Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hacking and Securing LLM Applications - Understanding Browser Control Security Risks

Donato Capitella via YouTube

Overview

Explore a comprehensive 40-minute conference talk from DeepSec 2024 that examines the security implications and potential risks of giving Large Language Models (LLMs) autonomous control over systems. Learn about the vulnerabilities in autonomous browser and software engineering agents, understand the mechanics of LLM agents, and discover how attackers can exploit these systems through indirect prompt injection. Through practical demonstrations, including attacks on browser agents and coding assistants, gain insights into data exfiltration techniques and the challenges of securing LLM applications. Master battle-tested security strategies for protecting LLM-powered systems, with access to additional resources including CTF challenges, research articles, and insights from leading LLM security experts. The presentation includes detailed demonstrations, real-world examples, and practical mitigation strategies for developers and security professionals working with LLM applications.

Syllabus

- Agenda
- Questions People Ask on LLM Security
- Cyber Security Risks of LLM Applications
- Jailbreaks vs Prompt Injections
- Prompt Attacks
- Document Attacks Direct and Indirect Prompt Injection
- Data Exfiltration Demo
- LLM Agents ReAct, Tools, Function Calling
- Prompt Injection Demo Against LLM Browser Agent Taxy AI
- Prompt Injection Demo Against Coding Agent Open Devin/Hands
- Why Is This Hard to Fix?
- Battle Tested Ways to Secure LLM Applications/Agents
- Links WithSecure Consulting Research, CTF Challenges

Taught by

Donato Capitella

Reviews

Start your review of Hacking and Securing LLM Applications - Understanding Browser Control Security Risks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.