Skip to content

References

Best Practices

Link Notes
Lakera AI Security Guide Basics of AI Security
Lakera LLM Security Playbook Framework, tools, datasets
AI security fundamentals This learning path helps you understand the basic concepts of AI security, the types of security controls that apply to AI systems, and the security testing procedures that you can implement in AI systems to increase the security posture of AI environments
Google's Secure AI Framework (SAIF) Google introduced the Secure AI Framework (SAIF), a conceptual framework to secure AI systems
Threat Modeling AI/ML Systems and Dependencies Supplements existing SDL threat modeling practices by providing new guidance on threat enumeration and mitigation specific to the AI and Machine Learning space
OWASP Top 10 for Large Language Model Applications
  • LLM01: Prompt Injection
  • LLM02: Insecure Output Handling
  • LLM03: Training Data Poisoning
  • LLM04: Model Denial of Service
  • LLM05: Supply Chain Vulnerabilities
  • LLM06: Sensitive Information Disclosure
  • LLM07: Insecure Plugin Design
  • LLM08: Excessive Agency
  • LLM09: Overreliance
  • LLM10: Model Theft
The Five Most Common AI Model Risks and How to Prevent Them
  • Exposing code to the internet
  • Vulnerabilities in AI packages
  • Sensitive data in AI models
  • Data leakage and tampering
  • Exposed AI API keys

Adoption

Link Notes
How should you adopt LLMs? An engineering strategy document determining how a hypothetical company could adopt LLMs
How to securely build product features using AI APIs A Practitioner’s Guide to Consuming AI
The Security Principles Guiding 1Password’s Approach to AI Here are the security principles that will guide how 1Password builds, adopts, and integrates AI, today and in the future

Implementations

Link Notes
How to leverage generative AI in cloud apps without putting user data at risk Security best practices to deploy generative AI models as part of your multi-tenant cloud applications and avoid putting your customers' data at risk
Securing the AI Software Supply Chain This paper explains Google's approach to securing their AI supply chain using provenance information and provides guidance for other
Analyzing Secure AI Architectures NCC Group has compiled several architectural patterns that successfully mitigate AI risks in real deployments

Security

Link Notes
Threat Modeling GenAI applications
  • How are we handling prompts and responses?
  • How do we ensure that the model has the right level of permission?
  • How are we validating that the outputs of the model are correct and safe?

Providers

AWS

Link Notes
Building the foundations: A defender’s guide to AWS Bedrock This blog focuses on AWS Bedrock and its relevant telemetry streams: CloudTrail management and data events, model invocation telemetry and endpoint telemetry