DARPA and IBM are ensuring that anyone can protect their AI systems from hackers
IBM, February 7, 2024
Collaborating with DARPA’s Guaranteeing AI Robustness Against Deception (GARD) project, IBM has been at the forefront of addressing these challenges, particularly through the development of the Adversarial Robustness Toolbox (ART). Beyond military applications, the scope of this initiative extends to securing critical infrastructure and government systems, underscoring the broader implications of AI security.
IBM’s ART, conceived in 2018, has been a cornerstone in fortifying AI models against adversarial attacks. As part of the GARD project, led by Principal Investigator Nathalie Baracaldo and co-PI Mark Purcell, IBM has actively contributed to building defenses against emerging threats, establishing theoretical frameworks for robust systems, and creating tools for evaluating algorithm defenses. The toolbox, now available on Hugging Face, a prominent platform for AI model implementation, showcases IBM’s commitment to accessibility, meeting AI practitioners where they are and making ART applicable to a wider audience.
Prior to ART, the adversarial AI community faced fragmentation, primarily focusing on digital attacks rather than real-world challenges. With ART’s emergence as the first unified toolbox, it provides practical solutions for physical attacks, such as strategically placed stickers on stop signs to confuse autonomous vehicle AI models and poisoning training data. The collaboration with Hugging Face further bridges the gap, offering a shared platform for AI practitioners to collaborate on building tools that enhance the security of real-world AI deployments. As the GARD project concludes, the legacy of ART persists as an open-source project, inviting the entire community to leverage its comprehensive set of tools, covering diverse modalities and supporting various machine learning model structures. ART stands as a valuable resource for fortifying the security of AI models in an ever-evolving digital landscape.
Generative AI Security: Theories and Practices (Future of Business and Finance) 1st ed. 2024 Edition
Amazon
In this literary exploration, we delve into the groundbreaking intersection of Generative AI (GenAI) and the realm of cybersecurity. The objective is to furnish cybersecurity professionals, Chief Information Security Officers (CISOs), AI researchers, developers, architects, and college students with a nuanced comprehension of how GenAI significantly influences the landscape of cybersecurity.
The content of this comprehensive guide spans from the foundational principles of GenAI, encompassing its underlying concepts, sophisticated architectures, and state-of-the-art research, to the intricacies of GenAI security. This includes a detailed examination of data security, model security, application-level security, and the burgeoning domains of LLMOps and DevSecOps. The exploration extends to global AI regulations, ethical considerations, the evolving threat landscape, and strategies for preserving privacy. Moreover, it scrutinizes the transformative potential of GenAI in redefining cybersecurity practices, delves into the ethical dimensions of deploying advanced models, and highlights innovative strategies essential for securing GenAI applications.
The book culminates with a thorough analysis of the security challenges unique to GenAI and proposes potential solutions, offering a forward-looking perspective on how GenAI could reshape cybersecurity practices. By tackling these subjects, the guide not only provides practical solutions for securing GenAI applications but also serves as a crucial resource for navigating the intricate and continually evolving regulatory environments. It empowers individuals to build resilient GenAI security programs, ensuring that they are well-equipped to navigate the dynamic landscape of GenAI and cybersecurity.
Announcing Release of v.1.0 OWASP LLM AI Security & Governance Checklist !
Linkedin, February 19, 2024
Exciting news unfolds as the OWASP Top 10 for LLM Team proudly presents the highly anticipated full 1.0 release of the OWASP LLM AI Security & Governance Checklist. Aligned with the renowned OWASP Top 10 for Large Language Models, this comprehensive tool marks a significant milestone in fortifying the security and governance aspects of AI initiatives. Crafted by the OWASP Top 10 for LLM Applications team, the checklist introduces essential updates, including simplified images, Risk Assessment Grids (RAG), Risk Cards, and crucial elements addressing various facets of AI security.
This valuable resource serves as a strategic guide for leaders in executive technology, cybersecurity, privacy, compliance, and legal roles. It empowers them to effectively plan and secure their AI initiatives by covering critical areas such as formulating a robust LLM strategy, defending against adversarial risks, maintaining an AI asset inventory, implementing security and privacy training, establishing business cases, and navigating governance, legal, and regulatory considerations. The checklist not only identifies areas of concern but also provides users with access to freely available tools and resources from OWASP and MITRE, facilitating the creation of a comprehensive, threat-informed strategy.
To actively engage with the evolving landscape of LLM security, interested individuals are encouraged to download the checklist from the OWASP website. By subscribing to the newsletter, stakeholders can stay informed about the latest developments, while contributing valuable feedback within the Slack community can help shape the future of LLM security. As an additional step, professionals are invited to become contributors to the OWASP Top Ten projects, joining a dedicated team committed to making a positive impact in the software community. A heartfelt thank-you goes out to the OWASP Top 10 for LLM & AI Exchange Core Team, whose unwavering dedication has been instrumental in achieving this milestone. Together, let’s advance the safety and security of AI for a resilient and secure digital future.
Improve AI security by red teaming large language models
TechTarget, February 14, 2024
Large language models (LLMs) are particularly susceptible to threats such as prompt injection, training data extraction, backdoor insertion, and data poisoning, posing potential risks to privacy and the integrity of organizations. As the capabilities of AI evolve, the necessity for proactive assessments becomes evident, especially when dealing with LLMs. Red teaming, a strategy involving simulated attacks, emerges as a crucial approach to uncover vulnerabilities in AI systems before malicious actors can exploit them. This proactive measure aims to mitigate the risks associated with prompt injection attacks, thereby strengthening the overall security posture of language models.
Prompt injection attacks are a significant concern, particularly for organizations integrating LLMs into service-facing applications. Threat actors can manipulate prompts to bypass safety mechanisms, compelling LLMs to generate inappropriate outputs that could harm a company’s reputation. Red teaming employs various strategies, including prompt injection simulations, training data extraction, backdoor insertion, and data poisoning attacks, offering a comprehensive approach to assess and fortify the security of LLMs.
To effectively address prompt injection attacks, organizations are advised to implement robust input validation methods such as input sanitization, regular expressions, and prompt allowlisting. Continuous monitoring and auditing of LLMs for malicious activities are critical, with AI security teams leveraging baseline behaviors to detect anomalies. Additionally, encryption and access control measures, including strong authentication mechanisms, play a pivotal role in preventing unauthorized access to AI models. In navigating the complex landscape of AI security, adopting red teaming strategies proves essential for organizations to proactively identify vulnerabilities and fortify language models against potential threats.
Subscribe for updates
Stay up to date with what is happening! Get a first look at news, noteworthy research and worst attacks on AI delivered right in your inbox.