Cyber Security Shots

, , ,

Cloud Security Weekly Blog – Week 12

Published by

armiar

on

Amazon

  1. Supply chain security improved with package group in AWS codeArtifact. It can be applied against patterns like format, namespace and configure origin control (Allow or Block) of ingestion or publish new packages (Link)

Across Cybersecurity Industry

  1. SonarQube is introducing SBOM Manager
  2. Fujitsu spills customer data (Data Leak)
  3. SQL Injection vulnerability (CVSS 9+) in FortiClientEMS  released on March 12th

Topic for the week

Prompt Injection

Courtesy Learningprompt

  1. It is the Top threat in OWASP LLM Top 10. Manipulating LLM Model to perform tasks against its goal/objective by inserting malicious prompt.
  2. There are two types of prompt injection
    1. Direct prompt injection, Providing prompts directly to LLM
    2. Indirect prompt injection, Providing prompts indirectly via Datasource, that are hidden.
  3. Causes
    1. Input validation
    2. LLM Design/architecture
  4. Mitigation
    1. Proper inputs validation and filtering.
    2. Monitoring inputs/output of the LLM Models.
    3. Monitor for anomaly prompt
    4. Defining trust boundary,
    5. Least Privilege model depending on the type of the tasks to be formed (Example user inputs prompt and prompts that can insert data to the model)

One response to “Cloud Security Weekly Blog – Week 12”

  1. Cloud Security Weekly Blog – Week 37 Avatar
    Cloud Security Weekly Blog – Week 37

    […] If you have been tracking my blog, Earlier I talked out How to build AI Security and things to consider in the link and in week 12 i talked about what is prompt injection and how it can be mitigated in the link […]

    Like

    Reply

Leave a reply to Cloud Security Weekly Blog – Week 37 Cancel reply

Hello,

I’m Ara

Welcome to Cloud Security Blog, my corner of the internet dedicated to Cloud and AI Security .

Let’s connect

Join the fun!

Stay updated with our latest tutorials and ideas by joining our newsletter.

Recent posts