Improving Tech Security with LLMs

Posted July 3, 2024 | Technology |
Improving Tech Security with LLMs

Rather than introducing wholly unprecedented threats into society, large language models (LLMs) highlight and stress test existing vulnerabilities in how organizations govern data, manage access, and configure systems. With care and responsibility, we can respond to their revelations by engineering solutions that make technology usage more secure and ethical overall.

Specific ways responsible LLM adoption can improve security include:

  • Red team penetration testing. Use LLMs to model criminal hacking and fraud to harden defenses.

  • Automated vulnerability scanning. Leverage LLM conversational ability to identify flaws in public-facing chat interfaces.

  • Anomaly detection. Monitor corporate system logs with LLMs fine-tuned to flag unusual internal events as possible attacks.

  • Safety analysis. Stress test new features through automated conversational exploration of potential abuses.

  • Product-security reviews. Use LLMs as a team member when designing new products to probe attack possibilities in simulated conversations.

  • Threat intelligence. Continuously train LLMs on emerging attack data to profile bad actors and model potential techniques.

  • Forensic reconstruction. Assist investigations of past incidents by using LLMs to speculate about criminal conversations and motives.

  • Security policy analysis. Check that policies adequately address LLM-relevant risks revealed through conversational probing.

  • Security training. Use LLM-generated attack scenarios and incidents to build staff defensive skills.

  • Bug bounties. Expand scope of bounty programs to include misuse cases identified through simulated LLM hacking.

With careful design and effective oversight, LLMs can be an ally rather than a liability in securing organizations against modern technological threats. Their partially open nature invites probing for weaknesses in a controlled setting.

LLMs present a further opportunity to improve an organization’s information security capability. The practical application of LLMs to business challenges requires creating sophisticated, multistage, software-driven data pipelines. As these pipelines start to become prevalent, an opportunity to design with more effective security protocols is presented.

Various security postures can be applied at different points in the pipeline. For instance, a permissive security posture that allows an LLM to generate the best possible response can be followed by a more restrictive security filter that automatically checks the output for potential data leakage.

If we accept that LLM security problems are new manifestations of existing information security challenges (and that human behavior is the biggest cause of security breaches), then automated multistage processes with carefully constructed security gateways can provide a powerful new tool in the toolkit.

[For more from the authors on this topic, see: “LLM Security Concerns Shine a Light on Existing Data Vulnerabilities.”] 

About The Author
Michael Papadopoulos
Michael Papadopoulos is a Cutter Expert, Chief Architect of Arthur D. Little’s (ADL's) UK Digital Problem Solving practice, and a member of ADL's AMP open consulting network. He is passionate about designing the right solutions using smart-stitching approaches, even when elegance and architectural purity are overshadowed by practicality. Mr. Papadopoulos leads the scaling of multidisciplinary organizations by focusing on continuous improvement,… Read More
Nicholas Johnson
Nicholas Johnson is a Partner at Arthur D. Little (ADL) in ADL’S Digital Problem Solving practice, based in London. He focuses on how emerging digital technologies can be harnessed to drive transformation of both the business and its internal technology function. Mr. Johnson believes that the technology patterns/approaches used in the past are no longer appropriate to today’s challenges, and that businesses must adopt new approaches. With over… Read More
Michael Eiden
Michael Eiden is a former Cutter Expert, Partner and Global Head of AI & ML at Arthur D. Little (ADL). Dr. Eiden is an expert in machine learning (ML) and artificial intelligence (AI) with more than 15 years’ experience across different industrial sectors. He has designed, implemented, and productionized ML/AI solutions for applications in medical diagnostics, pharma, biodefense, and consumer electronics. Dr. Eiden brings along deep… Read More
Philippe Monnot
Philippe Monnot is a Data Scientist with Arthur D. Little's (ADL's) UK Digital Problem Solving practice, and a member of ADL's AMP open consulting network. He’s passionate about solving complex challenges that impact people’s livelihood through the use of data, statistics, and machine learning (ML). Mr. Monnot enjoys developing accessible solutions that customers will adopt through effective data storytelling and explainable artificial… Read More
Foivos Christoulakis
Foivos Christoulakis is a Solutions Architect with Arthur D. Little’s (ADL’s) UK Digital Problem Solving practice and a member of ADL’s AMP open consulting network. He is a passionate cloud architect who has designed and implemented numerous solutions currently in production in global-scale organizations. Mr. Christoulakis helps organizations grow by focusing on high engineering standards and following solid software engineering practices. He… Read More
Greg Smith
Greg Smith is a Partner at Arthur D. Little (ADL), based in London. He founded and co-leads ADL's Digital Problem Solving practice and is a member of ADL's Executive Committee, where he has responsibility for ADL's global innovation strategy. His work focuses on business strategy in the context of digital transformation as well as the application of disruptive information technologies in solving intractable business problems in major enterprises… Read More