{"id":1532,"date":"2024-10-16T20:20:14","date_gmt":"2024-10-16T18:20:14","guid":{"rendered":"https:\/\/www.jussimetso.com\/?p=1532"},"modified":"2024-10-17T09:28:24","modified_gmt":"2024-10-17T07:28:24","slug":"owasp-few-words-about-aisec-p2","status":"publish","type":"post","link":"https:\/\/www.jussimetso.com\/index.php\/2024\/10\/16\/owasp-few-words-about-aisec-p2\/","title":{"rendered":"OWASP (Few words about AISec p2)"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"1532\" class=\"elementor elementor-1532\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-6696d53 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"6696d53\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4424f4c\" data-id=\"4424f4c\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-de794a9 elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"de794a9\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;exclude_headings_by_selector&quot;:[],&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;,&quot;h6&quot;],&quot;marker_view&quot;:&quot;numbers&quot;,&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<h4 class=\"elementor-toc__header-title\">\n\t\t\t\tTable of Contents\t\t\t<\/h4>\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__de794a9\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__de794a9\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__de794a9\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<i class=\"elementor-toc__spinner eicon-animation-spin eicon-loading\" aria-hidden=\"true\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-515fb3b elementor-widget elementor-widget-text-editor\" data-id=\"515fb3b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This post describes different programs within OWASP AI Security functions.<\/p><p>This post is also the collection of different studies. Lot&#8217;s of reading through the endless Internet.<\/p><p>Lot&#8217;s of links to drafts, university papers, github repos and other studies.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e6090ac elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"e6090ac\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-8dc9c25 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"8dc9c25\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-8646c75\" data-id=\"8646c75\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-9dfe9d2 elementor-widget elementor-widget-heading\" data-id=\"9dfe9d2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Machine Learning T10 (part 2)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-0834c22 elementor-widget elementor-widget-text-editor\" data-id=\"0834c22\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>This is the second part of Owasp&#8217;s Machine Learning T10. <a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/09\/28\/few-words-about-ai-security\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Last time<\/span><\/a> I described the current top10 with small descriptions borrowed from OWASP.org.<\/p><p>This another OWASP <a href=\"https:\/\/genai.owasp.org\/llm-top-10\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">site<\/span><\/a> describes a lot of more information from different T10 attacks. There are also translations to different languages.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a05da81 elementor-widget elementor-widget-image\" data-id=\"a05da81\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"owasp_top10_koontikuva\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTU3MywidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNFwvMDlcL293YXNwX3RvcDEwX2tvb250aWt1dmEucG5nIn0%3D\">\n\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"640\" height=\"388\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?fit=640%2C388&amp;ssl=1\" class=\"attachment-large size-large wp-image-1573\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?w=1449&amp;ssl=1 1449w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?resize=300%2C182&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?resize=1024%2C620&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?resize=768%2C465&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?resize=850%2C514&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/09\/owasp_top10_koontikuva.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Source: https:\/\/genai.owasp.org\/llm-top-10\/<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e593925 elementor-widget elementor-widget-text-editor\" data-id=\"e593925\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>I don&#8217;t list T10 attacks again since you can learn about them from GenAI Owasp Site.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-63e0b51 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"63e0b51\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0f57406 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0f57406\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ab82daa\" data-id=\"ab82daa\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b044ae2 elementor-widget elementor-widget-heading\" data-id=\"b044ae2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Machine Learning T10 related information<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-02c8be3 elementor-widget elementor-widget-text-editor\" data-id=\"02c8be3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>There are lot&#8217;s of related information based on OWASP Machine Learning. Here are few of them<\/p><p><strong>Vulnerability &amp; Risk databases:<\/strong><\/p><p>Catalogued vulnerabilities and risks that were present in real-world AI and ML systems:<\/p><ul><li><span style=\"text-decoration: underline;\"><a href=\"https:\/\/avidml.org\/database\/\">AI Vulnerability Database (AVID) by <\/a><a href=\"https:\/\/avidml.org\/arva\">AI Risk and Vulnerability Alliance<\/a><\/span><\/li><li><a href=\"https:\/\/airisk.io\/\"><span style=\"text-decoration: underline;\">AI Risk Database (airisk.io)<\/span><\/a><\/li><li><a href=\"https:\/\/airisk.mit.edu\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">AI Risk Repository (airisk.mit.edu)<\/span><\/a><\/li><li><a href=\"https:\/\/www.scirp.org\/journal\/paperinformation?paperid=133503\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Security Vulnerability Analyses of Large Language Models (LLMs) through Extension of the Common Vulnerability Scoring System (CVSS) Framework<\/span><\/a><\/li><\/ul><p><strong>AI incidents:<\/strong><\/p><ul><li><a href=\"https:\/\/oecd.ai\/en\/incidents?search_terms=%5B%5D&amp;and_condition=false&amp;from_date=2014-01-01&amp;to_date=2024-10-16&amp;properties_config=%7B%22principles%22:%5B%5D,%22industries%22:%5B%5D,%22harm_types%22:%5B%5D,%22harm_levels%22:%5B%5D,%22harmed_entities%22:%5B%5D%7D&amp;only_threats=false&amp;order_by=date&amp;num_results=20\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">OECD AI Incidents Monitor (AIM)<\/span><\/a><\/li><li><a href=\"https:\/\/incidentdatabase.ai\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">AI Incidents Database (AIID)<\/span><\/a><\/li><li><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.aiaaic.org\/aiaaic-repository\" target=\"_blank\" rel=\"noopener\">AIAAIC Repository<\/a>\u00a0<\/span><\/li><\/ul><p><strong>AI\/ML security guidelines:<\/strong><\/p><p>Various guidelines on ML and AI Security and Safety<\/p><ul><li><a href=\"https:\/\/owasp.org\/www-project-ai-security-and-privacy-guide\/\"><span style=\"text-decoration: underline;\">OWASP AI Security and Privacy Guide<\/span><\/a><\/li><li><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.etsi.org\/technologies\/securing-artificial-intelligence\">ETSI.org&#8217;s Securing Artificial Intelligence (SAI)<\/a><\/span><\/li><li><span style=\"text-decoration: underline;\"><a href=\"https:\/\/www.whitehouse.gov\/wp-content\/uploads\/2023\/07\/Ensuring-Safe-Secure-and-Trustworthy-AI.pdf\">Biden&amp;Harris Administraton &#8211; Ensuring Safe, Secure and Trustworthy AI<\/a><\/span><\/li><\/ul><p><strong>Others:<\/strong><\/p><p>All the other resources related to ML Security &#8211; threat modelling resources, risk assessments frameworks<\/p><ul><li><a href=\"https:\/\/github.com\/Trusted-AI\/adversarial-robustness-toolbox\"><span style=\"text-decoration: underline;\">Trusted AI Adversarial Robustness Toolbox<\/span><\/a><\/li><li><a href=\"https:\/\/www.enisa.europa.eu\/publications\/securing-machine-learning-algorithms\"><span style=\"text-decoration: underline;\">ENISA &#8211; Securing Machine Learning Algorithms<\/span><\/a><\/li><li><a href=\"https:\/\/github.com\/DeepSpaceHarbor\/Awesome-AI-Security\"><span style=\"text-decoration: underline;\">Awesome AI Security- A curated list of AI security resources<\/span> (*)<\/a><\/li><li><a href=\"https:\/\/github.com\/trailofbits\/awesome-ml-security\"><span style=\"text-decoration: underline;\">Awesome ML Security &#8211; A curated list of awesome ML security references, guidance, tools<\/span> (*)<\/a><\/li><li><a href=\"https:\/\/github.com\/stratosphereips\/awesome-ml-privacy-attacks\"><span style=\"text-decoration: underline;\">Awesome Attacks on ML Privacy &#8211; curated list of papers related to privacy attacks<\/span> (*)<\/a><\/li><\/ul><p>(*) Part of these have scientific papers from different Universities)<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5a510a8 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5a510a8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-78732b9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"78732b9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3ccb33b\" data-id=\"3ccb33b\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1252c84 elementor-widget elementor-widget-heading\" data-id=\"1252c84\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Getting Started with AI Security - the Checklist<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f9b85cc elementor-widget elementor-widget-text-editor\" data-id=\"f9b85cc\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The OWASP Top 10 for LLM Applications Cybersecurity and Governance Checklist is intended for people who are striving to stay ahead in the fast-moving AI world, aiming not just to leverage AI for corporate success but also to protect against the risks of hasty or insecure AI implementations. These leaders and teams must create tactics to grab opportunities, combat challenges, and mitigate risks.<\/p><p class=\"elementor-heading-title elementor-size-default\"><a href=\"https:\/\/genai.owasp.org\/wp-content\/uploads\/2024\/05\/LLM_AI_Security_and_Governance_Checklist-v1.1.pdf\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">LLM Applications Cybersecurity and Governance Checklist v1.1 \u2013 English<\/span><\/a><\/p><p>\u00a0<\/p><p>\u00a0<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-550186f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"550186f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-5391a7a\" data-id=\"5391a7a\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8333c99 elementor-widget elementor-widget-heading\" data-id=\"8333c99\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Guide for Preparing and Responding to Deepfake Events<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-57be090 elementor-widget elementor-widget-text-editor\" data-id=\"57be090\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Deepfakes\u2014hyper-realistic digital forgeries\u2014have gained significant attention as the rapid development of generative AI has made it easier to produce convincingly realistic videos and audio recordings that can deceive even the most discerning viewers.<\/p><p>Key strategies that the guide endorses include:<\/p><ul><li>Focusing on process adherence rather than visual or auditory detection of fakes<\/li><li>Implementing and maintaining strong financial controls and verification procedures<\/li><li>Cultivating a culture of awareness and skepticism towards unusual requests.<\/li><li>Developing and regularly updating incident response plans.<\/li><\/ul><p><a href=\"https:\/\/genai.owasp.org\/download\/41043\/?tmstv=1727108189\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Guide for Preparing and Responding to Deepfake Events From the OWASP Top 10 for LLM Applications Team<\/span><\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a63c978 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"a63c978\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-afb20f7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"afb20f7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-48cfd89\" data-id=\"48cfd89\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-b6b8eea elementor-widget elementor-widget-heading\" data-id=\"b6b8eea\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">LLM  AI Agents<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-abcd44a elementor-widget elementor-widget-text-editor\" data-id=\"abcd44a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.linkedin.com\/in\/cobusgreyling\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Cobus Greyling<\/span><\/a>, <span aria-hidden=\"true\">Chief Evangelist @ Kore.ai<\/span>\u00a0 writes about <a href=\"https:\/\/cobusgreyling.medium.com\/ai-agents-47da7043170d\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">AI Agent&#8217;s.<\/span><\/a> It is a program that uses one or more Large Language Models or Foundational Models as its backbone, enabling it to operate autonomously.\u00a0<\/p><p><span class=\"break-words tvm-parent-container\"><span dir=\"ltr\">AI Agents can handle highly ambiguous questions by decomposing them through a chain of thought process, similar to human reasoning. These agents have access to a variety of tools, including programs, APIs, web searches, and more, to perform tasks and find solutions.<br \/><\/span><\/span><\/p><p><span class=\"break-words tvm-parent-container\"><span dir=\"ltr\">This recent <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/articles\/omniparser-for-pure-vision-based-gui-agent\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">research from Microsoft called<\/span><\/a> the <a href=\"https:\/\/microsoft.github.io\/OmniParser\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">OmniParser<\/span><\/a> is a\u00a0general screen parsing tool, designed to extract information from UI screenshots into structured bounding boxes and labels, thereby enhancing GPT-4V\u2019s performance in action prediction across various user tasks.<\/span><\/span><\/p><p>Complex tasks can often be broken down into multiple steps, each requiring the model\u2019s ability to:<\/p><p>1. Understand the current UI screen by analysing the overall content and functions of detected icons labeled with numeric IDs, and<\/p><p>2. Predict the next action on the screen to complete the task.<\/p><p>Read more <a href=\"https:\/\/cobusgreyling.medium.com\/ai-agents-47da7043170d\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">here<\/span><\/a> or the <a href=\"https:\/\/www.microsoft.com\/en-us\/research\/articles\/omniparser-for-pure-vision-based-gui-agent\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Microsoft Research<\/span><\/a>. <a href=\"https:\/\/github.com\/xlang-ai\/OpenAgents\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">OpenAgents GitHub<\/span><\/a> available for the code. You can <a href=\"https:\/\/chat.xlang.ai\/https:\/\/chat.xlang.ai\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">test<\/span><\/a> it.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b296c6b elementor-widget elementor-widget-image\" data-id=\"b296c6b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"aiagent_model_cobusgreyling\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTYwOSwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNFwvMTBcL2FpYWdlbnRfbW9kZWxfY29idXNncmV5bGluZy5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"648\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?fit=640%2C648&amp;ssl=1\" class=\"attachment-large size-large wp-image-1609\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?w=1235&amp;ssl=1 1235w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?resize=296%2C300&amp;ssl=1 296w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?resize=1011%2C1024&amp;ssl=1 1011w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?resize=768%2C778&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?resize=300%2C304&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/aiagent_model_cobusgreyling.png?resize=850%2C861&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">This image illustrates the various components that make up an AI Agent, including its web browsing capabilities and its ability to export phone screens, desktop views, and web browsers. Source: www.cobusgreyling.com<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-53e959d elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"53e959d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1d5c0f9 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1d5c0f9\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b51094f\" data-id=\"b51094f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-ad2bec4 elementor-widget elementor-widget-heading\" data-id=\"ad2bec4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">AI Threat Map<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fbe7b0d elementor-widget elementor-widget-text-editor\" data-id=\"fbe7b0d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>The purpose of the AI Threat Model is to help defenders prepare their organizations by understanding the different types of threats and implement appropriate controls.<\/p><p><a href=\"https:\/\/www.linkedin.com\/in\/sandydunnciso\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Sandy Dunn<\/span><\/a> , CISO, Board Member AIML and her <a href=\"https:\/\/www.linkedin.com\/pulse\/ai-threat-map-update-v19-sandy-dunn-jfm1c\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">AI Threat Map<\/span><\/a>. She created the map after ChatGPT&#8217;s release in November 2022 to understand the deluge of AI\/ML threats and vulnerabilities information.<\/p><p>It has just been updated to version 1.9. <span style=\"text-decoration: underline;\">Click <a href=\"https:\/\/github.com\/subzer0girl2\/AI-Threat-Mind-Map\/blob\/main\/AI%20Threat%20Map%20v1.9%2091924%20SandyDunn.pdf\" target=\"_blank\" rel=\"noopener\">here<\/a> to see it Full<\/span>. Link goes to her GitHub project.<\/p><h4 dir=\"auto\">The AI Threat Map includes seven categories of Threats:<\/h4><ol dir=\"auto\"><li>Threats from AI Models<\/li><li>Threats Using AI Models<\/li><li>Threat to AI Models<\/li><li>AI Legal &amp; Regulatory Threat<\/li><li>Threats NOT using AI Models<\/li><li>Threat of AI Dependency<\/li><li>Threat Not Understanding AI Models<\/li><\/ol><div><h4 id=\"ember52\" class=\"ember-view reader-text-block__heading-3\">Use the AI Threat Map to:<\/h4><ul><li>Illustrates the challenge of balancing the different types of threats<\/li><li>Identify and plan for all types of AI Threats<\/li><li>Quick identification of weak or high risk areas to prioritize<\/li><\/ul><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-e133664 elementor-widget elementor-widget-image\" data-id=\"e133664\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"ai_threat_map_1_9_sandydunn\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTU4MCwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNFwvMTBcL2FpX3RocmVhdF9tYXBfMV85X3NhbmR5ZHVubi5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"494\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?fit=640%2C494&amp;ssl=1\" class=\"attachment-large size-large wp-image-1580\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?w=1821&amp;ssl=1 1821w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?resize=300%2C231&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?resize=1024%2C790&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?resize=768%2C593&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?resize=1536%2C1185&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?resize=850%2C656&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_threat_map_1_9_sandydunn.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Image from Sandy Dunn AI Threat Map PDF<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9a64038 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"9a64038\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-7905dee elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"7905dee\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0934187\" data-id=\"0934187\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-1456f4c elementor-widget elementor-widget-heading\" data-id=\"1456f4c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">AI Red Teaming<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-72b4904 elementor-widget elementor-widget-heading\" data-id=\"72b4904\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">Research Initiative: AI Red Teaming &amp; Evaluation<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2aed100 elementor-widget elementor-widget-text-editor\" data-id=\"2aed100\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>OWASP\u00a0 outlook in AI Red Teaming: The Power of Adversarial Thinking in AI Security &#8211; can be found <a href=\"https:\/\/genai.owasp.org\/2024\/09\/12\/research-initiative-ai-red-teaming-evaluation\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">here<\/span><\/a>.<\/p><p>OWASP <span id=\"docs-title-input-label-inner\" class=\"docs-title-input-label-inner\">GAI Red Teaming Methodologies, Guidelines &amp; Best Practices<\/span> draft can be found <a href=\"https:\/\/docs.google.com\/document\/d\/1WS7Dn02rl9UD-aR638vWA4LkPmA4tS-O7HDZl045oog\/edit?tab=t.0\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">here<\/span><\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-45ea0a2 elementor-widget elementor-widget-heading\" data-id=\"45ea0a2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">OWASP LLM System Guardrails &amp; AI Red Teaming<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b2d15d9 elementor-widget elementor-widget-image\" data-id=\"b2d15d9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_llm_guardrails.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"ai_llm_guardrails\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTYyNSwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNFwvMTBcL2FpX2xsbV9ndWFyZHJhaWxzLnBuZyJ9\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"369\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_llm_guardrails.png?fit=640%2C369&amp;ssl=1\" class=\"attachment-large size-large wp-image-1625\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_llm_guardrails.png?w=886&amp;ssl=1 886w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_llm_guardrails.png?resize=300%2C173&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_llm_guardrails.png?resize=768%2C443&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_llm_guardrails.png?resize=850%2C490&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">OWASP LLM Newsletter September 2024<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9cbb469 elementor-widget elementor-widget-image\" data-id=\"9cbb469\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"278\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_guardrails_timeline.png?fit=640%2C278&amp;ssl=1\" class=\"attachment-large size-large wp-image-1624\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_guardrails_timeline.png?w=906&amp;ssl=1 906w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_guardrails_timeline.png?resize=300%2C130&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_guardrails_timeline.png?resize=768%2C334&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_guardrails_timeline.png?resize=850%2C370&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">OWASP LLM Newsletter September 2024<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-ae4c0d8 elementor-widget elementor-widget-heading\" data-id=\"ae4c0d8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">What is AI Red Teaming?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6625566 elementor-widget elementor-widget-text-editor\" data-id=\"6625566\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>&#8220;AI Red Teaming is a systematic, adversarial approach, employed by human testers, to identify issues\/problems in systems that have Generative AI components. The tests include tests for unsafe material, Inaccuracies, out-of-scope responses and identify unknown risks that come to light from live usage\/new discovery\/benchmarks. Developers can then use that information to retrain\/augment the models or develop \u201cguardrail\u201d rules to mitigate risk&#8221; &#8211; Krishna Sankar<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-98ee470 elementor-widget elementor-widget-text-editor\" data-id=\"98ee470\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><a href=\"https:\/\/www.linkedin.com\/in\/ksankar\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Krisna Sankar<\/span><\/a> &#8211; A Distinguished Engineer of GenAI Red Teaming\u00a0 &amp; Security Guardrails introduced for me the topic of <strong>AI Redteaming<\/strong> in his <a href=\"https:\/\/ksankar.medium.com\/the-role-of-ai-red-teaming-in-cybersecurity-a-k-a-what-the-heck-is-this-ai-red-teaming-62b8bda73300\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">blog<\/span><\/a>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-049a96b elementor-widget elementor-widget-image\" data-id=\"049a96b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"a_word_about_a_red_teaming\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTYxMCwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNFwvMTBcL2Ffd29yZF9hYm91dF9hX3JlZF90ZWFtaW5nLnBuZyJ9\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"309\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?fit=640%2C309&amp;ssl=1\" class=\"attachment-large size-large wp-image-1610\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?w=1457&amp;ssl=1 1457w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?resize=300%2C145&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?resize=1024%2C495&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?resize=768%2C372&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?resize=850%2C411&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/a_word_about_a_red_teaming.png?w=1280&amp;ssl=1 1280w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Source: Krishna Sankar - AI Red Teaming blog<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6aea84d elementor-widget elementor-widget-heading\" data-id=\"6aea84d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">What's the difference between traditional Red-Teaming and AI Red-Teaming?<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b6e02f4 elementor-widget elementor-widget-text-editor\" data-id=\"b6e02f4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>A question which really interests me. Well one answer is given by Dr. Josh Harguess (cranium.ai).<\/p><p>&#8221; \u201cRed teaming\u201d and \u201cAI red teaming\u201d are two approaches used in security and assessment practices to test and improve systems. While traditional red teaming focuses on evaluating the security of physical and cyber systems through simulated adversary attacks, AI red teaming specifically addresses the security, robustness, and trustworthiness of artificial intelligence systems.&#8221;<\/p><p>Read the whole GREAT article <a href=\"https:\/\/cranium.ai\/resources\/blog\/traditional_vs_ai_red_teaming\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">here<\/span><\/a>.<\/p><p>The Venn diagram below illustrates the overlap among cybersecurity, traditional red teaming, and AI red teaming.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5f4bc03 elementor-widget elementor-widget-image\" data-id=\"5f4bc03\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/venn_diagram_red_teaming.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"venn_diagram_red_teaming\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MTYxNCwidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNFwvMTBcL3Zlbm5fZGlhZ3JhbV9yZWRfdGVhbWluZy5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"521\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/venn_diagram_red_teaming.png?fit=640%2C521&amp;ssl=1\" class=\"attachment-large size-large wp-image-1614\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/venn_diagram_red_teaming.png?w=1034&amp;ssl=1 1034w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/venn_diagram_red_teaming.png?resize=300%2C244&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/venn_diagram_red_teaming.png?resize=1024%2C833&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/venn_diagram_red_teaming.png?resize=768%2C625&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/venn_diagram_red_teaming.png?resize=850%2C691&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE: Dr. Josh Harguess (Cranium.ai)<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7e4b419 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"7e4b419\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1515327 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1515327\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2894e11\" data-id=\"2894e11\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-acefc4c elementor-widget elementor-widget-heading\" data-id=\"acefc4c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Conclusion<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-63ef873 elementor-widget elementor-widget-text-editor\" data-id=\"63ef873\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>There are lots of going on in AI Security area. Large Language Model security is one the most studied field but AI Red Teaming and other Security studies are evolving. This is definitely something I want to be part of. So let&#8217;s continue and participate to these.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7020197 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"7020197\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9f1a598 elementor-widget elementor-widget-text-editor\" data-id=\"9f1a598\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>First part of this series called &#8220;Few words about AI Security&#8221; can be found <a href=\"https:\/\/www.jussimetso.com\/index.php\/2024\/09\/28\/few-words-about-ai-security\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">here<\/span><\/a>.<\/p><p>Next part is related to my work with Microsoft products -&gt; <strong>Microsoft AI Security<\/strong>.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In this second part of AI Security Series I will open more of OWASP programs.<\/p>\n","protected":false},"author":1,"featured_media":1604,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_theme","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[27,7],"tags":[],"class_list":["post-1532","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai","category-security"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/10\/ai_security_2.png?fit=512%2C512&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pes24X-oI","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/1532","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/comments?post=1532"}],"version-history":[{"count":0,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/1532\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media\/1604"}],"wp:attachment":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media?parent=1532"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/categories?post=1532"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/tags?post=1532"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}