OWASPLLM：2024年人工智能网络安全与治理清单（英文版）（32页）.pdf

1、LLM AI Cybersecurity&Governance ChecklistFrom the OWASP Top 10for LLM Applications TeamVersion:1.0Published:February 19,2024Revision HistoryRevisionDateAuthor(s)Description0.12023-11-01Sandy Dunninitial draft0.52023-12-06SD,Teampublic draft0.92023-02-15SD,Teampre-release draft1.02024-02-19SD,Teampub

2、lic release v 1.0The information provided in this document does not,and is not intended to,constitute legal advice.All information is for general informational purposes only.This document contains links to other third-party websites.Such links are only for convenienceand OWASP does not recommend or

3、endorse the contents of the third-party sites.1Overview.51.1Responsible and Trustworthy Artificial Intelligence.61.2Who is This For?.71.3Why a Checklist?.71.4Not Comprehensive.71.5Large Language Model Challenges.71.6LLM Threat Categories.81.7Artificial Intelligence Security and Privacy Training.91.8

4、IncorporateLLMSecurityandgovernancewithExisting,EstablishedPracticesandControls91.9Fundamental Security Principles.91.10Risk.101.11Vulnerability and Mitigation Taxonomy.102Determining LLM Strategy.112.1Deployment Strategy.133Checklist.143.1Adversarial Risk.143.2Threat Modeling.143.3AI Asset Inventor

5、y.143.4AI Security and Privacy Training.153.5Establish Business Cases.153.6Governance.163.7Legal.173.8Regulatory.183.9Using or Implementing Large Language Model Solutions.193.10Testing,Evaluation,Verification,and Validation(TEVV).193.11Model Cards and Risk Cards.203.12RAG:Large Language Model Optimi

6、zation.213.13AI Red Teaming.214Resources.22ATeam.32OverviewEvery internet user and company should prepare for the upcoming wave of powerful generativeartificial intelligence(GenAI)applications.GenAI has enormous promise for innovation,efficiency,and commercial success across a variety of industries.