理查德·哈朗_实际LLM安全性收获一年中的经验教训.pdf

1、Practical LLM Security:Takeaways From a Year in the TrenchesRich Harang,Principal Security Architect(AI/ML)|August 7,2024IntroWho am I and why should you listen to me about LLM security?PhD in Statistics and Applied Probability Working at intersection of machine learning,security,and privacy since 2

2、010 U.S.Army Research Laboratory making and breaking ML tools for applied network security in partnership with CNDSP;source code and binary stylometry;adversarial examples for sequence models;frog-boiling for anomaly detection Invincea/Sophos making and breaking ML tools for endpoint security;web co

3、ntent classification;malicious script detection;deterministic systems to compensate for ML uncertainty;trying to quantify that uncertainty Duo Security building ML into authentication workflows;privacy-preserving location matching;fraud detection at scale;getting good labels from crappy data NVIDIA

4、security architecture for ML-enabled systems;Product Security and AI Red Team:Helped test and secure dozens of LLM systems TL;DR 14+years of:Building ML into security products and seeing where it fails Attacking the ML components of those products Fixing the breaks With NVIDIA ProdSec/AIRT:Building

5、and securing LLM integrations since LLMs were A ThingtmNVIDIA AI Red Team/Product Security AI folksOne teamBecca LynchDaniel MajorLeon DerczynskiErick GalinkinAnusha GhoshKai GreshakeJohn IrwinNaser IssaJoe LucasMartin SablotnyLaura SeletosRich HarangScoping the problemSecurity Properties(CIAAN)Ethi

6、cs,Fairness,TrustworthinessScoping the problemSecurity Properties(CIAAN)Ethics,Fairness,TrustworthinessWhat were going to talk aboutImportant,but not“security”as were going to use the termSome notes about focus and contentFocusing on problems weve actually observed in deployed systems This means tha