A podcast about web design and development.
…
continue reading
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to ITSPmagazine Podcast Network
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to Catalyst, the Launch by NTT DATA Podcast. Catalyst is an ongoing discussion for digital leaders dissatisfied with the status quo and optimistic about what’s possible through smart technology and great people. In this studio we believe in shipping software over slideware, that fast will follow smooth, and aiming to create digital experiences that move millions is a worthy pursuit.
…
continue reading
"web3 with a16z" is a show about the next generation of the internet, and about how builders and users -- whether artists, coders, creators, developers, companies, organizations, or communities -- now have the ability to not just "read" (web1) + "write" (web2) but "own" (web3) pieces of the internet, unlocking a new wave of creativity and entrepreneurship. Brought to you by a16z crypto, this show is the definitive resource for understanding and going deeper on all things crypto and web3. Fro ...
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Become the best software developer you can be
…
continue reading
The Vergecast is the flagship podcast from The Verge about small gadgets, Big Tech, and everything in between. Every Friday, hosts Nilay Patel, David Pierce, and Alex Cranz hang out and make sense of the week’s most important technology news. And every Tuesday, David leads a selection of The Verge’s expert staffers in an exploration of how gadgets and software affect our lives – and which ones you should bring into yours.
…
continue reading
Tom Merritt, Sarah Lane and the team help you stay up to date with independent, authoritative and trustworthy tech news. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Embedded is the show for people who love gadgets. Making them, breaking them, and everything in between. Weekly interviews with engineers, educators, and enthusiasts. Find the show, blog, and more at embedded.fm.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
OWASP Top 10 For Large Language Models: Project Update | An OWASP 2024 Global AppSec San Francisco Conversation with Steve Wilson | On Location Coverage with Sean Martin and Marco Ciappelli
Manage episode 435236785 series 1535672
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead, OWASP Top 10 for Larage Language Model Applications [@owasp]
On LinkedIn | https://www.linkedin.com/in/wilsonsd/
On Twitter | https://x.com/virtualsteve
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
In this episode of the Chat on the Road On Location series for OWASP AppSec Global in San Francisco, Sean Martin hosts a compelling conversation with Steve Wilson, Project Lead for the OWASP Top 10 for Large Language Model AI Applications. The discussion, as you might guess, centers on the OWASP Top 10 list for Large Language Models (LLMs) and the security challenges associated with these technologies. Wilson highlights the growing relevance of AppSec, particularly with the surge in interest in AI and LLMs.
The conversation kicks off with an exploration of the LLM project that Wilson has been working on at OWASP, aimed at presenting an update on the OWASP Top 10 for LLMs. Wilson emphasizes the significance of prompt injection attacks, one of the key concerns on the OWASP list. He explains how attackers can craft prompts to manipulate LLMs into performing unintended actions, a tactic reminiscent of the SQL injection attacks that have plagued traditional software for years. This serves as a stark reminder of the need for vigilance in the development and deployment of LLMs.
Supply chain risks are another critical issue discussed. Wilson draws parallels to the Log4j incident, stressing that the AI software supply chain is currently a weak link. With the rapid growth of platforms like Hugging Face, the provenance of AI models and training datasets becomes a significant concern. Ensuring the integrity and security of these components is paramount to building robust AI-driven systems.
The notion of excessive agency is also explored—a concept that relates to the permissions and responsibilities assigned to LLMs. Wilson underscores the importance of limiting the scope of LLMs to prevent misuse or unauthorized actions. This point resonates with traditional security principles like least privilege but is recontextualized for the AI age. Overreliance on LLMs is another topic Martin and Wilson discuss.
The conversation touches on how people can place undue trust in AI outputs, leading to potentially hazardous outcomes. Ensuring users understand the limitations and potential inaccuracies of LLM-generated content is essential for safe and effective AI utilization.
Wilson also provides a preview of his upcoming session at the OWASP AppSec Global event, where he plans to share insights from the ongoing work on the 2.0 version of the OWASP Top 10 for LLMs. This next iteration will address how the field has matured and new security considerations that have emerged since the initial list.
Be sure to follow our Coverage Journey and subscribe to our podcasts!
____________________________
This Episode’s Sponsors
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
____________________________
Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt
Be sure to share and subscribe!
____________________________
Resources
OWASP Top 10 for Large Language Models: Project Update: https://owasp2024globalappsecsanfra.sched.com/event/1g3YF/owasp-top-10-for-large-language-models-project-update
Safeguarding Against Malicious Use of Large Language Models: A Review of the OWASP Top 10 for LLMs | A Conversation with Jason Haddix | Redefining CyberSecurity with Sean Martin: https://itsprad.io/redefining-cybersecurity-190
OWASP LLM AI Security & Governance Checklist: Practical Steps To Harness the Benefits of Large Language Models While Minimizing Potential Security Risks | A Conversation with Sandy Dunn | Redefining CyberSecurity Podcast with Sean Martin: https://itsprad.io/redefiningcybersecurity-287
Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://itsprad.io/redefining-cybersecurity-208
Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
1111 episodes
Share
Manage episode 435236785 series 1535672
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Guest: Steve Wilson, Chief Product Officer, Exabeam [@exabeam] & Project Lead, OWASP Top 10 for Larage Language Model Applications [@owasp]
On LinkedIn | https://www.linkedin.com/in/wilsonsd/
On Twitter | https://x.com/virtualsteve
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
In this episode of the Chat on the Road On Location series for OWASP AppSec Global in San Francisco, Sean Martin hosts a compelling conversation with Steve Wilson, Project Lead for the OWASP Top 10 for Large Language Model AI Applications. The discussion, as you might guess, centers on the OWASP Top 10 list for Large Language Models (LLMs) and the security challenges associated with these technologies. Wilson highlights the growing relevance of AppSec, particularly with the surge in interest in AI and LLMs.
The conversation kicks off with an exploration of the LLM project that Wilson has been working on at OWASP, aimed at presenting an update on the OWASP Top 10 for LLMs. Wilson emphasizes the significance of prompt injection attacks, one of the key concerns on the OWASP list. He explains how attackers can craft prompts to manipulate LLMs into performing unintended actions, a tactic reminiscent of the SQL injection attacks that have plagued traditional software for years. This serves as a stark reminder of the need for vigilance in the development and deployment of LLMs.
Supply chain risks are another critical issue discussed. Wilson draws parallels to the Log4j incident, stressing that the AI software supply chain is currently a weak link. With the rapid growth of platforms like Hugging Face, the provenance of AI models and training datasets becomes a significant concern. Ensuring the integrity and security of these components is paramount to building robust AI-driven systems.
The notion of excessive agency is also explored—a concept that relates to the permissions and responsibilities assigned to LLMs. Wilson underscores the importance of limiting the scope of LLMs to prevent misuse or unauthorized actions. This point resonates with traditional security principles like least privilege but is recontextualized for the AI age. Overreliance on LLMs is another topic Martin and Wilson discuss.
The conversation touches on how people can place undue trust in AI outputs, leading to potentially hazardous outcomes. Ensuring users understand the limitations and potential inaccuracies of LLM-generated content is essential for safe and effective AI utilization.
Wilson also provides a preview of his upcoming session at the OWASP AppSec Global event, where he plans to share insights from the ongoing work on the 2.0 version of the OWASP Top 10 for LLMs. This next iteration will address how the field has matured and new security considerations that have emerged since the initial list.
Be sure to follow our Coverage Journey and subscribe to our podcasts!
____________________________
This Episode’s Sponsors
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
____________________________
Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt
Be sure to share and subscribe!
____________________________
Resources
OWASP Top 10 for Large Language Models: Project Update: https://owasp2024globalappsecsanfra.sched.com/event/1g3YF/owasp-top-10-for-large-language-models-project-update
Safeguarding Against Malicious Use of Large Language Models: A Review of the OWASP Top 10 for LLMs | A Conversation with Jason Haddix | Redefining CyberSecurity with Sean Martin: https://itsprad.io/redefining-cybersecurity-190
OWASP LLM AI Security & Governance Checklist: Practical Steps To Harness the Benefits of Large Language Models While Minimizing Potential Security Risks | A Conversation with Sandy Dunn | Redefining CyberSecurity Podcast with Sean Martin: https://itsprad.io/redefiningcybersecurity-287
Hacking Humans Using LLMs with Fredrik Heiding: Devising and Detecting Phishing: Large Language Models vs. Smaller Human Models | Las Vegas Black Hat 2023 Event Coverage | Redefining CyberSecurity Podcast With Sean Martin and Marco Ciappelli: https://itsprad.io/redefining-cybersecurity-208
Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
1111 episodes
All episodes
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to ITSPmagazine Podcast Network
A podcast about web design and development.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Welcome to Catalyst, the Launch by NTT DATA Podcast. Catalyst is an ongoing discussion for digital leaders dissatisfied with the status quo and optimistic about what’s possible through smart technology and great people. In this studio we believe in shipping software over slideware, that fast will follow smooth, and aiming to create digital experiences that move millions is a worthy pursuit.
…
continue reading
"web3 with a16z" is a show about the next generation of the internet, and about how builders and users -- whether artists, coders, creators, developers, companies, organizations, or communities -- now have the ability to not just "read" (web1) + "write" (web2) but "own" (web3) pieces of the internet, unlocking a new wave of creativity and entrepreneurship. Brought to you by a16z crypto, this show is the definitive resource for understanding and going deeper on all things crypto and web3. Fro ...
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Become the best software developer you can be
…
continue reading
The Vergecast is the flagship podcast from The Verge about small gadgets, Big Tech, and everything in between. Every Friday, hosts Nilay Patel, David Pierce, and Alex Cranz hang out and make sense of the week’s most important technology news. And every Tuesday, David leads a selection of The Verge’s expert staffers in an exploration of how gadgets and software affect our lives – and which ones you should bring into yours.
…
continue reading
Tom Merritt, Sarah Lane and the team help you stay up to date with independent, authoritative and trustworthy tech news. Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Embedded is the show for people who love gadgets. Making them, breaking them, and everything in between. Weekly interviews with engineers, educators, and enthusiasts. Find the show, blog, and more at embedded.fm.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
