Let’s Talk

The Emerging Risk – LLM Security

By Red Marble AI

July 2024

How secure is your LLM?
What measures can you take to enhance security?

Large Language Models (LLMs) offer huge potential but have a number of security challenges. Protecting against threats like data poisoning, model evasion, prompt injection as well as inappropriate use, is important to maintain LLM integrity and trustworthiness in business applications.

Red Marble AI recently collaborated with cybersecurity experts Kode-1 to evaluate the effectiveness of our LLM guardrails against a simulated attack with a range of LLM threat vectors, a process known as “red teaming”.

Key Concepts

Our test LLM was an AWS Bedrock-based instance of Mistral Large, a test instance of one of our client models. We implemented custom guardrails including input/output filters and graduated responses to counter threats such as prompt injections, data leakage, and adversarial attacks. This approach aimed to balance defence with performance, addressing the security concerns inherent in enterprise LLM deployment while maintaining a suitable level of usability.

Deep Dive

We implemented several defensive strategies to protect our LLM. These included rate limitations to prevent Distributed Denial of Service (DDoS) attacks and request size validation to prevent buffer overflow exploits. Additionally, conversation states were stored on both client and server sides to prevent session hijacking and message injection. Input validation was also enforced, allowing only a restricted ASCII character set to reduce the attack surface. Utilising both rules-based and LLM-based filters to screen incoming messages, we also applied 2 natural language classifiers to ensure requests and generated messages are within the defined scope of the specific use-case.

Setup & Testing

Having implemented the security measures to the Mistral Large model, the “red team” conducted simulated attacks to evaluate the resilience of the defensive systems. This included assessing request size validation and rate limitation mechanisms through the transmission of large payloads and high-frequency requests, respectively, and attempts to hijack the session. Additionally, the team conducted tests using malformed requests and rigorously examined both input and output filters through simulated benign and malicious interactions. Together, we quantified the effectiveness of each of the defence measures based on the system response time and the precision of threat detection algorithms.

Hitting the limits

All of these tests were run using either purpose built prompts or phrases from the Massively Multitask Language Understanding (MMLU) dataset, a common benchmark to evaluate LLMs across a wide range of tasks and knowledge domains.

Our guardrails significantly enhanced security, passing all test cases. However, the security came at a cost in terms of performance. Each guardrail increased latency by 1.5-2 seconds per query. For time-sensitive applications like customer service chatbots, this can impact user experience – a single guardrail may be a better balance of security and efficiency. In less time-sensitive scenarios, such as data analysis tasks, dual guardrails offer maximum protection with acceptable performance trade-offs.

What’s next?

We will continue to run “red teaming” exercises on both internal and client models, and will refine existing guardrails in our standard architecture. We aim to develop adaptive and real-time defense mechanisms which can evolve with emerging threats. Our collaboration with other industry partners will continue with a focus on creating efficient and context-aware security measures. These aim to maintain protection, while minimising performance impact, to ensure that LLMs remain secure and effective across various business applications.

What’s the verdict?

The exercise was useful in confirming the security of the target LLM, but we saw the performance cost. Model security is critical for preventing misuse and ensuring safe AI deployment in business environments, and maintaining stakeholder trust in AI systems. Red Marble will continue to partner with Kode-1 for “red teaming” tests on other LLM deployments.

We appreciate your interest and look forward to sharing more with you!

Let’s Talk

Keep reading

cost fine tuning LLM redmarble
Research Briefs
June 2024
The Cost of Fine Tuning an LLM
Research Briefs
May 2024
Gemini 1.5 Pro for Contract Analysis – Research From The Lab
Research Briefs
May 2024
Fine Tuning Mistral 7B with Own Data
An Update on AI Agents - AI Research From The Lab - Red Marble AI
Research Briefs
December 2023
An Update on AI Agents – AI Research From The Lab
OpenAI for Docket Recognition - AI Research From The Lab - Red Marble AI
Research Briefs
November 2023
OpenAI for Docket Recognition – AI Research From The Lab
AI-Generated Video - AI Research From The Lab - Red Marble AI
Research Briefs
October 2023
AI-Generated Video – AI Research From The Lab
Fine-Tuning GPT-3.5 Turbo - AI Research From The Lab - Red Marble AI
Research Briefs
September 2023
Fine-Tuning GPT-3.5 Turbo – AI Research From The Lab
12 steps to responsible ai
AI Governance
August 2023
12 steps to Responsible Al
Audiocraft AI Music Generation - AI Research From The Lab - Red Marble AI
Research Briefs
August 2023
Audiocraft AI Music Generation – AI Research From The Lab
GPT4all - AI Research From The Lab - Red Marble AI
Research Briefs
July 2023
GPT4all – AI Research From The Lab
Emerging LLMs - AI Research From The Lab - Red Marble AI
Research Briefs
July 2023
Emerging LLMs – AI Research From The Lab
AI-Powered Autonomous Agents - AI Research From The Lab - Red Marble AI
Research Briefs
July 2023
AI-Powered Autonomous Agents – AI Research From The Lab
AI Regulatory Update
AI Governance
July 2023
#3 AI Regulatory Update – UK
AI Regulatory Update
AI Governance
July 2023
#4 AI Regulatory Update – Singapore
AI Regulatory Update
AI Governance
July 2023
#5 AI Regulatory Update – China
descrimination in ai
AI Governance
February 2023
Addressing Bias and Discrimination in AI Systems
The Quiet AI revolution in Heavy Industries -Red Marble AI
AI Strategy
November 2021
How to drive efficiency and improve profitability by focusing on back office operations
Red Marble Construction Language Research project
AI in Construction
October 2021
How a site conversation could change construction
The AI Revolution is here - Red Marble AI whitepaper
AI in Business
September 2021
Construction in 2025: The AI Revolution is here
AI
August 2021
Top Reads on AI for Business Leaders
AI in Construction
July 2021
What the construction industry can learn from Amazon
AI Strategy
June 2021
Sifting the noise: what do Nobel-prize winning author’s new book and AI have in common
AI in Business
June 2021
Chiseling the margins: how AI can make construction contracts more profitable
AI in Business
November 2020
What makes a good AI product? What elements do we look for to predict commercial success?
AI
September 2020
COVID-normal, powered by AI technology: the perfect storm
AI
August 2020
How AI can augment prediction and human decision making
AI
August 2020
What IS GPT-3? And why do you need to know?
AI Strategy
July 2020
Hyper-personalisation: the secret to “one-to-one” communication
AI
July 2020
Behind the five types of AI
Experiments with Red Marble AI
AI Strategy
June 2020
Post-COVID hack: Driving user adoption of digital technologies with AI
AI in Business
June 2020
AI helping sports get back on their feet
AI in Business
June 2020
How can AI help businesses better recover from COVID-19?
AI
May 2020
Six key questions towards Ethical AI
AI in Business
April 2020
The Proximity Pal journey