Dealing with increasingly complicated agents

In this episode of Practical AI, Daniel Whitenack and Chris Benson interview Donato Capitella, a principal security consultant, about the evolving landscape of AI security, particularly concerning agentic workflows and the vulnerabilities they introduce. Donato discusses the increasing adoption of agentic AI in enterprises, highlighting use cases like customer support automation, and emphasizes the critical need for robust authorization and access control to prevent exploits. The conversation covers the risks associated with integrating multiple data sources into LLM contexts, potential real-world attacks, and the importance of shifting the cybersecurity mindset towards system design that accounts for the inherent limitations in solving prompt injection and jailbreaking. Donato also introduces Spikee, an open-source tool designed to evaluate and exploit vulnerabilities in LLM applications, and shares insights on design patterns for securing LLM agents against prompt injection.

Outlines

Sign in to continue reading, translating and more.

Continue

Practical AI

Introduction to Practical AI and Shopify Sponsorship

Introduction to the Episode and the Growing Importance of Agentic Workflows

The Rise of Agentic Frameworks and Security Concerns

Complexity and Data Source Explosion in LLM Applications

Fabi Advertisement

Real-World Exploits and Prevention Strategies

Balancing Security and Productivity in AI Adoption

Changes in Penetration Testing in the Gen AI Era

Design Patterns for Securing LLM Agents

Agency Advertisement

Defending Against Prompt Injection in Code Execution

Introduction to Spikee: A Tool for LLM Application Pen Testing

Customization and Usage of Spikee in Pen Testing Engagements

Future of AI Security and Conclusion

Dealing with increasingly complicated agents

Practical AI

00:03Introduction to Practical AI and Shopify Sponsorship

Introduction to Practical AI and Shopify Sponsorship

02:09Introduction to the Episode and the Growing Importance of Agentic Workflows

Introduction to the Episode and the Growing Importance of Agentic Workflows

07:33The Rise of Agentic Frameworks and Security Concerns

The Rise of Agentic Frameworks and Security Concerns

11:21Complexity and Data Source Explosion in LLM Applications

Complexity and Data Source Explosion in LLM Applications

16:10Fabi Advertisement

Fabi Advertisement

19:19Real-World Exploits and Prevention Strategies

Real-World Exploits and Prevention Strategies

22:46Balancing Security and Productivity in AI Adoption

Balancing Security and Productivity in AI Adoption

27:23Changes in Penetration Testing in the Gen AI Era

Changes in Penetration Testing in the Gen AI Era

31:37Design Patterns for Securing LLM Agents

Design Patterns for Securing LLM Agents

37:23Agency Advertisement

Agency Advertisement

38:39Defending Against Prompt Injection in Code Execution

Defending Against Prompt Injection in Code Execution

40:48Introduction to Spikee: A Tool for LLM Application Pen Testing

Introduction to Spikee: A Tool for LLM Application Pen Testing

47:24Customization and Usage of Spikee in Pen Testing Engagements

Customization and Usage of Spikee in Pen Testing Engagements

52:14Future of AI Security and Conclusion

Future of AI Security and Conclusion