kennwhite, 23 days ago

TL;DR: The most popular chat-assisted app frameworks aren't even doing basic process sandboxing or sane file/network isolation. We are still very much in the early infancy of security maturity with current gen LLMs.

kennwhite, 23 days ago (edited 23 days ago)

Liu et al's preprint: https://arxiv.org/pdf/2309.02926.pdf
BlackHat abstract: https://www.blackhat.com/asia-24/briefings/schedule/index.html#llmshell-discovering-and-exploiting-rce-vulnerabilities-in-real-world-llm-integrated-frameworks-and-apps-37215

kennwhite, 22 days ago

Tong's Google Scholar for related work: https://scholar.google.com/citations?hl=en&user=egWPi_IAAAAJ

teajaygrey, 23 days ago

@kennwhite This is a good thing.

Perhaps some folks can rm -rf / with abandon and nip this BS in the bud.

sigh Alas, I doubt anyone is that forward thinking anymore.

wonka, 22 days ago

@teajaygrey You'd need to delete the system that provisions the system that provisions the VMs...
@kennwhite

mjgardner, 15 days ago (edited 14 days ago)

@kennwhite Looks like we’re at the “Matt’s Script Archive” #security level with #LLM frameworks.

The difference is that Matt Wright was a high school student in 1995 when he launched MSA and its infamously exploitable FormMail #Perl #CGI script.

#InfoSec #AI

yaleman, 9 days ago

@kennwhite sounds like devs need to read the OWASP Top 10 for LLM apps 😄 https://owasp.org/www-project-top-10-for-large-language-model-applications/

byteborg, 13 days ago

@kennwhite
What could possibly go wrong? 🤷 /s

loke, 22 days ago

@kennwhite I was in the room at that session. It was quite interesting. It was just a few hours ago, are you there too?

kennwhite, 22 days ago

@loke yes. I'm on the BH Asia review board and here for the rest of the conference.

loke, 22 days ago

@kennwhite you're not on stage right now? 😃

phryk, 22 days ago

@kennwhite Oh my, that's glorious! 😂

Infoseepage, 23 days ago

@kennwhite There truly is a XKCD for everything.

https://xkcd.com/327/