Can anyone recommend application security best practices for generative AI tools?

Disruptive & Emerging TechnologiesSecurity & GRCSecurity Strategy & Roadmap
3k views3 Comments
Sort By:
Oldest
Chief Information Security Officer in Softwarea year ago
I would say quite the same as a standard application with an additional focus on data exposure. My main focus when my company started using Generative AI was focus on data ingested by the AI (we are an EU based company), and also the security of the Generative AI provider.
2 1 Reply
Information and Security Office & Enterprise Data Governance/AI in Finance (non-banking)a year ago

I agree with  that the rules of engagement do not change with AI in the picture; you still have to follow the same rules of DevSecOps and have the same level of due diligence to ensure your code is designed to provide that is designed to do, including performing needed Threat Modeling, Design Reviews, keeping in mind transparency and accountability with Privacy by design and Security by Design.

1
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Deputy CISOa year ago
There are the following dimensions in my mind
1) controls like
     a) Input validation (while maintaining the spirit of natural language). you dont want your LLMs to crash / or elevate privilege
    b) ensure relevant privacy conditions are built in specially when the model attempts to store the questions as an input for its future learning. So while the user would appreciate the result LLMs will thru s/he may need his own data anonymized in results
   c) boundary conditions such that queries or its results dont overwhelm the environment and make service unavailable

2) "intelligence in response" such that the LLMs are not fooled in providing responses that might be counter protective.for example. "how to hack LLMs" may get no result but question like " is there current weakness that the LLM is slf healing" might, giving important reckon

3) the LLMs itself, like immutable logs, may need to be protected from tampering 
4) protect the knowledge set from where it currently responds based on incremental context learning. so that it doesn't get poisoned 

OWASP has a reference for LLMS OWASP Top 10 for Large Language Model Applications | OWASP Foundation, check it out pl

Keen to learn your perspectives when possible pl
1

Content you might like

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Looking for others insight into how they are measuring capacity for their Robotics Process Automation Programs. We have almost 100 bots in production and a defined amount of developers. We are continuing to deploy new bots/new use cases as well as sustaining all existing bots in production. What have others done to define a "trip wire" for identifying when you hit max capacity?

Disruptive & Emerging Technologies
18 views

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

Is flutter flow best for app builder software

Applications & PlatformsCloudContact Center & Telecom+15 more

Yes79%

No20%

1.2k views

Has your org taken any steps to build a culture of ethical AI? Do you have dedicated resources or teams responsible for AI ethics?

Relationship ManagementDisruptive & Emerging TechnologiesAI & Machine Learning
Director of ITa month ago
We are early in our journey with regards to AI ethics. In a recent AI event at our company, I presented a model that was developed to drive the conversation. Because we all love acronyms, I used DEBTS to help make it stick. ...read more
1 Reply
Read More Comments
2.2k views1 Upvote6 Comments