Emerging security threats – a look at attack vectors and future challenges
An attack vector in cyber security is a pathway or method used by a hacker to illegally access a computer system or network in hopes of attempting to exploit its system vulnerabilities. These attack vectors, or security threats, vary by types of systems, locations, and exploits and are often, unfortunately, ubiquitous, as the computer systems or networks they prey upon are, too. Another unfortunate detail is that these security threats and attack vectors are not limited to only computer systems or networks.
In the near future, the authors feel there will be entire disciplines and jobs around the topic of cyber security and understanding and protecting against specifically generative AI and LLMs due to the ubiquitous nature of cyber security threats.
For example, the future use of quantum computing might have profound effects on both security protection and threats, as described in this “Schneier on Security” blog, Breaking RSA with a Quantum Computer (linked at the end of this chapter).
We will provide some additional future emerging use cases in the last chapter of this book.
For now, let’s expand our understanding by describing a few of the security threats that can affect LLMs and looking at recommendations for managing these threats. This is not an exhaustive list of security threats as generative AI is still a very young and growing field, which is also true of the level of understanding of security threats and risks against generative AI, along with mitigation steps. An entire book can be written on security threats for generative AI, but for now, let’s just cover some of the top security threats to be aware of.
Model denial of service (DoS)
Denial of service (DoS) is a type of cyber attack designed to disable, shut down, or disrupt a network, website, or service. The primary purpose of such malware is to disrupt or disable a service or its flow and to render the target useless or inaccessible. The old DoS attack vector and a more sophisticated distributed denial of Service (DDoS) method have been around since the dawn of the internet.
A DoS security threat can cause the target organization aggravation and annoyance on one end of the spectrum, cost millions of dollars at the other end, or worse, cause real risks in safety to living beings, including other humans.
Similarly, an LLM model denial of service behaves in the same malicious way.
LLMs can be a target for cyber security attacks, as many organizations don’t have the experience to provide the proper guardrails for or projection against the LLMs they create (fine -tuned). As the resources required to create/train any models can be quite large, if there is a security threat or attack against these LLMs, the application or service (depending on the LLM) can lead to service interruptions that are very similar to the original DoS cyber attacks on computers and networks.
Unfortunately, this model DoS attack can cause complications, from simple access issues for processing prompts to increased monetary value or financial costs due to any outage of a service.
Important note
When combined with the variety that comes from user inputs and prompts, the complexity and number of variables grow significantly; thus, focusing on a prompt input limit, such as a token limit imposed by each model alone, may not help. As a best practice, we advise placing a resource limit to ensure excessive requests do not consume a majority or all resources, such as memory constraints, either inadvertently or intentionally. These resource limits can be placed at the prompt level, say, by creating a summary of a prompt first before sending this to another LLM, such as ChatGPT, for further processing (recall that this is LLM chaining), as well as at the cloud service level.
Then, we layer continuously monitoring the resource utilization of your generative AI environment on top of this, and also recommend setting up a trigger to alert operational staff and/or security to then take appropriate action.
Now, let’s take a look at another security threat: the threat of prompt injection.