OWASP LLM Top 10 Newsletter - April '24 Edition

A Change of Guard, a Survey and a Conference

Change Of Guard !!

Greetings Security Enthusiasts and OWASP Community Members!

News from the editorial desk. There has been a change of guard - I'm honored to take the reins of this Newsletter. Will Chilcutt has set a high bar and a tough act to follow.

Appreciate your patience and support as I navigate through the new responsibilities. Together, let's continue to explore the fascinating world of LLM security, safety and trust !

This month’s edition is going to be very short

  • A link to an important survey (LLM Top 10 v1.1 feedback with an eye towards v2)

  • Our sessions at the RSA Conference

  • News (and links) about the release of our documents

We have a lot more to share including the upcoming AppSec Conference - all good topics for our next newsletter

📋 You have an opportunity to influence - with a Survey ! 📋

The survey “OWASP Top 10 for LLM 1.1 Feedback” is a Google form https://forms.gle/jrmkKMMUsyZQwhCQ6

Please take a few minutes to complete the survey. This is the first step at re-ranking and then expanding the Top 10 Entries for 2.0.  Get in your notes now!

The field of Large Language Models (LLMs) is emerging, and it is crucial that we, as a community, combine our knowledge to ensure these models are secure, safe, and trustworthy

  • Steve Wilson has done a good job (as usual) !

  • You can rate each vulnerability in two dimensions and propose new additions

📆 OWASP Sessions at the RSA Conference 📆

We have three sessions at the RSA conference. An excellent opportunity to attend and participate. (I will gather notes from the sessions and publish in our future Newsletter)

  • Application Security for Generative AI Applications (Mon, May 6, ‘24 8:30 AM - 9:20 AM PT) [Here]

    • Must attend BoF session to discuss security issues associated with GenAI applications

  • OWASP AI Security Summit: Safeguarding AI with OWASP's Top 10 for LLMs & Generative AI (Mon, May 6, ‘24 10:50 AM - 11:40 AM PT) [Here]

    • This session delves into strategies for mitigating risks associated with LLMs, leveraging the OWASP Top 10 for LLMs

  • Securing AI Apps with the OWASP Top Ten for Large Language Models (Thu, May 9, ‘24 8:30 AM - 1:30 PM PT) [Here]

    • A good deep dive session

📺 Heard on the ‘Net 📺

An insightful article in the InfoSecurity Magazine with quotes from our own Sandy Dunn ! [Here]

And, it has a Japanese translation ㊗️

🔗 OWASP LLM Documents 🔗

  • OWASP Top 10 LLM main site [Here]

  • OWASP Top 10 for LLM Applications v1.1 [Here]

  • LLM AI Security & Governance Checklist v1.1 [Here]

📱Stay Connected📱

Aubrey King has expanded our social media reach across various platforms including LinkedIn, Youtube, Twitter (Agree with Will, not going to say X), and soon even more! Follow and don’t be shy to re-share any content we post! BTW, if you're presenting anything related to our project externally, do let us know at [email protected] so we can review and blast out to our social media followers!

💭 Closing Thoughts 💭

As I was saying earlier, the world of LLMs/Generative AI is just starting. We do need to keep them secure, safe and trusted. We look forward to seeing you in our Slack channels and at our upcoming meetings!

Till next time … Stay secure and stay sharp

Krishna Sankar
LinkedIn | Medium | Github