https://community.isc2.org/t5/Tech-Talk/Threat-Modeling-for-LLM-Powered-Applications/m-p/71600#M4458 <P>Hi All</P><P>&nbsp;</P><P><SPAN class=""><SPAN>There's no denying we're seeing explosive adoption of GenAI and LLM use cases and applications<BR /><BR />That said, it's not too late for organizations to utilize one of the best secure software development methodologies out there, Threat Modeling to ensure secure adoption of LLM's.<BR /><BR />This is an excellent paper discussing "Threat Modeling and Risk Analysis for LLM-Powered Applications"<BR /><BR />It covers:<BR /><BR />- Potential attacks against LLM-powered applications and their potential impacts<BR /><BR />- LLM specific attack vectors and risks<BR /><BR />- Widely used Threat Modeling methodologies and adapting them for LLM applications (cc: <A class="" href="https://www.linkedin.com/in/shostack/" target="_blank" rel="noopener"><span class="lia-unicode-emoji" title=":face_with_medical_mask:">😷</span> Adam Shostack</A></SPAN>)<SPAN><BR /></SPAN><SPAN><BR /></SPAN>- An example LLM-application threat model<SPAN><BR /></SPAN><SPAN><BR /></SPAN>Definitely a key activity organizations should be having their security, development and engineering teams implement as they move forward adopting LLM and GenAI use cases for organizational outcomes, and doing so securely.<SPAN><BR /></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Regards</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Caute_Cautim</SPAN></SPAN></P> Sun, 30 Jun 2024 22:54:24 GMT Caute_cautim 2024-06-30T22:54:24Z https://community.isc2.org/t5/Tech-Talk/Threat-Modeling-for-LLM-Powered-Applications/m-p/71600#M4458 <P>Hi All</P><P>&nbsp;</P><P><SPAN class=""><SPAN>There's no denying we're seeing explosive adoption of GenAI and LLM use cases and applications<BR /><BR />That said, it's not too late for organizations to utilize one of the best secure software development methodologies out there, Threat Modeling to ensure secure adoption of LLM's.<BR /><BR />This is an excellent paper discussing "Threat Modeling and Risk Analysis for LLM-Powered Applications"<BR /><BR />It covers:<BR /><BR />- Potential attacks against LLM-powered applications and their potential impacts<BR /><BR />- LLM specific attack vectors and risks<BR /><BR />- Widely used Threat Modeling methodologies and adapting them for LLM applications (cc: <A class="" href="https://www.linkedin.com/in/shostack/" target="_blank" rel="noopener"><span class="lia-unicode-emoji" title=":face_with_medical_mask:">😷</span> Adam Shostack</A></SPAN>)<SPAN><BR /></SPAN><SPAN><BR /></SPAN>- An example LLM-application threat model<SPAN><BR /></SPAN><SPAN><BR /></SPAN>Definitely a key activity organizations should be having their security, development and engineering teams implement as they move forward adopting LLM and GenAI use cases for organizational outcomes, and doing so securely.<SPAN><BR /></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Regards</SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class=""><SPAN>Caute_Cautim</SPAN></SPAN></P> Sun, 30 Jun 2024 22:54:24 GMT https://community.isc2.org/t5/Tech-Talk/Threat-Modeling-for-LLM-Powered-Applications/m-p/71600#M4458 Caute_cautim 2024-06-30T22:54:24Z