ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Episode 6: OWASP's Top 10 Vulnerability Classes For LLMs"
Episode Synopsis
In this episode, we go through OWASP's recently released list of vulnerability classes for LLMs. The list includes:
Prompt injections
Data leakage
Inadequate sandboxing
Unauthorized code execution
SSRF vulnerabilities
Overreliance on LLM-generated content
Inadequate AI alignment
Insufficient access controls
Improper error handling
Training data poisoning
We note that while some of the items on this list are definitely worth mentioning, others feel a bit more disconnected from the topic of cybersecurity and likely can't be solved through technical means.
Reference: Rich Harang's twitter thread on the subject.
Prompt injections
Data leakage
Inadequate sandboxing
Unauthorized code execution
SSRF vulnerabilities
Overreliance on LLM-generated content
Inadequate AI alignment
Insufficient access controls
Improper error handling
Training data poisoning
We note that while some of the items on this list are definitely worth mentioning, others feel a bit more disconnected from the topic of cybersecurity and likely can't be solved through technical means.
Reference: Rich Harang's twitter thread on the subject.
More episodes of the podcast SAI: The Security and AI Podcast
Episode 5: AI and Social-Engineering
22/06/2023
Episode 3: AI in Reverse Engineering
31/05/2023
Episode 2: Using AI to Carry Out Attacks
31/05/2023
In God we trust