Advanced AI Security: Understanding and Mitigating Risks in LLM and GenAI

Advanced AI Security: Understanding and Mitigating Risks in LLM and GenAI Training by Tonex

This intensive 2-day course is designed to provide technical professionals and senior architects with a comprehensive understanding of the security risks associated with Large Language Models (LLMs) and Generated Artificial Intelligence (GenAI). Participants will delve into the vulnerabilities inherent in LLMs and GenAI systems, explore threat modeling techniques, and gain practical insights into mitigation strategies. By demystifying the workings of LLMs and GenAI, attendees will be equipped with the knowledge and tools necessary to effectively address security challenges in AI-driven environments.

Learning Objectives:

• Understand the unique security risks posed by LLMs and GenAI.
• Learn techniques for threat modeling in LLM and GenAI systems.
• Demystify the functioning of LLMs and identify associated threats.
• Demystify the operation of GenAI systems and recognize potential threats.
• Explore mitigation strategies for addressing LLM and GenAI vulnerabilities.
• Gain proficiency in implementing OWASP Top 10 security practices in LLM environments.

Audience:

Technical professionals, including software engineers, cybersecurity specialists, and senior architects, who are involved in designing, developing, or securing AI systems. Participants should have a foundational understanding of artificial intelligence concepts and cybersecurity principles.

Course Outlines:

Day 1: Understanding LLM Vulnerabilities and Threat Modeling

• Introduction to Large Language Models (LLMs)
• Risks and security challenges in LLMs
• Threat modeling methodologies for LLM systems
• Identifying common vulnerabilities in LLM architectures
• Case studies and real-world examples of LLM security incidents
• Hands-on threat modeling exercises for LLM systems

Day 2: Exploring GenAI Threats and Mitigation Strategies

• Overview of Generated Artificial Intelligence (GenAI)
• Demystifying the operation of GenAI systems
• Threat landscape for GenAI applications
• Mitigation strategies for GenAI vulnerabilities
• Implementation of OWASP Top 10 security practices in LLM environments
• Best practices for securing AI-powered applications
• Case studies and real-world examples of GenAI security incidents
• Hands-on threat modeling exercises for GenAI systems

Delivery Format:

The course will be delivered through a combination of lectures, interactive discussions, hands-on exercises, and case studies. Participants will have the opportunity to engage with industry experts and collaborate with peers to deepen their understanding of AI security concepts and practices. Threat modeling exercises will be incorporated throughout the course to provide practical experience in assessing and mitigating security risks in LLM and GenAI systems.

• Threats and risks associated with LLMs,
• Prompt injection
• Insecure Output Handling
• Training Data Poisoning
• Supply Chain vulnerabilities
• Insecure Plugin Design
• Overreliance
• Model-Theft
• Excessive Agency
• Model Denial of Service
• Leverage GenAI Security Best Practices & Frameworks

Case Study: Google Secure AI framework (SAIF)

• Overview of Best Practices
• Proactive threat detection and response for LLMs
• Leveraging threat intelligence, and automating defenses against LLM threats.
• Platform security controls to ensure consistency
• Enforcing least privilege permissions for LLM usage and development.
• Adaptation of application security controls to LLM-specific threats and risks
• Feedback loop when deploying and releasing LLM applications.
• Contextualize AI risks in surrounding business processes.

Workshop 1: AI Risk Management Program

• Reduce AI Data Pipeline Attack Surface & LLM Data Validation
• Protecting the AI data pipeline
• Threat Management and Least Privilege
• LLM Application Security
• GenAI security controls
• Targeting GenAI-associated risks and threats
• Governance oversight

Workshop 2: Analyzing Threats and risks associated with LLMs/GenAI

• Prompt injection
• Insecure Output Handling
• Training Data Poisoning
• Supply Chain vulnerabilities
• Insecure Plugin Design
• Overreliance
• Model-Theft
• Excessive Agency
• Model Denial of Service

Workshop 3: LLM/GenAI Threat Modeling Maps

• Weakness and Vulnerability Analysis (WVA)
• Categorizing Threats with STRIDE
• STRIDE Threat Categorization
• Categorizing Threats with DREAD
• Process for Attack Simulation and Threat Analysis (PASTA)
• Common Attack Pattern Enumeration and Classification (CAPEC)
• Common Vulnerability Scoring System (CVSS)

Request More Information

• Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

  * Indicates required fields

• Name*
  First Last
• Email*
• • Country Code
    USA +1ALB +355ALG +213ASA +1-684AND +376ANG +244AIA +1-264ROS +672ATG +1-268ARG +54ARM +374ARU +297AUS +61AUT +43AZE +994BAH +1-242BHR +973BAN +880BRB +1-246BLR +375BEL +32BLZ +501BEN +229BER +1-441BHU +975BOL +591ANT +599BIH +387BOT +267BRA +55VGB +1-284BRU +673BUL +359BFA +226BDI +257CPV +238CAM +855CMR +237CAN +1CAY +1-345CTA +236CHA +235CHI +56CHN +86HKG +852MAC +853CXR +61CCK +61COL +57COM +269CGO +242COK +682CRC +506CRO +385CUB +53CYP +357CZE +420CIV +225PRK +850COD +243DEN +45DJI +253DMA +1-767DOM +1-809ECU +593EGY +20SLV +503EQG +240ERI +291EST +372SWZ +268ETH +251FLK +500FRO +298FIJ +679FIN +358FRA +33GUF +594TAH +689GAB +241GAM +220GEO +995GER +49GHA +233GBZ +350GRE +30GRL +299GRN +1-473GLP +590GUM +1-671GUA +502GBG +44GUI +224GNB +245GUY +592HAI +509VAT +39-06HON +504HUN +36ISL +354IND +91IDN +62IRN +98IRQ +964IRL +353GBM +44ISR +972ITA +39JAM +1-876JPN +81GBJ +44JOR +962KAZ +7KEN +254KIR +686KUW +965KGZ +996LAO +856LVA +371LIB +961LES +266LBR +231LBY +218LIE +423LTU +370LUX +352MAD +261MWI +265MAS +60MDV +960MLI +223MLT +356MHL +692MTQ +596MTN +222MRI +230MYT +262MEX +52FSM +691MON +377MNG +976MNE +382MSR +1-664MAR +212MOZ +258MDA (+373)MYA +95NAM +264NRU +674NEP +977NED +31NCL +687NZL +64NCA +505NIG +227NGA +234NIU +683NFK +672NMI +1-670NOR +47OMA +968PAK +92PLW +680PAN +507PNG +675PAR +595PER +51PHI +63PCN +870POL +48POR +351PUR +1QAT +974KOR +82MDA +373ROU +40RUS +7RWA +250REU +262SHN +290SKN +1-869LCA +1-758SPM +508VIN +1-784SAM +685SMR +378STP +239KSA +966SEN +221SRB +381SEY +248SLE +232SIN +65SVK +421SVN +386SOL +677SOM +252RSA +27ESP +34SRI +94PLE +970SUD +249SUR +597SWE +46SUI +41SYR +963TJK +992THA +66MKD +389TLS +670TOG +228TKL +690TGA +676TRI +1-868TUN +216TUR +90TKM +993TCA +1-649TUV +688UGA +256UKR +380UAE +971ENG,NIR,SCO,WAL +44TAN +255VIR +1-340URU +598UZB +998VAN +678VEN +58VIE +84WLF +681SAH +212YEM +967ZAM +260ZIM +263ALD +358
• • Phone
• Company Name*
• Title / Position
• Location
  City State / Province / Region AfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCambodiaCameroonCanadaCape VerdeCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos IslandsColombiaComorosCongo, Democratic Republic of theCongo, Republic of theCook IslandsCosta RicaCroatiaCubaCuraçaoCyprusCzech RepublicCôte d'IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatini (Swaziland)EthiopiaFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard and McDonald IslandsHoly SeeHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacauMacedoniaMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth KoreaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestine, State ofPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRussiaRwandaRéunionSaint BarthélemySaint HelenaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth GeorgiaSouth KoreaSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan Mayen IslandsSwedenSwitzerlandSyriaTaiwanTajikistanTanzaniaThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkeyTurkmenistanTurks and Caicos IslandsTuvaluUS Minor Outlying IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesUruguayUzbekistanVanuatuVenezuelaVietnamVirgin Islands, BritishVirgin Islands, U.S.Wallis and FutunaWestern SaharaYemenZambiaZimbabweÅland Islands Country
• Training Information for:*
  • Individual
  • Group
• Your Request:
  Please send me more information about Advanced AI Security: Understanding and Mitigating Risks in LLM and GenAI
• How did you learn about Tonex Training?
• CAPTCHA
• Comments
  This field is for validation purposes and should be left unchanged.

Δ