OWASP：LLM AI安全与治理清单（英文版）（29页）.pdf

1、LLM AI Security&Governance ChecklistFrom the OWASP Top 10for LLM Applications TeamRevision HistoryRevisionDateAuthor(s)Description0.12023-11-01Sandy Dunninitial draft0.52023-12-06SandyDunn,OWASPLLMApps Teampublic draftVersion:0.5Published:December 6,2023The information provided in this document does

2、 not,and is not intended to,constitute legal advice.All information is for general informational purposes only.This document contains links to other third-party websites.Such links are only for convenienceand OWASP does not recommend or endorse the contents of the third-party sites.1Overview.41.1Res

3、ponsible and Trustworthy Artificial Intelligence.61.2Who is This For?.71.3Why a Checklist?.82Large Language Model Challenges.92.1LLM Threat Categories.102.2Artificial Intelligence Security and Privacy Training.102.3IncorporateLLMSecurityandgovernancewithExisting,EstablishedPracticesandControls102.4F

4、undamental Security Principles.112.5Risk.112.6Vulnerability and Mitigation Taxonomy.113Determining LLM Strategy.123.1Deployment Strategy.134Check List.144.1Adversarial Risk.144.2AI Asset Inventory.144.3AI Security and Privacy Training.144.4Establish Business Cases.154.5Governance.154.6Legal.164.7Reg

5、ulatory.174.8Using or Implementing Large Language Model Solutions.185Resources.19ATeam.29OverviewEvery internet user and business should prepare for the impact of a surge in powerful generativeartificial intelligence(GenAI)applications.GenAI holds enormous promise and opportunities fordiscovery,effi

6、ciency,and driving corporate growth across many industries and disciplines.However,as with any strong new technology,it introduces new challenges to security and privacy.Artificial Intelligence,Machine Learning,Large Language Models,and Diffusion Models have beenin development and the focus of acade