Captain

joined 2 years ago
MODERATOR OF
ai_infosec
sorted by: new top controversial old
4
Identifying AI-generated images with SynthID (www.deepmind.com)
6
Thinking about the security of AI systems (www.ncsc.gov.uk)
6
GitHub - google/model-transparency (github.com)
8
Universal and Transferable Attacks on Aligned Language Models (llm-attacks.org)
7
Cybercriminals train AI chatbots for phishing, malware attacks (www.bleepingcomputer.com)
6
Adversarial suffixes that circumvent the alignment of open source LLMS, ChatGPT, Claude, Bard, and LLaMA-2 (twitter.com)
8
(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs (twitter.com)
7
Intro to ML Safety - Free course (course.mlsafety.org)
Training Tuesday - Discussions for certs, training and learning-at-home in c/[email protected]
[–] [email protected] 2 points 2 years ago (1 children)

Well done, congratz!

Training Tuesday - Discussions for certs, training and learning-at-home in c/[email protected]
[–] [email protected] 1 points 2 years ago (1 children)

Awesome, congratulations!

I've heard good things about the AWS Security Specialty certificate too. I've done a course for it which was great, though I never bothered to take the certificate (I don't feel the need for it). Have you considered it?

3
Army looking at the possibility of 'AI BOMs' (defensescoop.com)
7
Socket AI – using ChatGPT to examine every npm and PyPI package for security issues (socket.dev)
 

A very interesting approach. Apparently it generates lots of results: https://twitter.com/feross/status/1672401333893365761

4
OWASP Top 10 for LLMs - 0.5 (owasp.org)
submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]
0 comments fedilink
13
Most popular generative AI projects on GitHub are the least secure (www.csoonline.com)
 

They used OpenSSF Scorecard to check the most starred AI projects on GitHub and found that many of them didn't fare well.

The article is based on the report from Rezilion. You can find the report here: https://info.rezilion.com/explaining-the-risk-exploring-the-large-language-models-open-source-security-landscape (any email name works, you'll get access to the report without email verification)

In Escalating Order of Stupidity in c/[email protected]
[–] [email protected] 2 points 2 years ago

My take so far is that there isn't really any great options to protect against prompt injections. Simon Wilson presents an idea here on his blog which could is a bit interesting. NVIDIA has open sourced a framework for this as well, but it's not without problems. Otherwise I've mostly seen prompt injection firewall products but I wouldn't trust them too much yet.

Accessing lemmy.ml community in c/[email protected]
[–] [email protected] 2 points 2 years ago (1 children)

I think this post ended up in the wrong place, I suspect you meant to post it to https://infosec.pub/c/infosecpub

OWASP starts work on Top 10 vulnerabilities of LLMs in c/[email protected]
[–] [email protected] 2 points 2 years ago

Good points, and I agree!

The list is currently largely made to spark interest and discussion so it'll likely change a lot. What you mentioned is also brought up on the Brainstorming page. It seems likely that "Inadequate Alignment" will be removed from the list.

view more: next ›