11-23, 09:35–10:05 (Europe/Vienna), Track 1 (Dachssal)
I guess that no day in 2024 went by without a security person crying because they realized that their organization will employ an LLM application, and they are the one responsible for its security. This application will receive inputs from scary sources like customers, emails and the internet. But don’t you fear dear security person, there is a security vendor coming to the rescue. They bring tools and APIs that can be installed easily, work with everything and make all problems go away. Or do they? We will explore the landscape of current solutions, see how to break them, and release a new tool called "Sprechen Sie Deutsch?". This aims to help the security community understand these measures so that they can be improved in the future.
This talk originates from my work with LLM applications and talking to developers and IT management that want to implement these tools securely. After showing them all the ways these generative AI applications can be insecure and how these insecurities often relate to prompt injection, they obviously want to know about countermeasures. At this point, traditional advice in blog articles and talks will point them to tools like Lakera, LLM-Guard, Rebuff or the measures implemented by providers like Azure. While it is always admitted that these solutions are not perfect, the discussion often stops there without explaining what "not perfect" means. This talk will do exactly that and showcase exploits against the protection systems and explain why they work and why they are so hard to fix.
This talk does not intent to blame LLM security vendors, they are brave and clever people who deserve our admiration. We badly need them to figure out a solution. However, this will only happen if the hacker community understands how to break these systems, before the bad guys do.
Paul loves all things cybersecurity and hacking. He loves to work in the areas of OSINT, Recon, Red Teaming and CTI for offensive purposes as well as AI security. He is an IT security analyst at NSIDE ATTACK LOGIC. He enjoys learning from others and sharing his knowledge. Outside the infosec world, he has an interest in sports, watch repair, and adding to his pile of unfinished projects, languages, and skills he tried to learn or build.