Open in app

Sign in

Write

Sign in

Best practices for secure AI development

Michael Hannecke
Bluetuple.ai
Published in
6 min readNov 30, 2023
We are all a bit nerdy — Author(Idea) with Dall-E (artist)

Introduction

Securing your practices while developing AI powered applications isn’t just a good idea — it’s like remembering to wear pants in public: fundamental and often taken for granted until it’s too late.

This guide isn’t your typical dry security protocol list that reads like a phone book. Instead, it’s peppered with a bit of humor, because let’s face it, even AI would prefer a joke over a stern lecture.

So, check the cord of your swimming trunk and let us dive into the steep pond of securing our AI, ensuring we don’t accidentally give our AI models too much power — we wouldn’t want them making our coffee, let alone our business decisions.

Familiarize Yourself with the OWASP Top 10 for LLMs

  • OWASP has created a top 10 list for LLMs, outlining the greatest hits of LLM risks, complete with examples and countermeasure suggestions. Getting familiar with this list is a good start for warming up the tires.
  • Check if your specific use case has any additional risks beyond these chart-toppers.

Prompt Injection

With prompt injection (akin to SQL injection), the goal is to manipulate the LLM by providing inputs that cunningly convince the LLM to do things it really shouldn’t. It’s like tricking a child into eating vegetables — but far less wholesome.

  • Train your teams on prompt injection — think of it as SQL injection’s less famous cousin.
  • Apply the principle of least privilege between your LLM and your data, like a strict parent moderating a teenager’s internet access.
  • Limit your LLM’s access to sensitive data. Only give it what’s necessary for the task at hand, much like how you’d curate a child’s reading material.
  • Where possible, use function calls to avoid unstructured data that could mislead the LLM, like a GPS leading you into a lake.
  • Get familiar with indirect prompt injection, where data sources are tampered with — it’s the digital equivalent of a trojan horse.
  • Ideally, avoid user-supplied prompts directly, unless absolutely necessary. It’s like telling the LLM, “Don’t talk to strangers.”
  • Additional security layers, like real-time monitoring and anomaly detection, can enhance protection, acting as your digital security guards.

Use Good Training Data

  • Fine-tune your LLM model (expensive, slow) — it’s like sending your AI to a private school.
  • Use different in-context learning methods (fast, fairly accurate, easy, cheap) — this is more like public school education, but still effective.
  • Validate/verify data sources — it’s like fact-checking a news article.
  • Protect data sources from external access, preventing unwanted data from sneaking in like a gatecrasher at a party.
  • Continuous monitoring and updating of data sources are essential for maintaining your LLM’s security integrity. It’s a never-ending game of digital whack-a-mole.

Restrict Data Access for Your LLM

  • Treat your LLM with the same sensitivity as your user data. Consider direct access between your LLM and data with the same scrutiny as a bouncer at a VIP club.
  • Stick to the least privilege rules. Don’t give your LLM more data than it needs, like not overfeeding a pet.
  • Add checks around LLM interactions to scrutinize inputs from users and outputs from the LLM, like a quality control inspector in a factory.
  • Remember the dynamic nature of AI systems. Security measures need to adapt like a chameleon, changing colors to match evolving data patterns and AI behaviors.

Keep a Human in the Loop

  • Exercise caution with AI-generated code: validate it during reviews and incorporate security tools in the IDE. It’s like double-checking a mischievous child’s homework.
  • This is especially crucial with autonomous agents, like Langchain, giving AI direct exec access. It’s giving the AI the keys to the kingdom, so make sure the kingdom is well-guarded.
  • Be cautious with allowing your LLM to manipulate/change important/sensitive data. Sometimes, explicit approvals or checks are sensible — think of it as a system of checks and balances.
  • Be wary of allowing your LLM to execute functions/system calls. Apply the least privilege principle, like limiting a teenager’s credit card spending.
  • Human oversight is key, but so is training human reviewers to understand the subtleties of AI-generated code. It’s like teaching someone to spot a wolf in sheep’s clothing.

Use Hybrid AI Models Wherever Possible

  • Choose the right tool for the specific job. LLMs excel at providing broad answers for general problems where pinpoint accuracy isn’t the main goal. It’s like using a hammer for a nail and a screwdriver for a screw — basic, but effective.
  • While hybrid models have their perks, they also add complexity in terms of integration and security. Ensuring seamless and secure interoperability between different AI models can be as challenging as assembling furniture without instructions.

Don’t Share Private or Secret Information with Public LLMs

  • Don’t share anything you wouldn’t want on a billboard.
  • Assume anything you enter into a public AI engine is being earmarked for future training, like a squirrel stashing nuts for winter.
  • Define and train your teams on policies for using GPT tools. It’s like teaching them the digital equivalent of street smarts.
  • Consider enterprise-grade tools for their additional security features. They’re like the VIP version of public AI tools.
  • Look into additional measures like data obfuscation or using private, self-hosted AI models. It’s the digital equivalent of keeping your valuables in a safe.

Secure Your Vulnerabilities

  • Treat LLM-generated code as you would code from a novice developer: validate, test, and correct in reviews, primarily in the IDE. It’s like proofreading a child’s essay.
  • Evaluate tools that can automate testing of AI-generated code. Think of them as your digital assistants.
  • Test and fix LLM-generated first-party code in the IDE. It’s like catching a typo before it gets printed in a newspaper.
  • Always manually verify open-source libraries recommended by AI before first use. It’s like checking the expiration date on a food product.
  • Establish a combination of automated tools and expert review. Two heads (or in this case, methods) are better than one.

Beware of Hallucinations and Misleading Data

  • LLMs will confidently assert their correctness, even when they’re as wrong as a GPS directing you off a cliff. Always validate their output.
  • Don’t let your LLM execute dangerous functions without prior validation. Think of it as not letting a child play with matches.
  • The challenge with hallucinations and misleading data is their unpredictability.
  • Consider implementing adaptive learning mechanisms, like continuously updating a road map for better accuracy and reliability.

Monitor Your AI Supply Chain

  • Document the dependencies of data sources used for training/tuning your LLM. It’s like keeping a detailed inventory of ingredients for a complex recipe.
  • Validate the data wherever possible. It’s akin to checking the quality of each ingredient.
  • When AI recommends the usage of tools or SDKs, evaluate and validate them carefully before use. Attackers might spoof SDKs and tools that AIs are prone to recommend. It’s like being wary of knock-off brands.
  • Recognize that the AI supply chain can be more opaque and complex than traditional software supply chains. This might require specialized tools and approaches for effective management and security. It’s like navigating a maze — you need the right map and tools.

Conclusion

So there you have it, a brief escapade through the fun-filled world of AI security practices. Remember, keeping your AI in check is a bit like herding cats — it might seem impossible at times, but with the right techniques and a little bit of patience (and maybe a laser pointer), it can be done.

By now, you should be well-armed with the knowledge (and a few chuckles) to keep your AI models both useful and under control. After all, the goal is to make AI work for us, not to have us running around fixing its mischievous deeds.

Stay safe, stay secure, and maybe, just maybe, let your AI have a little fun — within reason, of course.

If you have read it to this point, thank you! You are a hero (and a Nerd ❤)! I try to keep my readers up to date with “interesting happenings in the AI world,” so please 🔔 clap | follow

Ai Development
Bluetuple Security
Development
Artificial Intelligence

--

--

Michael Hannecke
Bluetuple.ai

Written by Michael Hannecke

206 Followers
Editor for

Curious about GenAI and Security. Life Long Learner www.bluetuple.ai. Connect with me on LinkedIn: https://www.linkedin.com/in/michaelhannecke

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams