Salesforce has released a comprehensive white paper that details emerging threats posed by Large Language Models (LLMs) and offers actionable strategies for organizations to fortify their defenses.
Why it’s important: The age of AI has ushered in a new wave of security concerns that not only threaten the potential exploitation of sensitive data, but also the overall integrity and trust of the technology. LLMs can be hacked, giving threat actors access to proprietary information, or manipulated to produce harmful content.
Go deeper: As businesses grapple with how to deploy generative AI, whose models often use pre-trained LLMs to create content from text prompts, they must use trust-based strategies to protect themselves. The Salesforce white paper outlines some of the most pressing emerging threats to LLMs and how organizations can protect themselves:
- Prompt injections: Bad actors can manipulate an LLM through malicious insertions within prompts and cause the LLM to act as a “confused deputy” for the attacker. Safeguarding against these threats involves a two-pronged strategy – using machine learning defense strategies to intelligently detect and prevent malicious insertions, and using heuristic, learning-based strategies to safeguard against potential threats to prompts, such as deny list-based filtering and instruction defense.
- Training data poisoning: Attackers can manipulate training data or fine-tuning procedures of an LLM. Companies can protect against this by checking that training data inputted does not contain poisoned information, such as malicious code payloads, which could compromise the model’s security and effectiveness, or lead to privacy violations and other security breaches.
- Supply chain vulnerabilities: Vulnerabilities can affect the entire application lifestyle, including traditional third-party libraries/packages, docker containers, base images, and service suppliers. Organizations can guard against these by ensuring that every part of the lifestyle meets the company’s established security standards. And, they must ensure all components pass the company’s internal security review process before they are incorporated into products.
- Model theft: Only authenticated and authorized clients should be able to access a company’s LLM. This prevents actors from compromising, physically stealing, and copying proprietary models. Businesses can also adopt measures such as requiring Just in Time (JIT) credentials, Multi-Factor Authentication (MFA), strong audit trails, and logging to prevent model theft.
- Safe training grounds: Companies should hold the training environments — controlled settings where AI systems can learn and improve their capabilities — to the same security standards as the data environment itself. This is especially important as companies increasingly view training environments as a development environment and treat them with less security.
Salesforce perspective: “As generative AI and its many capabilities rapidly evolve, it’s crucial for organizations to stay ahead of potential security risks that the deployment of LLMs can bring to the forefront. With more than a decade of expertise in AI, and with trust as our number one value, Salesforce has both the expertise and commitment to provide our customers, partners, and the entire ecosystem with the tools and resources needed to navigate the changing landscape and mitigate risks.” – Sri Srinivasan, Senior Director, Information Security
With more than a decade of expertise in AI, and with trust as our number one value, Salesforce has both the expertise and commitment to provide our customers, partners, and the entire ecosystem with the tools and resources needed to navigate the changing landscape and mitigate risks.
– Sri Srinivasan, Senior Director, Information Security
Zoom out: The White House is also urging companies to ramp up safety efforts to prevent dangerous misuse of LLMs through the AI Executive Order and voluntary commitments for advancing safe and trustworthy AI.
Explore further:
- Read the full LLM risks white paper here
- Review Salesforce’s AI Acceptable Use Policy
- Learn why trusted AI needs a human at the helm
- Get the latest details on Salesforce’s Einstein 1 Studio, a set of low-code tools that enables Salesforce admins and developers to customize Einstein Copilot