Osoby które kupowały "The Developer's Playbook for Large Language Model Security", wybierały także:

• Unlocking Data with Generative AI and RAG. Enhance Generative AI systems by integrating internal data with Large Language Models using RAG 115,00 zÅ‚, (29,90 zÅ‚ -74%)
• UX for Enterprise ChatGPT Solutions. A practical guide to designing enterprise-grade LLMs 115,00 zÅ‚, (29,90 zÅ‚ -74%)
• Generative AI-Powered Assistant for Developers. Accelerate software development with Amazon Q Developer 99,67 zÅ‚, (29,90 zÅ‚ -70%)
• Sztuczna inteligencja w kreowaniu warto 49,67 zÅ‚, (14,90 zÅ‚ -70%)
• Artificial Intelligence for Students 89,49 zÅ‚, (34,90 zÅ‚ -61%)

Spis treści

The Developer's Playbook for Large Language Model Security eBook -- spis treści

• Preface
  • Who Should Read This Book
  • Why I Wrote This Book
  • Navigating This Book
    • Section 1: Laying the Foundation (Chapters 13)
    • Section 2: Risks, Vulnerabilities, and Remediations (Chapters 49)
    • Section 3: Building a Security Process and Preparing for the Future (Chapters 1012)
  • Conventions Used in This Book
  • OReilly Online Learning
  • How to Contact Us
  • Acknowledgments
• 1. Chatbots Breaking Bad
  • Lets Talk About Tay
  • Tays Rapid Decline
  • Why Did Tay Break Bad?
  • Its a Hard Problem
• 2. The OWASP Top 10 for LLM Applications
  • About OWASP
  • The Top 10 for LLM Applications Project
    • Project Execution
    • Reception
    • Keys to Success
  • This Book and the Top 10 List
• 3. Architectures and Trust Boundaries
  • AI, Neural Networks, and Large Language Models: Whats the Difference?
  • The Transformer Revolution: Origins, Impact, and the LLM Connection
    • Origins of the Transformer
    • Transformer Architectures Impact on AI
  • Types of LLM-Based Applications
  • LLM Application Architecture
    • Trust Boundaries
    • The Model
      • Public APIs: The convenience and the risks
      • Privately hosted models: More control, different risks
      • Risk considerations
    • User Interaction
    • Training Data
    • Access to Live External Data Sources
    • Access to Internal Services
  • Conclusion
• 4. Prompt Injection
  • Examples of Prompt Injection Attacks
    • Forceful Suggestion
    • Reverse Psychology
    • Misdirection
    • Universal and Automated Adversarial Prompting
  • The Impacts of Prompt Injection
  • Direct Versus Indirect Prompt Injection
    • Direct Prompt Injection
    • Indirect Prompt Injection
    • Key Differences
  • Mitigating Prompt Injection
    • Rate Limiting
    • Rule-Based Input Filtering
    • Filtering with a Special-Purpose LLM
    • Adding Prompt Structure
    • Adversarial Training
    • Pessimistic Trust Boundary Definition
  • Conclusion
• 5. Can Your LLM Know Too Much?
  • Real-World Examples
    • Lee Luda
    • GitHub Copilot and OpenAIs Codex
  • Knowledge Acquisition Methods
  • Model Training
    • Foundation Model Training
    • Security Considerations for Foundation Models
    • Model Fine-Tuning
    • Training Risks
  • Retrieval-Augmented Generation
    • Direct Web Access
      • Scraping a specific URL
      • Using a search engine followed by content scraping
      • Example risks
    • Accessing a Database
      • Relational databases
      • Vector databases
      • Reducing database risk
  • Learning from User Interaction
  • Conclusion
• 6. Do Language Models Dream of Electric Sheep?
  • Why Do LLMs Hallucinate?
  • Types of Hallucinations
  • Examples
    • Imaginary Legal Precedents
    • Airline Chatbot Lawsuit
    • Unintentional Character Assassination
    • Open Source Package Hallucinations
  • Whos Responsible?
  • Mitigation Best Practices
    • Expanded Domain-Specific Knowledge
      • Model fine-tuning for specialization
      • RAG for enhanced domain expertise
    • Chain of Thought Prompting for Increased Accuracy
    • Feedback Loops: The Power of User Input in Mitigating Risks
    • Clear Communication of Intended Use and Limitations
    • User Education: Empowering Users Through Knowledge
  • Conclusion
• 7. Trust No One
  • Zero Trust Decoded
  • Why Be So Paranoid?
  • Implementing a Zero Trust Architecture for Your LLM
    • Watch for Excessive Agency
      • Excessive permissions
      • Excessive autonomy
      • Excessive functionality
    • Securing Your Output Handling
      • Common risks
      • Handling toxicity
      • Screening for PII
      • Preventing unforeseen execution
  • Building Your Output Filter
    • Looking for PII with Regex
    • Evaluating for Toxicity
    • Linking Your Filters to Your LLM
    • Sanitize for Safety
  • Conclusion
• 8. Dont Lose Your Wallet
  • DoS Attacks
    • Volume-Based Attacks
    • Protocol Attacks
    • Application Layer Attacks
    • An Epic DoS Attack: Dyn
  • Model DoS Attacks Targeting LLMs
    • Scarce Resource Attacks
    • Context Window Exhaustion
    • Unpredictable User Input
  • DoW Attacks
  • Model Cloning
  • Mitigation Strategies
    • Domain-Specific Guardrails
    • Input Validation and Sanitization
    • Robust Rate Limiting
    • Resource Use Capping
    • Monitoring and Alerts
    • Financial Thresholds and Alerts
  • Conclusion
• 9. Find the Weakest Link
  • Supply Chain Basics
    • Software Supply Chain Security
    • The Equifax Breach
      • Impact
      • Lessons learned
    • The SolarWinds Hack
      • Impact
      • Lessons learned
    • The Log4Shell Vulnerability
      • Impact
      • Lessons learned
  • Understanding the LLM Supply Chain
    • Open Source Model Risk
    • Training Data Poisoning
    • Accidentally Unsafe Training Data
    • Unsafe Plug-ins
  • Creating Artifacts to Track Your Supply Chain
    • Importance of SBOMs
    • Model Cards
    • Model Cards Versus SBOMs
      • Purpose and focus
      • Content
      • Use in security and compliance
      • Industry application
    • CycloneDX: The SBOM Standard
    • The Rise of the ML-BOM
    • Building a Sample ML-BOM
  • The Future of LLM Supply Chain Security
    • Digital Signing and Watermarking
    • Vulnerability Classifications and Databases
      • MITRE CVE
      • MITRE ATLAS
  • Conclusion
• 10. Learning from Future History
  • Reviewing the OWASP Top 10 for LLM Apps
  • Case Studies
    • Independence Day: A Celebrated Security Disaster
      • Behind the scenes
      • Chain of events
      • Vulnerability disclosure
    • 2001: A Space Odyssey of Security Flaws
      • Behind the scenes
      • Chain of events
      • Vulnerability disclosure
  • Conclusion
• 11. Trust the Process
  • The Evolution of DevSecOps
    • MLOps
    • LLMOps
  • Building Security into LLMOps
  • Security in the LLM Development Process
    • Securing Your CI/CD
      • Implementing robust security practices
      • Fostering a culture of security awareness
    • LLM-Specific Security Testing Tools
      • TextAttack
      • Garak
      • Responsible AI Toolbox
      • Giskard LLM Scan
      • Integrating security tools into DevOps
    • Managing Your Supply Chain
  • Protect Your App with Guardrails
    • The Role of Guardrails in an LLM Security Strategy
      • Input validation
      • Output validation
    • Open Source Versus Commercial Guardrail Solutions
    • Mixing Custom and Packaged Guardrails
  • Monitoring Your App
    • Logging Every Prompt and Response
    • Centralized Log and Event Management
    • User and Entity Behavior Analytics
  • Build Your AI Red Team
    • Advantages of AI Red Teaming
    • Red Teams Versus Pen Tests
    • Tools and Approaches
      • Red team automation tooling
      • Red team as a service
  • Continuous Improvement
    • Establishing and Tuning Guardrails
    • Managing Data Access and Quality
    • Leveraging RLHF for Alignment and Security
  • Conclusion
• 12. A Practical Framework for Responsible AI Security
  • Power
    • GPUs
    • Cloud
    • Open Source
    • Multimodal
    • Autonomous Agents
  • Responsibility
    • The RAISE Framework
      • Limit your domain
      • Balance your knowledge base
      • Implement zero trust
      • Manage your supply chain
      • Build an AI red team
      • Monitor continuously
    • The RAISE Checklist
  • Conclusion
• Index