The Developer’s Guide to LLM Security

The podcast explores the unique security challenges presented by large language models (LLMs) and agentic AI, contrasting them with traditional software security. Steve Wilson, Chief Product Officer of Exabeam and OWASP contributor, highlights prompt injection, AI supply chain vulnerabilities, and sensitive information disclosure as top risks. Addressing supply chain security, Wilson advises skepticism towards AI model sources and stresses the need for enhanced software composition analysis tools suited for AI-assisted coding. The conversation also covers the current state of guardrails, emphasizing the importance of both input and output monitoring, and the necessity of AI security incident playbooks. Wilson suggests leveraging AI to enhance security measures, envisioning AI agents dedicated to security tasks to integrate security seamlessly into development processes.

Outlines

Part 1: AI Security Fundamentals & Risks

Part 2: Defense Mechanisms & Guardrails

Part 3: Agentic Vulnerabilities & Incident Response

Part 4: AI for Security & Community Resources

Sign in to continue reading, translating and more.

Continue

The Data Exchange with Ben Lorica

Part 1: AI Security Fundamentals & Risks

AI Security: Differentiating LLM and Agentic AI Security from Traditional Software Security

OWASP Top 3 LLM Risks: Prompt Injection, Supply Chain, and Information Disclosure

Addressing AI Supply Chain Security: Skepticism, Provenance, and Quality Checks

Part 2: Defense Mechanisms & Guardrails

Guardrails for LLMs: Input Validation, Output Monitoring, and Data Access Control

Securing AI Applications: Addressing Excessive Agency and Insecure Plugins

Lessons from Web Security: Building AI Security Agents for Code Development

Hallucination: A Security Threat and a Gift in AI Systems

Part 3: Agentic Vulnerabilities & Incident Response

Agentic Qualities and Vulnerabilities: Tool Usage, Reasoning, and Memory Poisoning

AI Incident Response: Defining Incidents and Building Centers of Excellence

Learning from the Past: Citizen Developers and the Need for Security Assistance

Part 4: AI for Security & Community Resources

AI for Security: User Behavior Analytics, Natural Language Search, and Security Co-Pilots

OWASP: Securing Applications in the AI Era

Closing Remarks and Subscription Information

The Developer’s Guide to LLM Security

The Data Exchange with Ben Lorica

Part 1: AI Security Fundamentals & Risks

00:03AI Security: Differentiating LLM and Agentic AI Security from Traditional Software Security

AI Security: Differentiating LLM and Agentic AI Security from Traditional Software Security

01:13OWASP Top 3 LLM Risks: Prompt Injection, Supply Chain, and Information Disclosure

OWASP Top 3 LLM Risks: Prompt Injection, Supply Chain, and Information Disclosure

04:07Addressing AI Supply Chain Security: Skepticism, Provenance, and Quality Checks

Addressing AI Supply Chain Security: Skepticism, Provenance, and Quality Checks

Part 2: Defense Mechanisms & Guardrails

08:42Guardrails for LLMs: Input Validation, Output Monitoring, and Data Access Control

Guardrails for LLMs: Input Validation, Output Monitoring, and Data Access Control

11:41Securing AI Applications: Addressing Excessive Agency and Insecure Plugins

Securing AI Applications: Addressing Excessive Agency and Insecure Plugins

15:21Lessons from Web Security: Building AI Security Agents for Code Development

Lessons from Web Security: Building AI Security Agents for Code Development

18:55Hallucination: A Security Threat and a Gift in AI Systems

Hallucination: A Security Threat and a Gift in AI Systems

Part 3: Agentic Vulnerabilities & Incident Response

21:50Agentic Qualities and Vulnerabilities: Tool Usage, Reasoning, and Memory Poisoning

Agentic Qualities and Vulnerabilities: Tool Usage, Reasoning, and Memory Poisoning

25:20AI Incident Response: Defining Incidents and Building Centers of Excellence

AI Incident Response: Defining Incidents and Building Centers of Excellence

28:03Learning from the Past: Citizen Developers and the Need for Security Assistance

Learning from the Past: Citizen Developers and the Need for Security Assistance

Part 4: AI for Security & Community Resources

31:25AI for Security: User Behavior Analytics, Natural Language Search, and Security Co-Pilots

AI for Security: User Behavior Analytics, Natural Language Search, and Security Co-Pilots

35:52OWASP: Securing Applications in the AI Era

OWASP: Securing Applications in the AI Era

39:15Closing Remarks and Subscription Information

Closing Remarks and Subscription Information