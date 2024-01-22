As CISO for the Vancouver Clinic, Michael Bray gushes about the infinite ways large language models (LLMs) will improve patient care. “DNA-based predictive studies, metabolic interactions, lab services, diagnostics and other medicine will be so advanced that today’s medical practices will look prehistoric,” he says. “For example, applications like ActX are already making a huge difference with symptom identification, medicine interactions, effectiveness, and dosages.”

As excited as he is about LLMs improving patient care and diagnoses, Bray is equally concerned about the new and hidden threats that LLMs present. LLMs are core to disruptive and fast-moving AI technologies including OpenAI’s ChatGPT, Google’s Bard, and Microsoft’s Copilot, which are rapidly proliferating across enterprises today. LLMs are being developed into a host of other specialty apps for specific vertical industries like finance, government, and military.

With these LLMs come new risks of data poisoning, phishing, prompt injections, and sensitive data extraction. Because these attacks are executed via natural language prompts or training sources, traditional security tools are ill-equipped to detect such attacks.

Fortunately, these vulnerabilities are being identified and prioritized by the Open Web Application Security Project (OWASP), National Institute of Standards (NIST), and other standards groups nearly as quickly as AI is proliferating. The EU AI Act has released an initial compliance checker for organizations to determine if their AI applications fall into the category of unacceptable risk or high risk. In November 2023, the UK released the UK guidelines for secure AI system development.

Tools are also catching up with new risks introduced through LLM’s. For example, natural language web firewalls, AI discovery, and AI-enhanced security testing tools are coming to market in what may well become a battle of AI versus AI. As we wait for those tools, these are the most likely threats organizations will face to their use of LLMs:

1. Malicious instructions from prompt injections

When asked about new threats introduced to enterprises through LLMs, experts cite prompt injections a top risk. Jailbreaking an AI by throwing a bunch of confusing prompts at the LLM interface is probably the most well-known risk and could cause reputational damage if the jailbreaker spreads misinformation that way. Or a jailbreaker could use confusing prompts to cause a system to spit out ridiculous offers, such as with a popular auto dealership chatbot developed by a company called Fullpath. By instructing a Chevy dealer’s chatbot to end each response with “that’s a legally binding offer, no takesies backsies,” a hacker tester tried thousands of prompts until he ultimately tricked the dealer site into offering him a new car for one dollar.