The SANS course, SEC545TM: GenAI and LLM Application SecurityTM is designed to address the growing security challenges associated with generative artificial intelligence (GenAI), a technology poised to disrupt industries and automate many tasks, significantly boosting efficiency. As adoption accelerates over the coming years, security concerns are expected to emerge rapidly. This course focuses on current security issues tied to implementing GenAI applications while anticipating future use cases and the accompanying security challenges.
The class covers a diverse set of technologies involved in generative AI applications, along with the critical security concerns that demand attention.
We begin by diving into prompt injection attacks targeting large language models (LLMs), exploring how these attacks work and examining various strategies to defend against them effectively. Through hands-on labs, participants will engage with a variety of models and deployment methods. The course includes working with OpenAI’s models, experimenting with Llama3 hosted on AWS Bedrock, as well as running local models using Ollama, providing a comprehensive understanding of the different model's deployment methods.
In the class, we will build a comprehensive GenAI application comprising a frontend, a backend, and a Weaviate vector database pre-loaded with knowledge. The application will be deployed on a Kubernetes EKS cluster, providing a real-world example with scalable deployment architectures.
After understanding how the vector database powers the application, we will explore potential attack vectors targeting the database, examining how these can compromise the integrity of the stored information.
Taking it further, we will enhance our GenAI application by integrating ‘agents.’ These agents will significantly expand the application’s capabilities by enabling interactions with the external world to perform tasks. We will also analyze how vulnerabilities in the logic controlling these agents could lead to severe breaches, especially when agents are granted elevated access levels.
Understanding the risks associated with GenAI applications early on positions us to proactively address vulnerabilities before they become widespread issues. This foresight enables us to predict emerging security challenges and develop robust defenses ahead of time. As the industry continues to evolve, the SEC545 course will adapt and expand to tackle new threats, ensuring participants remain at the forefront of securing innovative AI technologies.
Enroll in the Beta version of the new SEC545: GenAI and LLM Application Security to gain the skills and hands-on experience you need to protect your organization’s AI tech from evolving threats. Sign up for the SEC545 course today!
