The Complete Platform for GenAI Security
Focus on innovating with Generative AI,
not on securing it.
Generative AI introduces a new array of security risks
We would know. As core members of the OWASP research team, we have unique insights into how Generative AI is changing the cybersecurity landscape.
Brand Reputation Damage
The non-deterministic nature of LLMs poses significant risks to your brand reputation when exposing users to your GenAI apps.
AppSec / OWASP (LLM09)
Brand Reputation Damage
Equally as important as inspecting user prompts before they get to an organization’s systems, is ensuring that responses by LLMs are safe and do not contain toxic or harmful content that could be damaging to an organization.
Inappropriate or off-brand content generated by GenAI applications can result in public relations challenges and harm the company's image, hence moderating content produced by LLMs - given their non-deterministic nature - is crucial.
Key Concerns:
- Toxic or damaging content: Ensuring your GenAI apps don't expose toxic, biased, racist or offensive material to your stakeholders.
- Competitive disadvantage: Preventing your GenAI apps from inadvertently promoting or supporting competitors.
- Off-brand behavior: Guaranteeing your GenAI apps adhere to the desired behavior and tone of your brand.
AppSec / OWASP (LLM09)
Data Privacy Risks
The risk of sensitive information disclosure has become increasingly significant in the era of Generative AI: whether it's employees exfiltrating company data to GenAI tools or LLM-based applications revealing sensitive data.
IT / AppSec / OWASP (LLM06)
Data Privacy Risks
Data privacy has become increasingly crucial in the era of GenAI tool proliferation. With the rise in GenAI tool usage, the likelihood of sharing confidential data has escalated.
LLM applications have the potential to reveal sensitive information, proprietary algorithms, or other confidential details through their output. This can result in unauthorized access to sensitive data, intellectual property, privacy violations, and other security breaches. It is important for consumers of LLM applications to be aware of how to safely interact with LLMs and identify the risks associated with unintentionally inputting sensitive data that may be subsequently returned by the LLM in output elsewhere.
Key Concerns:
- Employees sharing confidential information through GenAI tools
- Developers exfiltrating secrets through AI code assistants
- Homegrown GenAI apps leaking exposing company information
IT / AppSec / OWASP (LLM06)
Denial of Wallet/Service
Denial of Wallet attacks, alongside Denial of Service, are critical security concerns where an attacker excessively engages with an LLM-based app leading to substantial resource consumption.
AppSec / OWASP (llm04)
Denial of Wallet/Service
Denial of Wallet Attacks, alongside Denial of Service, are critical security concerns where an attacker excessively engages with a Large Language Model (LLM) application, leading to substantial resource consumption. This not only degrades the quality of service for legitimate users but also can result in significant financial costs due to overuse of resources. Attackers can exploit this by using a jailbroken interface to covertly access third-party LLMs like OpenAI's GPT, essentially utilizing your application as a free proxy to OpenAI.
Key Concerns:
- Application Downtime: Risk of service unavailability due to resource overuse.
- Performance Degradation: Slower response times and reduced efficiency.
- Financial Implications: Potential for incurring high operational costs.
Learn more about Denial of Wallet attacks: https://www.prompt.security/blog/denial-of-wallet-on-genai-apps-ddow
AppSec / OWASP (llm04)
Indirect Prompt Injection
Indirect Prompt Injection occurs when a LLM processes input from external sources that are under the control of an attacker.
AppSec / IT / OWASP (llm01)
Indirect Prompt Injection
Indirect Prompt Injection occurs when an LLM processes input from external sources that are under the control of an attacker, such as certain websites or tools. In such cases, the attacker can embed a hidden prompt in the external content, effectively hijacking the conversation's context. This results in the destabilization of the LLM's output, potentially allowing the attacker to manipulate the user or interact with other systems accessible by the LLM. Notably, these indirect prompt injections do not need to be visible or readable by humans, as long as they can be parsed by the LLM. A typical example is a ChatGPT web plugin that could unknowingly process a malicious prompt from an attacker's website, often designed to be inconspicuous to human observers (white font, for instance).
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than planned.
AppSec / IT / OWASP (llm01)
Insecure Plugin Design
A potential attacker can construct a malicious request to an LLM plugin, which could result in a wide range of undesired behaviors, up to and including remote code execution.
AppSec / IT / OWASP (llm02, llm07)
Insecure Plugin Design
LLM plugins are extensions that, when enabled, are called automatically by the model during user interactions. They are driven by the model, and there is no application control over the execution. Furthermore, to deal with context-size limitations, plugins are likely to implement free-text inputs from the model with no validation or type checking. This allows a potential attacker to construct a malicious request to the plugin, which could result in a wide range of undesired behaviors, up to and including remote code execution.
Key Concerns:
- Malicious Code Execution: Preventing unauthorized execution of harmful code.
- SQL Injection: Protecting against unauthorized database access or manipulation.
- Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF): Defending against web-based attacks that can compromise user data and interactions.
AppSec / IT / OWASP (llm02, llm07)
Jailbreak
Jailbreaking represents a category of prompt injection where an attacker overrides the original instructions of the LLM, deviating it from its intended behavior and established guidelines.
AppSec / OWASP (LLM01)
Jailbreak
Jailbreaking, a type of Prompt Injection refers to the engineering of prompts to exploit model biases and generate outputs that may not align with their intended behavior, original purpose or established guidelines.
By carefully crafting inputs that exploit system vulnerabilities, the LLM can eventually respond without its usual restrictions or moderation. There have been some notable examples, such as the "DAN" or "multi-shot jailbreaking", where the AI systems responded without their usual constraints.
Key Concerns:
- Brand Reputation: Preventing damage to the organization's public image due to undesired AI behavior.
- Decreased Performance: Ensuring the GenAI application functions as designed, without unexpected deviations.
- Unsafe Customer Experience: Protecting users from potentially harmful or inappropriate interactions with the AI system.
AppSec / OWASP (LLM01)
Legal Challenges
The emergence of GenAI technologies and the accompanying regulatory frameworks is raising substantial legal concerns within organizations.
AppSec / IT
Legal Challenges
The emergence of GenAI technologies is raising substantial legal concerns within organizations. These concerns stem primarily from the lack of oversight and auditing of GenAI tools and their outputs, as well as the potential mishandling of intellectual property. In particular, these issues can manifest as unauthorized use or "Shadow AI," unintentional disclosure of sensitive intellectual property to the tools, migration of intellectual property through these tools, and the generation of harmful or offensive content that may reach customers.
Key Concerns:
- Absence of Audit and Visibility: Addressing the challenge of unmonitored GenAI usage or "Shadow AI."
- Intellectual Property Disclosure: Preventing sharing of proprietary information with GenAI tools.
- Intellectual Property Migration: Safeguarding against the unintentional transfer of intellectual assets through GenAI tools to your company.
- Generation of Harmful or Offensive Content: Ensuring GenAI tools do not produce content that could harm customers or the company's reputation.
AppSec / IT
Privilege Escalation
As organizations integrate LLMs with more and more tools within the organization, like databases, APIs, and code interpreters, the risk of privilege escalation increases.
AppSec / OWASP (LLM08)
Privilege Escalation
As the integration of Large Language Models (LLMs) with various tools like databases, APIs, and code interpreters increases, so does the risk of privilege escalation. This GenAI risk involves the potential misuse of LLM privileges to gain unauthorized access and control within an organization’s digital environment.
Key Concerns:
- Privilege Escalation: Unauthorized elevation of access rights.
- Unauthorized Data Access: Accessing sensitive data without proper authorization.
- System Compromise: Gaining control over systems beyond intended limits.
- Denial of Service: Disrupting services by overloading or manipulating systems.
AppSec / OWASP (LLM08)
Prompt Injection
Prompt Injection is a cybersecurity threat where attackers manipulate a large language model (LLM) through carefully crafted inputs.
AppSec / OWASP (llm01)
Prompt Injection
Prompt Injection is a cybersecurity threat where attackers manipulate a large language model (LLM) through carefully crafted inputs. This manipulation, often referred to as "jailbreaking" tricks the LLM into executing the attacker's intentions. This threat becomes particularly concerning when the LLM is integrated with other tools such as internal databases, APIs, or code interpreters, creating a new attack surface.
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than its intended use.
Learn more about Prompt Injection: https://www.prompt.security/blog/prompt-injection-101
AppSec / OWASP (llm01)
Prompt Leak
Prompt Leak is a specific form of prompt injection where a Large Language Model (LLM) inadvertently reveals its system instructions or internal logic.
AppSec / OWASP (LLM01, LLM06)
Prompt Leak
Prompt Leak is a specific form of prompt injection where a Large Language Model (LLM) inadvertently reveals its system instructions or internal logic. This issue arises when prompts are engineered to extract the underlying system prompt of a GenAI application. As prompt engineering becomes increasingly integral to the development of GenAI apps, any unintentional disclosure of these prompts can be considered as exposure of proprietary code or intellectual property.
Key Concerns:
- Intellectual Property Disclosure: Preventing the unauthorized revelation of proprietary information embedded in system prompts.
- Recon for Downstream Attacks: Avoiding the leak of system prompts which could serve as reconnaissance for more damaging prompt injections.
- Brand Reputation Damage: Protecting the organization's public image from the fallout of accidental prompt disclosure which might contain embarrassing information.
AppSec / OWASP (LLM01, LLM06)
Shadow AI
Employees use dozens of different GenAI tools in their daily operations, most of them unbeknownst to their IT teams. Key concerns are limited visibility, absence of governance, compliance risk, and data exposure.
IT
Shadow AI
ChatGPT marked the beginning of the widespread adoption of GenAI tools. Today, in the average company, we observe employees using over 30 different AI tools as part of their jobs, most of them without visibility to the IT Security team. Mastering and managing these tools is crucial for success.
Key Concerns:
- Limited Visibility: Understanding the full scope of GenAI tool usage within the company.
- Absence of Governance: Establishing effective control over the usage of GenAI tools.
- Compliance Risks: Mitigating the risk of violating regulatory standards.
- Sensitive Data Exposure: Preventing employees from exposing sensitive or confidential information to GenAI tools and copilots.
IT
Toxic, Biased or Harmful Content
A jailbroken LLM behaving unpredictably can pose significant risks, potentially endangering an organization, its employees, or customers if it outputs toxic, biased or harmful content.
AppSec /IT / OWASP (llm09)
Toxic, Biased or Harmful Content
A jailbroken Large Language Model (LLM) behaving unpredictably can pose significant risks, potentially endangering an organization, its employees, or customers. The repercussions range from embarrassing social media posts to negative customer experiences, and may even include legal complications. To safeguard against such issues, it’s crucial to implement protective measures.
Key Concerns:
- Toxicity: Preventing harmful or offensive content.
- Bias: Ensuring fair and impartial interactions.
- Racism: Avoiding racially insensitive or discriminatory content.
- Brand Reputation: Maintaining a positive public image.
- Inappropriate Sexual Content: Filtering out unsuitable sexual material.
AppSec /IT / OWASP (llm09)
Privilege Escalation
As organizations integrate LLMs with more and more tools within the organization, like databases, APIs, and code interpreters, the risk of privilege escalation increases.
AppSec / OWASP (LLM08)
Privilege Escalation
As the integration of Large Language Models (LLMs) with various tools like databases, APIs, and code interpreters increases, so does the risk of privilege escalation. This GenAI risk involves the potential misuse of LLM privileges to gain unauthorized access and control within an organization’s digital environment.
Key Concerns:
- Privilege Escalation: Unauthorized elevation of access rights.
- Unauthorized Data Access: Accessing sensitive data without proper authorization.
- System Compromise: Gaining control over systems beyond intended limits.
- Denial of Service: Disrupting services by overloading or manipulating systems.
AppSec / OWASP (LLM08)
Insecure Plugin Design
A potential attacker can construct a malicious request to an LLM plugin, which could result in a wide range of undesired behaviors, up to and including remote code execution.
AppSec / IT / OWASP (llm02, llm07)
Insecure Plugin Design
LLM plugins are extensions that, when enabled, are called automatically by the model during user interactions. They are driven by the model, and there is no application control over the execution. Furthermore, to deal with context-size limitations, plugins are likely to implement free-text inputs from the model with no validation or type checking. This allows a potential attacker to construct a malicious request to the plugin, which could result in a wide range of undesired behaviors, up to and including remote code execution.
Key Concerns:
- Malicious Code Execution: Preventing unauthorized execution of harmful code.
- SQL Injection: Protecting against unauthorized database access or manipulation.
- Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF): Defending against web-based attacks that can compromise user data and interactions.
AppSec / IT / OWASP (llm02, llm07)
Brand Reputation Damage
The non-deterministic nature of LLMs poses significant risks to your brand reputation when exposing users to your GenAI apps.
AppSec / OWASP (LLM09)
Brand Reputation Damage
Equally as important as inspecting user prompts before they get to an organization’s systems, is ensuring that responses by LLMs are safe and do not contain toxic or harmful content that could be damaging to an organization.
Inappropriate or off-brand content generated by GenAI applications can result in public relations challenges and harm the company's image, hence moderating content produced by LLMs - given their non-deterministic nature - is crucial.
Key Concerns:
- Toxic or damaging content: Ensuring your GenAI apps don't expose toxic, biased, racist or offensive material to your stakeholders.
- Competitive disadvantage: Preventing your GenAI apps from inadvertently promoting or supporting competitors.
- Off-brand behavior: Guaranteeing your GenAI apps adhere to the desired behavior and tone of your brand.
AppSec / OWASP (LLM09)
Shadow AI
Employees use dozens of different GenAI tools in their daily operations, most of them unbeknownst to their IT teams. Key concerns are limited visibility, absence of governance, compliance risk, and data exposure.
IT
Shadow AI
ChatGPT marked the beginning of the widespread adoption of GenAI tools. Today, in the average company, we observe employees using over 30 different AI tools as part of their jobs, most of them without visibility to the IT Security team. Mastering and managing these tools is crucial for success.
Key Concerns:
- Limited Visibility: Understanding the full scope of GenAI tool usage within the company.
- Absence of Governance: Establishing effective control over the usage of GenAI tools.
- Compliance Risks: Mitigating the risk of violating regulatory standards.
- Sensitive Data Exposure: Preventing employees from exposing sensitive or confidential information to GenAI tools and copilots.
IT
Data Privacy Risks
The risk of sensitive information disclosure has become increasingly significant in the era of Generative AI: whether it's employees exfiltrating company data to GenAI tools or LLM-based applications revealing sensitive data.
IT / AppSec / OWASP (LLM06)
Data Privacy Risks
Data privacy has become increasingly crucial in the era of GenAI tool proliferation. With the rise in GenAI tool usage, the likelihood of sharing confidential data has escalated.
LLM applications have the potential to reveal sensitive information, proprietary algorithms, or other confidential details through their output. This can result in unauthorized access to sensitive data, intellectual property, privacy violations, and other security breaches. It is important for consumers of LLM applications to be aware of how to safely interact with LLMs and identify the risks associated with unintentionally inputting sensitive data that may be subsequently returned by the LLM in output elsewhere.
Key Concerns:
- Employees sharing confidential information through GenAI tools
- Developers exfiltrating secrets through AI code assistants
- Homegrown GenAI apps leaking exposing company information
IT / AppSec / OWASP (LLM06)
Prompt Injection
Prompt Injection is a cybersecurity threat where attackers manipulate a large language model (LLM) through carefully crafted inputs.
AppSec / OWASP (llm01)
Prompt Injection
Prompt Injection is a cybersecurity threat where attackers manipulate a large language model (LLM) through carefully crafted inputs. This manipulation, often referred to as "jailbreaking" tricks the LLM into executing the attacker's intentions. This threat becomes particularly concerning when the LLM is integrated with other tools such as internal databases, APIs, or code interpreters, creating a new attack surface.
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than its intended use.
Learn more about Prompt Injection: https://www.prompt.security/blog/prompt-injection-101
AppSec / OWASP (llm01)
Prompt Leak
Prompt Leak is a specific form of prompt injection where a Large Language Model (LLM) inadvertently reveals its system instructions or internal logic.
AppSec / OWASP (LLM01, LLM06)
Prompt Leak
Prompt Leak is a specific form of prompt injection where a Large Language Model (LLM) inadvertently reveals its system instructions or internal logic. This issue arises when prompts are engineered to extract the underlying system prompt of a GenAI application. As prompt engineering becomes increasingly integral to the development of GenAI apps, any unintentional disclosure of these prompts can be considered as exposure of proprietary code or intellectual property.
Key Concerns:
- Intellectual Property Disclosure: Preventing the unauthorized revelation of proprietary information embedded in system prompts.
- Recon for Downstream Attacks: Avoiding the leak of system prompts which could serve as reconnaissance for more damaging prompt injections.
- Brand Reputation Damage: Protecting the organization's public image from the fallout of accidental prompt disclosure which might contain embarrassing information.
AppSec / OWASP (LLM01, LLM06)
Denial of Wallet/Service
Denial of Wallet attacks, alongside Denial of Service, are critical security concerns where an attacker excessively engages with an LLM-based app leading to substantial resource consumption.
AppSec / OWASP (llm04)
Denial of Wallet/Service
Denial of Wallet Attacks, alongside Denial of Service, are critical security concerns where an attacker excessively engages with a Large Language Model (LLM) application, leading to substantial resource consumption. This not only degrades the quality of service for legitimate users but also can result in significant financial costs due to overuse of resources. Attackers can exploit this by using a jailbroken interface to covertly access third-party LLMs like OpenAI's GPT, essentially utilizing your application as a free proxy to OpenAI.
Key Concerns:
- Application Downtime: Risk of service unavailability due to resource overuse.
- Performance Degradation: Slower response times and reduced efficiency.
- Financial Implications: Potential for incurring high operational costs.
Learn more about Denial of Wallet attacks: https://www.prompt.security/blog/denial-of-wallet-on-genai-apps-ddow
AppSec / OWASP (llm04)
Legal Challenges
The emergence of GenAI technologies and the accompanying regulatory frameworks is raising substantial legal concerns within organizations.
AppSec / IT
Legal Challenges
The emergence of GenAI technologies is raising substantial legal concerns within organizations. These concerns stem primarily from the lack of oversight and auditing of GenAI tools and their outputs, as well as the potential mishandling of intellectual property. In particular, these issues can manifest as unauthorized use or "Shadow AI," unintentional disclosure of sensitive intellectual property to the tools, migration of intellectual property through these tools, and the generation of harmful or offensive content that may reach customers.
Key Concerns:
- Absence of Audit and Visibility: Addressing the challenge of unmonitored GenAI usage or "Shadow AI."
- Intellectual Property Disclosure: Preventing sharing of proprietary information with GenAI tools.
- Intellectual Property Migration: Safeguarding against the unintentional transfer of intellectual assets through GenAI tools to your company.
- Generation of Harmful or Offensive Content: Ensuring GenAI tools do not produce content that could harm customers or the company's reputation.
AppSec / IT
Toxic, Biased or Harmful Content
A jailbroken LLM behaving unpredictably can pose significant risks, potentially endangering an organization, its employees, or customers if it outputs toxic, biased or harmful content.
AppSec /IT / OWASP (llm09)
Toxic, Biased or Harmful Content
A jailbroken Large Language Model (LLM) behaving unpredictably can pose significant risks, potentially endangering an organization, its employees, or customers. The repercussions range from embarrassing social media posts to negative customer experiences, and may even include legal complications. To safeguard against such issues, it’s crucial to implement protective measures.
Key Concerns:
- Toxicity: Preventing harmful or offensive content.
- Bias: Ensuring fair and impartial interactions.
- Racism: Avoiding racially insensitive or discriminatory content.
- Brand Reputation: Maintaining a positive public image.
- Inappropriate Sexual Content: Filtering out unsuitable sexual material.
AppSec /IT / OWASP (llm09)
Jailbreak
Jailbreaking represents a category of prompt injection where an attacker overrides the original instructions of the LLM, deviating it from its intended behavior and established guidelines.
AppSec / OWASP (LLM01)
Jailbreak
Jailbreaking, a type of Prompt Injection refers to the engineering of prompts to exploit model biases and generate outputs that may not align with their intended behavior, original purpose or established guidelines.
By carefully crafting inputs that exploit system vulnerabilities, the LLM can eventually respond without its usual restrictions or moderation. There have been some notable examples, such as the "DAN" or "multi-shot jailbreaking", where the AI systems responded without their usual constraints.
Key Concerns:
- Brand Reputation: Preventing damage to the organization's public image due to undesired AI behavior.
- Decreased Performance: Ensuring the GenAI application functions as designed, without unexpected deviations.
- Unsafe Customer Experience: Protecting users from potentially harmful or inappropriate interactions with the AI system.
AppSec / OWASP (LLM01)
Indirect Prompt Injection
Indirect Prompt Injection occurs when a LLM processes input from external sources that are under the control of an attacker.
AppSec / IT / OWASP (llm01)
Indirect Prompt Injection
Indirect Prompt Injection occurs when an LLM processes input from external sources that are under the control of an attacker, such as certain websites or tools. In such cases, the attacker can embed a hidden prompt in the external content, effectively hijacking the conversation's context. This results in the destabilization of the LLM's output, potentially allowing the attacker to manipulate the user or interact with other systems accessible by the LLM. Notably, these indirect prompt injections do not need to be visible or readable by humans, as long as they can be parsed by the LLM. A typical example is a ChatGPT web plugin that could unknowingly process a malicious prompt from an attacker's website, often designed to be inconspicuous to human observers (white font, for instance).
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than planned.
AppSec / IT / OWASP (llm01)
Privilege Escalation
As organizations integrate LLMs with more and more tools within the organization, like databases, APIs, and code interpreters, the risk of privilege escalation increases.
AppSec / OWASP (LLM08)
Privilege Escalation
As the integration of Large Language Models (LLMs) with various tools like databases, APIs, and code interpreters increases, so does the risk of privilege escalation. This GenAI risk involves the potential misuse of LLM privileges to gain unauthorized access and control within an organization’s digital environment.
Key Concerns:
- Privilege Escalation: Unauthorized elevation of access rights.
- Unauthorized Data Access: Accessing sensitive data without proper authorization.
- System Compromise: Gaining control over systems beyond intended limits.
- Denial of Service: Disrupting services by overloading or manipulating systems.
AppSec / OWASP (LLM08)
Insecure Plugin Design
A potential attacker can construct a malicious request to an LLM plugin, which could result in a wide range of undesired behaviors, up to and including remote code execution.
AppSec / IT / OWASP (llm02, llm07)
Insecure Plugin Design
LLM plugins are extensions that, when enabled, are called automatically by the model during user interactions. They are driven by the model, and there is no application control over the execution. Furthermore, to deal with context-size limitations, plugins are likely to implement free-text inputs from the model with no validation or type checking. This allows a potential attacker to construct a malicious request to the plugin, which could result in a wide range of undesired behaviors, up to and including remote code execution.
Key Concerns:
- Malicious Code Execution: Preventing unauthorized execution of harmful code.
- SQL Injection: Protecting against unauthorized database access or manipulation.
- Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF): Defending against web-based attacks that can compromise user data and interactions.
AppSec / IT / OWASP (llm02, llm07)
Brand Reputation Damage
The non-deterministic nature of LLMs poses significant risks to your brand reputation when exposing users to your GenAI apps.
AppSec / OWASP (LLM09)
Brand Reputation Damage
Equally as important as inspecting user prompts before they get to an organization’s systems, is ensuring that responses by LLMs are safe and do not contain toxic or harmful content that could be damaging to an organization.
Inappropriate or off-brand content generated by GenAI applications can result in public relations challenges and harm the company's image, hence moderating content produced by LLMs - given their non-deterministic nature - is crucial.
Key Concerns:
- Toxic or damaging content: Ensuring your GenAI apps don't expose toxic, biased, racist or offensive material to your stakeholders.
- Competitive disadvantage: Preventing your GenAI apps from inadvertently promoting or supporting competitors.
- Off-brand behavior: Guaranteeing your GenAI apps adhere to the desired behavior and tone of your brand.
AppSec / OWASP (LLM09)
Shadow AI
Employees use dozens of different GenAI tools in their daily operations, most of them unbeknownst to their IT teams. Key concerns are limited visibility, absence of governance, compliance risk, and data exposure.
IT
Shadow AI
ChatGPT marked the beginning of the widespread adoption of GenAI tools. Today, in the average company, we observe employees using over 30 different AI tools as part of their jobs, most of them without visibility to the IT Security team. Mastering and managing these tools is crucial for success.
Key Concerns:
- Limited Visibility: Understanding the full scope of GenAI tool usage within the company.
- Absence of Governance: Establishing effective control over the usage of GenAI tools.
- Compliance Risks: Mitigating the risk of violating regulatory standards.
- Sensitive Data Exposure: Preventing employees from exposing sensitive or confidential information to GenAI tools and copilots.
IT
Data Privacy Risks
The risk of sensitive information disclosure has become increasingly significant in the era of Generative AI: whether it's employees exfiltrating company data to GenAI tools or LLM-based applications revealing sensitive data.
IT / AppSec / OWASP (LLM06)
Data Privacy Risks
Data privacy has become increasingly crucial in the era of GenAI tool proliferation. With the rise in GenAI tool usage, the likelihood of sharing confidential data has escalated.
LLM applications have the potential to reveal sensitive information, proprietary algorithms, or other confidential details through their output. This can result in unauthorized access to sensitive data, intellectual property, privacy violations, and other security breaches. It is important for consumers of LLM applications to be aware of how to safely interact with LLMs and identify the risks associated with unintentionally inputting sensitive data that may be subsequently returned by the LLM in output elsewhere.
Key Concerns:
- Employees sharing confidential information through GenAI tools
- Developers exfiltrating secrets through AI code assistants
- Homegrown GenAI apps leaking exposing company information
IT / AppSec / OWASP (LLM06)
Prompt Injection
Prompt Injection is a cybersecurity threat where attackers manipulate a large language model (LLM) through carefully crafted inputs.
AppSec / OWASP (llm01)
Prompt Injection
Prompt Injection is a cybersecurity threat where attackers manipulate a large language model (LLM) through carefully crafted inputs. This manipulation, often referred to as "jailbreaking" tricks the LLM into executing the attacker's intentions. This threat becomes particularly concerning when the LLM is integrated with other tools such as internal databases, APIs, or code interpreters, creating a new attack surface.
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than its intended use.
Learn more about Prompt Injection: https://www.prompt.security/blog/prompt-injection-101
AppSec / OWASP (llm01)
Prompt Leak
Prompt Leak is a specific form of prompt injection where a Large Language Model (LLM) inadvertently reveals its system instructions or internal logic.
AppSec / OWASP (LLM01, LLM06)
Prompt Leak
Prompt Leak is a specific form of prompt injection where a Large Language Model (LLM) inadvertently reveals its system instructions or internal logic. This issue arises when prompts are engineered to extract the underlying system prompt of a GenAI application. As prompt engineering becomes increasingly integral to the development of GenAI apps, any unintentional disclosure of these prompts can be considered as exposure of proprietary code or intellectual property.
Key Concerns:
- Intellectual Property Disclosure: Preventing the unauthorized revelation of proprietary information embedded in system prompts.
- Recon for Downstream Attacks: Avoiding the leak of system prompts which could serve as reconnaissance for more damaging prompt injections.
- Brand Reputation Damage: Protecting the organization's public image from the fallout of accidental prompt disclosure which might contain embarrassing information.
AppSec / OWASP (LLM01, LLM06)
Denial of Wallet/Service
Denial of Wallet attacks, alongside Denial of Service, are critical security concerns where an attacker excessively engages with an LLM-based app leading to substantial resource consumption.
AppSec / OWASP (llm04)
Denial of Wallet/Service
Denial of Wallet Attacks, alongside Denial of Service, are critical security concerns where an attacker excessively engages with a Large Language Model (LLM) application, leading to substantial resource consumption. This not only degrades the quality of service for legitimate users but also can result in significant financial costs due to overuse of resources. Attackers can exploit this by using a jailbroken interface to covertly access third-party LLMs like OpenAI's GPT, essentially utilizing your application as a free proxy to OpenAI.
Key Concerns:
- Application Downtime: Risk of service unavailability due to resource overuse.
- Performance Degradation: Slower response times and reduced efficiency.
- Financial Implications: Potential for incurring high operational costs.
Learn more about Denial of Wallet attacks: https://www.prompt.security/blog/denial-of-wallet-on-genai-apps-ddow
AppSec / OWASP (llm04)
Legal Challenges
The emergence of GenAI technologies and the accompanying regulatory frameworks is raising substantial legal concerns within organizations.
AppSec / IT
Legal Challenges
The emergence of GenAI technologies is raising substantial legal concerns within organizations. These concerns stem primarily from the lack of oversight and auditing of GenAI tools and their outputs, as well as the potential mishandling of intellectual property. In particular, these issues can manifest as unauthorized use or "Shadow AI," unintentional disclosure of sensitive intellectual property to the tools, migration of intellectual property through these tools, and the generation of harmful or offensive content that may reach customers.
Key Concerns:
- Absence of Audit and Visibility: Addressing the challenge of unmonitored GenAI usage or "Shadow AI."
- Intellectual Property Disclosure: Preventing sharing of proprietary information with GenAI tools.
- Intellectual Property Migration: Safeguarding against the unintentional transfer of intellectual assets through GenAI tools to your company.
- Generation of Harmful or Offensive Content: Ensuring GenAI tools do not produce content that could harm customers or the company's reputation.
AppSec / IT
Toxic, Biased or Harmful Content
A jailbroken LLM behaving unpredictably can pose significant risks, potentially endangering an organization, its employees, or customers if it outputs toxic, biased or harmful content.
AppSec /IT / OWASP (llm09)
Toxic, Biased or Harmful Content
A jailbroken Large Language Model (LLM) behaving unpredictably can pose significant risks, potentially endangering an organization, its employees, or customers. The repercussions range from embarrassing social media posts to negative customer experiences, and may even include legal complications. To safeguard against such issues, it’s crucial to implement protective measures.
Key Concerns:
- Toxicity: Preventing harmful or offensive content.
- Bias: Ensuring fair and impartial interactions.
- Racism: Avoiding racially insensitive or discriminatory content.
- Brand Reputation: Maintaining a positive public image.
- Inappropriate Sexual Content: Filtering out unsuitable sexual material.
AppSec /IT / OWASP (llm09)
Jailbreak
Jailbreaking represents a category of prompt injection where an attacker overrides the original instructions of the LLM, deviating it from its intended behavior and established guidelines.
AppSec / OWASP (LLM01)
Jailbreak
Jailbreaking, a type of Prompt Injection refers to the engineering of prompts to exploit model biases and generate outputs that may not align with their intended behavior, original purpose or established guidelines.
By carefully crafting inputs that exploit system vulnerabilities, the LLM can eventually respond without its usual restrictions or moderation. There have been some notable examples, such as the "DAN" or "multi-shot jailbreaking", where the AI systems responded without their usual constraints.
Key Concerns:
- Brand Reputation: Preventing damage to the organization's public image due to undesired AI behavior.
- Decreased Performance: Ensuring the GenAI application functions as designed, without unexpected deviations.
- Unsafe Customer Experience: Protecting users from potentially harmful or inappropriate interactions with the AI system.
AppSec / OWASP (LLM01)
Indirect Prompt Injection
Indirect Prompt Injection occurs when a LLM processes input from external sources that are under the control of an attacker.
AppSec / IT / OWASP (llm01)
Indirect Prompt Injection
Indirect Prompt Injection occurs when an LLM processes input from external sources that are under the control of an attacker, such as certain websites or tools. In such cases, the attacker can embed a hidden prompt in the external content, effectively hijacking the conversation's context. This results in the destabilization of the LLM's output, potentially allowing the attacker to manipulate the user or interact with other systems accessible by the LLM. Notably, these indirect prompt injections do not need to be visible or readable by humans, as long as they can be parsed by the LLM. A typical example is a ChatGPT web plugin that could unknowingly process a malicious prompt from an attacker's website, often designed to be inconspicuous to human observers (white font, for instance).
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than planned.
AppSec / IT / OWASP (llm01)
Privilege Escalation
AppSec / OWASP (LLM08)
As the integration of Large Language Models (LLMs) with various tools like databases, APIs, and code interpreters increases, so does the risk of privilege escalation. This GenAI risk involves the potential misuse of LLM privileges to gain unauthorized access and control within an organization’s digital environment.
Key Concerns:
- Privilege Escalation: Unauthorized elevation of access rights.
- Unauthorized Data Access: Accessing sensitive data without proper authorization.
- System Compromise: Gaining control over systems beyond intended limits.
- Denial of Service: Disrupting services by overloading or manipulating systems.
How
Helps:
To mitigate these risks, Prompt Security incorporates robust security protocols designed to prevent privilege escalation. Recognizing that architectural imperfections and over-privileged roles can exist, our platform actively monitors and blocks any prompts that may lead to unwarranted access to critical components within your environment. In the event of such an attempt, Prompt Security not only blocks the action but also immediately alerts your security team, thus ensuring a higher level of safeguarding against privilege escalation threats.
Insecure Plugin Design
AppSec / IT / OWASP (llm02, llm07)
LLM plugins are extensions that, when enabled, are called automatically by the model during user interactions. They are driven by the model, and there is no application control over the execution. Furthermore, to deal with context-size limitations, plugins are likely to implement free-text inputs from the model with no validation or type checking. This allows a potential attacker to construct a malicious request to the plugin, which could result in a wide range of undesired behaviors, up to and including remote code execution.
Key Concerns:
- Malicious Code Execution: Preventing unauthorized execution of harmful code.
- SQL Injection: Protecting against unauthorized database access or manipulation.
- Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF): Defending against web-based attacks that can compromise user data and interactions.
How
Helps:
Recognizing that no architecture is flawless and may contain misconfigurations or overly permissive roles, our platform vigilantly monitors all prompts directed towards these integrated tools. We ensure that each prompt leading to a call for these tools is legitimate and benign. In instances where a prompt is identified as potentially harmful, it is promptly blocked, and an alert is issued. This proactive approach is key to maintaining the security and integrity of your systems, safeguarding against emerging cybersecurity threats in a dynamic technological landscape.
Brand Reputation Damage
AppSec / OWASP (LLM09)
Equally as important as inspecting user prompts before they get to an organization’s systems, is ensuring that responses by LLMs are safe and do not contain toxic or harmful content that could be damaging to an organization.
Inappropriate or off-brand content generated by GenAI applications can result in public relations challenges and harm the company's image, hence moderating content produced by LLMs - given their non-deterministic nature - is crucial.
Key Concerns:
- Toxic or damaging content: Ensuring your GenAI apps don't expose toxic, biased, racist or offensive material to your stakeholders.
- Competitive disadvantage: Preventing your GenAI apps from inadvertently promoting or supporting competitors.
- Off-brand behavior: Guaranteeing your GenAI apps adhere to the desired behavior and tone of your brand.
How
Helps:
Prompt Security safeguards your brand's integrity and public image by moderating the content generated by the LLMs powering your homegrown apps.
In order to mitigate the risks, Prompt Security rigorously supervises each input and output of your homegrown GenAI applications to prevent your users from being exposed to inappropriate, toxic, or off-brand content generated by LLMs that could be damaging for the company and its reputation.
Shadow AI
IT
ChatGPT marked the beginning of the widespread adoption of GenAI tools. Today, in the average company, we observe employees using over 30 different AI tools as part of their jobs, most of them without visibility to the IT Security team. Mastering and managing these tools is crucial for success.
Key Concerns:
- Limited Visibility: Understanding the full scope of GenAI tool usage within the company.
- Absence of Governance: Establishing effective control over the usage of GenAI tools.
- Compliance Risks: Mitigating the risk of violating regulatory standards.
- Sensitive Data Exposure: Preventing employees from exposing sensitive or confidential information to GenAI tools and copilots.
How
Helps:
Prompt Security empowers you to securely adopt GenAI organization-wide by having full visibility, monitoring and enforcement.
- Observability: Instantly detect and monitor all GenAI tools used within the organization and see which are the riskiest apps and users.
- Data Privacy: Prevent data leaks through automatic anonymization and data privacy enforcement.
- Risk Management and Compliance: Establish and enforce granular department and user rules and policies.
- Employee Awareness: Educate your employees on the safe use of GenAI tools with non-intrusive explanations on the associated risk of their actions.
Enable your employees to adopt GenAI tools without worrying about Shadow AI, Data Privacy and Regulatory risks.
Data Privacy Risks
IT / AppSec / OWASP (LLM06)
Data privacy has become increasingly crucial in the era of GenAI tool proliferation. With the rise in GenAI tool usage, the likelihood of sharing confidential data has escalated.
LLM applications have the potential to reveal sensitive information, proprietary algorithms, or other confidential details through their output. This can result in unauthorized access to sensitive data, intellectual property, privacy violations, and other security breaches. It is important for consumers of LLM applications to be aware of how to safely interact with LLMs and identify the risks associated with unintentionally inputting sensitive data that may be subsequently returned by the LLM in output elsewhere.
Key Concerns:
- Employees sharing confidential information through GenAI tools
- Developers exfiltrating secrets through AI code assistants
- Homegrown GenAI apps leaking exposing company information
How
Helps:
Prompt Security's platform inspects all interactions with GenAI tools to prevent data exfiltration either by employees to GenAI tools, or the homegrown GenAI apps revealing company information to its users. Any sensitive or confidential information will be identified automatically. Users and Admin will receive immediate alerts for each potential breach, accompanied by real-time preventative measures such as redaction or blocking.
Prompt Injection
AppSec / OWASP (llm01)
Prompt Injection is a cybersecurity threat where attackers manipulate a large language model (LLM) through carefully crafted inputs. This manipulation, often referred to as "jailbreaking" tricks the LLM into executing the attacker's intentions. This threat becomes particularly concerning when the LLM is integrated with other tools such as internal databases, APIs, or code interpreters, creating a new attack surface.
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than its intended use.
Learn more about Prompt Injection: https://www.prompt.security/blog/prompt-injection-101
How
Helps:
To combat this, Prompt Security employs a sophisticated AI-powered engine that detects and blocks adversarial prompt injection attempts in real-time while ensuring minimal latency overhead, with a response time below 200 milliseconds. In the event of an attempted attack, besides blocking, the platform immediately sends an alert and full logging to the platform admin, providing robust protection against this emerging cybersecurity threat.
If you want to test the resilience of your GenAI apps against a variety of risks and vulnerabilities, including Prompt Injection, try out the Prompt Fuzzer. It's available to everyone on GitHub.
Prompt Leak
AppSec / OWASP (LLM01, LLM06)
Prompt Leak is a specific form of prompt injection where a Large Language Model (LLM) inadvertently reveals its system instructions or internal logic. This issue arises when prompts are engineered to extract the underlying system prompt of a GenAI application. As prompt engineering becomes increasingly integral to the development of GenAI apps, any unintentional disclosure of these prompts can be considered as exposure of proprietary code or intellectual property.
Key Concerns:
- Intellectual Property Disclosure: Preventing the unauthorized revelation of proprietary information embedded in system prompts.
- Recon for Downstream Attacks: Avoiding the leak of system prompts which could serve as reconnaissance for more damaging prompt injections.
- Brand Reputation Damage: Protecting the organization's public image from the fallout of accidental prompt disclosure which might contain embarrassing information.
How
Helps:
To address the risk of prompt leaks, Prompt Security meticulously monitors each prompt and response to ensure that the GenAI app does not inadvertently disclose its assigned instructions, policies, or system prompts. In the event of a potential leak, we will block the attempt and issue a corresponding alert. This proactive approach fortifies your homegrown GenAI projects against the risks associated with prompt leak, safeguarding both your intellectual property and brand's integrity.
If you want to test the resilience of your GenAI apps against a variety of risks and vulnerabilities, including Prompt Leak, try out the Prompt Fuzzer. It's available to everyone on GitHub.
Denial of Wallet/Service
AppSec / OWASP (llm04)
Denial of Wallet Attacks, alongside Denial of Service, are critical security concerns where an attacker excessively engages with a Large Language Model (LLM) application, leading to substantial resource consumption. This not only degrades the quality of service for legitimate users but also can result in significant financial costs due to overuse of resources. Attackers can exploit this by using a jailbroken interface to covertly access third-party LLMs like OpenAI's GPT, essentially utilizing your application as a free proxy to OpenAI.
Key Concerns:
- Application Downtime: Risk of service unavailability due to resource overuse.
- Performance Degradation: Slower response times and reduced efficiency.
- Financial Implications: Potential for incurring high operational costs.
Learn more about Denial of Wallet attacks: https://www.prompt.security/blog/denial-of-wallet-on-genai-apps-ddow
How
Helps:
To address the risk of Denial of Wallet/Denial of Service attack, Prompt Security employs robust measures to ensure each interaction with the GenAI application is legitimate and secure. We closely monitor for any abnormal usage or increased activity from specific identities, and instantly block them if they deviate from normal parameters. This proactive approach guarantees the integrity of your application, protecting it from attacks that could lead to service interruptions or excessive costs.
Legal Challenges
AppSec / IT
The emergence of GenAI technologies is raising substantial legal concerns within organizations. These concerns stem primarily from the lack of oversight and auditing of GenAI tools and their outputs, as well as the potential mishandling of intellectual property. In particular, these issues can manifest as unauthorized use or "Shadow AI," unintentional disclosure of sensitive intellectual property to the tools, migration of intellectual property through these tools, and the generation of harmful or offensive content that may reach customers.
Key Concerns:
- Absence of Audit and Visibility: Addressing the challenge of unmonitored GenAI usage or "Shadow AI."
- Intellectual Property Disclosure: Preventing sharing of proprietary information with GenAI tools.
- Intellectual Property Migration: Safeguarding against the unintentional transfer of intellectual assets through GenAI tools to your company.
- Generation of Harmful or Offensive Content: Ensuring GenAI tools do not produce content that could harm customers or the company's reputation.
How
Helps:
To navigate these challenges, Prompt Security implements rigorous compliance and governance mechanisms for GenAI tool usage, giving full visibility to IT and Security & Risk Management teams of the use of AI across the organization. We provide comprehensive auditing capabilities to monitor and control GenAI interactions. Our system is designed to detect and either block or alert about any intellectual property data entering or exiting through these tools. Additionally, our platform filters out any potentially offensive or harmful content, ensuring that customer interactions remain safe and respectful, thereby protecting your company's reputation and legal standing.
Toxic, Biased or Harmful Content
AppSec /IT / OWASP (llm09)
A jailbroken Large Language Model (LLM) behaving unpredictably can pose significant risks, potentially endangering an organization, its employees, or customers. The repercussions range from embarrassing social media posts to negative customer experiences, and may even include legal complications. To safeguard against such issues, it’s crucial to implement protective measures.
Key Concerns:
- Toxicity: Preventing harmful or offensive content.
- Bias: Ensuring fair and impartial interactions.
- Racism: Avoiding racially insensitive or discriminatory content.
- Brand Reputation: Maintaining a positive public image.
- Inappropriate Sexual Content: Filtering out unsuitable sexual material.
How
Helps:
Prompt Security scrutinizes every response generated by the LLM powering your applications before it reaches a customer or employee. This ensures all interactions are appropriate and non-harmful. We employ extensive moderation filters covering a broad range of topics, ensuring your customers and employees have a positive experience with your product while maintaining your brand's reputation impeccable.
Jailbreak
AppSec / OWASP (LLM01)
Jailbreaking, a type of Prompt Injection refers to the engineering of prompts to exploit model biases and generate outputs that may not align with their intended behavior, original purpose or established guidelines.
By carefully crafting inputs that exploit system vulnerabilities, the LLM can eventually respond without its usual restrictions or moderation. There have been some notable examples, such as the "DAN" or "multi-shot jailbreaking", where the AI systems responded without their usual constraints.
Key Concerns:
- Brand Reputation: Preventing damage to the organization's public image due to undesired AI behavior.
- Decreased Performance: Ensuring the GenAI application functions as designed, without unexpected deviations.
- Unsafe Customer Experience: Protecting users from potentially harmful or inappropriate interactions with the AI system.
How
Helps:
To mitigate these risks, Prompt Security diligently monitors and analyzes each prompt and response. This continuous scrutiny is designed to detect any attempts of jailbreaking, ensuring that the homegrown GenAI applications remain aligned with their intended operational parameters and exhibit behavior that is safe, reliable, and consistent with organizational standards.
If you want to test the resilience of your GenAI apps against a variety of risks and vulnerabilities, including Jailbreaking, try out the Prompt Fuzzer. It's available to everyone on GitHub.
Indirect Prompt Injection
AppSec / IT / OWASP (llm01)
Indirect Prompt Injection occurs when an LLM processes input from external sources that are under the control of an attacker, such as certain websites or tools. In such cases, the attacker can embed a hidden prompt in the external content, effectively hijacking the conversation's context. This results in the destabilization of the LLM's output, potentially allowing the attacker to manipulate the user or interact with other systems accessible by the LLM. Notably, these indirect prompt injections do not need to be visible or readable by humans, as long as they can be parsed by the LLM. A typical example is a ChatGPT web plugin that could unknowingly process a malicious prompt from an attacker's website, often designed to be inconspicuous to human observers (white font, for instance).
Key Concerns:
- Unauthorized data exfiltration: Extracting sensitive data without permission.
- Remote code execution: Running malicious code through the LLM.
- DDoS (Distributed Denial of Service): Overloading the system to disrupt services.
- Social engineering: Manipulating the LLM to behave differently than planned.
How
Helps:
To combat this, Prompt Security employs a sophisticated AI engine that detects and blocks adversarial prompt injection attempts in real-time, while ensuring minimal latency overhead. In the event of an attempted attack, besides blocking, the platform immediately sends an alert with full logging and visibility.
If you want to test the resilience of your GenAI apps against a variety of risks and vulnerabilities, including Indirect Prompt Injection, try out the Prompt Fuzzer. It's available to everyone on GitHub.
Prompt Security Defends Against GenAI Risks All Around
A complete solution for safeguarding Generative AI at every touchpoint in the organization
Prompt for Homegrown GenAI Apps
Unleash the power of GenAI in your homegrown applications without worrying about AI security risks.
Prompt for Employees
Enable your employees to adopt GenAI tools without worrying about Shadow AI, Data Privacy and Regulatory risks.
Prompt for Developers
Securely integrate AI into development lifecycles without exposing sensitive data and code.
Enterprise-Grade GenAI Security
Fully LLM-Agnostic
Seamless integration into your existing AI and tech stack
Cloud or self-hosted deployment
Trusted by Industry Leaders
Mandy Andress
CISO, Elastic
Dr. Danny Portman
Head of Generative AI, Zeta Global
Dan Klein
Director, Cyber Security Innovation R&D Lead at Accenture Labs & OWASP Core team member for top 10 llm apps
Sharon Schwartzman
CISO at Upstream
Dave Perry
Manager, Digital Workspace Operations at St. Joseph's Healthcare Hamilton
Richard Moore
Security Director at 10x Banking
Time to see for yourself
Learn why companies rely on Prompt Security to protect both their own GenAI applications as well as their employees' Shadow AI usage.