当前位置:首页 > 报告详情

OWASPLLM:2024年人工智能网络安全与治理清单(英文版)(32页).pdf

上传人: AG 编号:605852 2024-02-19 32页 2.15MB

1、LLM AI Cybersecurity&Governance ChecklistFrom the OWASP Top 10for LLM Applications TeamVersion:1.0Published:February 19,2024Revision HistoryRevisionDateAuthor(s)Description0.12023-11-01Sandy Dunninitial draft0.52023-12-06SD,Teampublic draft0.92023-02-15SD,Teampre-release draft1.02024-02-19SD,Teampub

2、lic release v 1.0The information provided in this document does not,and is not intended to,constitute legal advice.All information is for general informational purposes only.This document contains links to other third-party websites.Such links are only for convenienceand OWASP does not recommend or

3、endorse the contents of the third-party sites.1Overview.51.1Responsible and Trustworthy Artificial Intelligence.61.2Who is This For?.71.3Why a Checklist?.71.4Not Comprehensive.71.5Large Language Model Challenges.71.6LLM Threat Categories.81.7Artificial Intelligence Security and Privacy Training.91.8

4、IncorporateLLMSecurityandgovernancewithExisting,EstablishedPracticesandControls91.9Fundamental Security Principles.91.10Risk.101.11Vulnerability and Mitigation Taxonomy.102Determining LLM Strategy.112.1Deployment Strategy.133Checklist.143.1Adversarial Risk.143.2Threat Modeling.143.3AI Asset Inventor

5、y.143.4AI Security and Privacy Training.153.5Establish Business Cases.153.6Governance.163.7Legal.173.8Regulatory.183.9Using or Implementing Large Language Model Solutions.193.10Testing,Evaluation,Verification,and Validation(TEVV).193.11Model Cards and Risk Cards.203.12RAG:Large Language Model Optimi

6、zation.213.13AI Red Teaming.214Resources.22ATeam.32OverviewEvery internet user and company should prepare for the upcoming wave of powerful generativeartificial intelligence(GenAI)applications.GenAI has enormous promise for innovation,efficiency,and commercial success across a variety of industries.

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要内容为OWASP Top 10 for LLM Applications Team发布的LLM AI网络安全与治理清单,旨在帮助组织快速了解LLM的风险与益处,制定全面的LLM策略。清单包括13个部分,涵盖LLM策略确定、威胁建模、AI资产清单、AI安全与隐私培训、建立商业案例、治理、法律、监管、使用或实施LLM解决方案、测试、评估、验证和确认(TEVV)、模型卡和风险卡、LLM优化、AI红队等。清单强调,LLM的使用增加了组织的攻击面,需要特殊的战术和防御措施,同时存在与已知问题相似的问题,因此需要将LLM网络安全与组织的现有网络安全控制、流程和程序相结合,以减少对威胁的脆弱性。
如何评估LLM应用的风险? 如何确保LLM应用的合规性? 如何提高LLM应用的安全性?
客服
商务合作
小程序
服务号
折叠