Overview
Syllabus
- Agenda
- Questions People Ask on LLM Security
- Cyber Security Risks of LLM Applications
- Jailbreaks vs Prompt Injections
- Prompt Attacks
- Document Attacks Direct and Indirect Prompt Injection
- Data Exfiltration Demo
- LLM Agents ReAct, Tools, Function Calling
- Prompt Injection Demo Against LLM Browser Agent Taxy AI
- Prompt Injection Demo Against Coding Agent Open Devin/Hands
- Why Is This Hard to Fix?
- Battle Tested Ways to Secure LLM Applications/Agents
- Links WithSecure Consulting Research, CTF Challenges
Taught by
Donato Capitella