Darren Meyer :donor:
Darren Meyer :donor:Proposing a Universal Antipattern -- untrusted data in, LLM caused to alter to something adversarial, result is passed to some action with the agent's authority ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:As long as step 1 (add untrusted data) is true, attacks are possible. ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Prompt injection is defined as tricking an LLM agent into treating data as instructions or into the content retrieved at time the model makes an inference. ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Proposing a Universal Antipattern -- untrusted data in, LLM caused to alter to something adversarial, result is passed to some action with the agent's authority ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Fully autonomous agents (Level 3 autonomy) is what most people want agents to do, and it's also the focus of attackers because the LLM plans, processes and executes.
All of these things start with some level of prompt injection ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Prompt injection is defined as tricking an LLM agent into treating data as instructions or into the content retrieved at time the model makes an inference. ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Defining an agent as "output is chained back to input for future requests" OR "acts with authorization to perform actions" ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Fully autonomous agents (Level 3 autonomy) is what most people want agents to do, and it's also the focus of attackers because the LLM plans, processes and executes.
All of these things start with some level of prompt injection ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Rebecca Lynch and Harang from NVIDIA on AI agent exploitation and defense ā Lynch & Harang #BHUSA #LivePost
Read whole thread on a single page: https://mastoreader.io/?url=https%3A%2F%2Finfosec.exchange%2F%40darrenpmeyer%2F114983027943858534
Darren Meyer :donor:Defining an agent as "output is chained back to input for future requests" OR "acts with authorization to perform actions" ā Lynch & Harang #BHUSA #LivePost
Darren Meyer :donor:Rebecca Lynch and Harang from NVIDIA on AI agent exploitation and defense ā Lynch & Harang #BHUSA #LivePost
Read whole thread on a single page: https://mastoreader.io/?url=https%3A%2F%2Finfosec.exchange%2F%40darrenpmeyer%2F114983027943858534
Darren Meyer :donor:I'll be occasionally doing a #LivePost of talks if I have the spoons and they're interesting. Block #LivePost if you don't wish to see those updates.
Darren Meyer :donor:Updating my #introduction: Iām what happens when the weird kid who kept breaking into the school mainframe grows up.
Iām fascinated by designing resilience into socio-technical systems, and the ways in which our default assumptions about doing that tend to break. On my spare time, I bike and tinker (mostly Arduino these days), and mildly obsess over getting interesting coffee to come out of my brewing equipment.
Work-wise, Iām deeply interested in software engineering as a practice and system. I tend to apply this to further #AppSec goals and programs, among many other things.