Practical AI

Threat modeling LLM apps

Aug 22, 2024

Donato Capitella, Principal Security Consultant at WithSecure, specializes in threat modeling for AI applications. He discusses the critical need for threat modeling in the context of large language models (LLMs) and shares insights on vulnerabilities, such as prompt injection risks. Donato emphasizes the importance of validating outputs to maintain trustworthiness and explores innovative strategies for secure integration in AI systems. The conversation also touches on the exciting future of LLM technology and the role of ethical hackers in enhancing cybersecurity.

54:38

Creator website

Episode guests

Donato Capitella

AI Summary

Highlights

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The podcast emphasizes the need for effective security measures in implementing large language models to mitigate risks associated with user input and output validation.

Donato discusses his practical experience with threat modeling AI applications, highlighting the importance of proactive monitoring and alignment in ensuring ongoing safety.

Deep dives

Advancements in Speech AI Models

Assembly AI is making significant strides in developing advanced speech AI models that enable the transformation of voice data into actionable insights. These models facilitate tasks such as speech-to-text, speaker identification, and content summarization, which are essential for developers looking to harness voice data effectively. With features like entity recognition and personal identifiable information maskings, developers can extract critical information from voice recordings and streamline their applications efficiently. The user-friendly API provided by Assembly AI allows for easy integration into various applications, promoting innovation and productivity in the tech landscape.

Security Lies in Usage, Not Tools

01:13

Bigger Models, Bigger Risks

01:07

Secure the Output, Fortify the Input

04:49

Different Problems Require Different Approaches

01:57

Intro

4min

Securing Gen.AI: Threat Modeling and Best Practices

18min

Understanding LLM Vulnerabilities and Prompt Injection Risks

3min

Validating Large Language Models: Ensuring Trustworthiness

15min

Understanding Threat Modeling in LLM Applications

4min

Navigating LLM Validation and Cybersecurity

7min

Exploring the Future of LLM Technology and Its Impact on Communication and Security

4min

If you have questions at the intersection of Cybersecurity and AI, you need to know Donato at WithSecure! Donato has been threat modeling AI applications and seriously applying those models in his day-to-day work. He joins us in this episode to discuss his LLM application security canvas, prompt injections, alignment, and more.

Join the discussion

Changelog++ members save 9 minutes on this episode because they made the ads disappear. Join today!

Sponsors:

Assembly AI – Turn voice data into summaries with AssemblyAI’s leading Speech AI models. Built by AI experts, their Speech AI models include accurate speech-to-text for voice data (such as calls, virtual meetings, and podcasts), speaker detection, sentiment analysis, chapter detection, PII redaction, and more.
Porkbun – Go to porkbun.com to get .app, .dev, or .foo domain names at Porkbun for only $1 for the first year!
Changelog News – A podcast+newsletter combo that’s brief, entertaining & always on-point. Subscribe today.

Featuring:

Donato Capitella – Website
Daniel Whitenack – Website, GitHub, X

Show Notes:

Something missing or broken? PRs welcome!

★ Support this podcast ★

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Practical AI

Threat modeling LLM apps

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Advancements in Speech AI Models

Opportunities from Vast Voice Data

Navigating Security Concerns with LLMs

The Continuous Evolution of AI Security

Security Lies in Usage, Not Tools

Bigger Models, Bigger Risks

Secure the Output, Fortify the Input

Different Problems Require Different Approaches

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Practical AI

Threat modeling LLM apps

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Advancements in Speech AI Models

Opportunities from Vast Voice Data

Navigating Security Concerns with LLMs

The Continuous Evolution of AI Security

Security Lies in Usage, Not Tools

Bigger Models, Bigger Risks

Secure the Output, Fortify the Input

Different Problems Require Different Approaches

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights