLP

OWASP Top 10 LLM highlights the difficulties with data privacy and sensitive data in training sets. Google's new tool allows administrators to redact any sensitive data in LLM outputs, though the effectiveness of this tool is yet to be tested by the community.

https://github.com/GoogleCloudPlatform/Sensitive-Data-Protection-for-Vertex-AI-PaLM2

Exploits & Threat Modelling:

?? AI Village Threat Modelling LLMs

Modeling the threats that LLMs are exposed to continues to be a big focus of the community. The AI Village points out the need for a data flow diagram, trust boundaries, and vulnerabilities, and maps these to the STRIDE framework for threat modelling. They also provide some excellent starting points for remediating these risks.

https://aivillage.org/large%20language%20models/threat-modeling-llm/

?? Moveworks - Threat Modelling LLMs

Moveworks cover privacy threats, security threats, and remediation techniques for safely deploying LLMs in your organisation or business applications.

https://www.moveworks.com/insights/risks-of-deploying-llms-in-your-enterprise

?? Cloud Security Alliance [video]

An excellent video introducing generative ai architectures, lifecycle, and threats. They run through relevant examples of GenAI-powered business applications, as well as how these applications can be exploited with OWASP Top 10 threats such as prompt injection.

https://www.youtube.com/watch?v=q_gDtOu1_7E

?? Extracting training data from Large Language Models

This research paper highlights the ability for malicious attackers to extract training data from LLMs, using advanced prompt injection / adversarial attacks.

https://aclanthology.org/2023.trustnlp-1.23/

?? Adversarial Examples are Features not Bugs

A research paper which argues that prompt injection and adversarial inputs are an inherent part of generative AI models, and that mitigation of these attacks requires a change in the architecture of the AI models.

https://arxiv.org/abs/1905.02175

?? Complete guide to adversarial AI research papers

A comprehensive repository of research papers focused on adversarial attacks, prompt injection attacks, and other methods for hacking generative AI applications.

https://nicholas.carlini.com/writing/2019/all-adversarial-example-papers.html

?? Dropbox release control character prompt injection attacks

Dropbox releases prompt injection attack code using control character sequences that, when used, increase the chances of malicious outputs of hallucinations. Dropbox has released some of the code used, and findings in the Github and blog post below.

https://github.com/dropbox/llm-security

https://dropbox.tech/machine-learning/prompt-injection-with-control-characters-openai-chatgpt-llm

Regulations:

?? China Releases Generative AI Regulations

https://www.dhirubhai.net/posts/dima-zalyal_ai-china-chinese-activity-7097578574034984960-k_5u/

?? Canadian Government request comments on generative AI security regulations, ahead of their 'Artificial Intelligence and Data Act (AIDA)' bill.

https://ised-isde.canada.ca/site/ised/en/consultation-development-canadian-code-practice-generative-artificial-intelligence-systems/canadian-guardrails-generative-ai-code-practice

Future:

?? 4 Ways Enterprises are deploying Generative AI

Fiddler highlights how commercial and open-source models are being used within organisations and business applications, with some stellar recommendations for companies that are beginning their generative AI journey.

https://www.fiddler.ai/blog/four-ways-that-enterprises-deploy-llms

?? SPQA - AI-based Software Architecture

Daniel Miessler outlines the future of software architecture and how it will integrate with generative AI capabilities. An excellent watch for aspiring security leaders, software developers, and those interested in how software development will be completely disrupted by AI.

https://danielmiessler.com/p/spqa-ai-architecture-replace-existing-software/

?? Talk to PCU about Generative AI Security Testing: Contact PCU here

?

Don't forget to leave a comment below to extend this conversation.