Скачать с ютуб Paolo del Mundo: OWASP Top 10 for LLMs and Generative AI Apps в хорошем качестве

Paolo del Mundo: OWASP Top 10 for LLMs and Generative AI Apps

The Motley Fool Director of Application Security Paolo del Mundo leads an insightful Community session connecting the foundational OWASP Top 10 framework for traditional web applications to the emerging world of AI, exploring the unique security challenges posed by large language models (LLMs). Paolo discusses the profile and impact of vulnerabilities such as prompt injection, insecure plugin design, and excessive agency. Just a few among the many excellent takeaways from his presented findings: the importance of input and output filtering to mitigate prompt injection risks, and the benefits of leveraging tools like PromptGuard to safeguard against threats and tools Damn Vulnerable LLM Agent to experiment with and better understand them. This session offers practical insights into real-world attacks and demonstrates with engaging examples how attackers can exploit weaknesses in generative AI apps, offering actionable protection/risk reduction strategies for security professionals navigating the evolving landscape of AI-based applications. 𝗔𝗯𝗼𝘂𝘁 𝗣𝗮𝗼𝗹𝗼 Paolo is the Director of Application Security at The Motley Fool, where he has been leading the AppSec team for the past 4 years. With a strong foundation of 15 years as a software developer, Paolo made a successful transition into the security field, driven by his passion for bug bounties and capture the flag competitions. Paolo's unique background combines deep technical expertise with a keen understanding of security challenges in modern software development. He is particularly interested in the emerging security implications of Generative AI, viewing it as a fertile ground for exploring new attack vectors and defensive strategies. Drawing from his extensive experience in both development and security, Paolo offers valuable insights into the evolving landscape of application security in today's rapidly changing technological environment. _______________________________________________________________________________ 𝗧𝗵𝗲 𝗣𝘂𝗿𝗽𝗹𝗲 𝗕𝗼𝗼𝗸 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝘁𝘆 A purpose-driven and trusted network of security leaders and practitioners equipping people with the expertise to embrace secure development practices, solve ever-evolving security challenges, and ultimately democratize software security. Looking to network with the world's top security leaders and share your knowledge in software, application, or product security? 🤝 Explore 𝗖𝗼𝗺𝗺𝘂𝗻𝗶𝘁𝘆 𝗠𝗲𝗺𝗯𝗲𝗿𝘀𝗵𝗶𝗽: thepurplebook.club/explore-membership _______________________________________________________________________________ 𝗙𝗼𝗹𝗹𝗼𝘄 𝘂𝘀: Website: www.thepurplebook.club LinkedIn: www.linkedin.com/company/purple-book-community Twitter/X: www.x.com/CommunityPurple _______________________________________________________________________________