CypherCon 2024

So I Heard You Want to Develop Generative AI Apps Now…

Matt Phelps

Abstract:

 In 2023, the pervasive influence of Artificial Intelligence (AI) and Large Language Models (LLMs) has been a central focus across various industries. This surge in interest has prompted numerous development departments to explore integrating AI capabilities into their applications. This talk aims to provide an AppSec-centric exploration of the current state of LLMs, drawing from firsthand experiences and insights gained while collaborating on generative AI solutions.

The crux of the discussion revolves around essential considerations when constructing an AI application. Addressing critical components such as input sanitation, safeguarding against prompt injections, recognizing the risks associated with potential jailbreaks, ensuring output sanitization, mitigating data leakage, tackling chaining problems, and navigating through the labyrinth of supply chain risks are crucial themes that will be explored.

Importance: By distilling lessons learned from real-world experiences, this talk aims to equip the audience with a foundational understanding of the intricacies involved in securing AI applications despite the ever-evolving landscape, empowering them to navigate and fortify their AI endeavors against emerging security challenges.

Born and raised in the Milwaukee area, Matt now spends his time in Charlotte, NC with his wife and 5-year old cockapoo Jackson. After twelve years working in IT, Matt made the switch to Application Security and never looked back. Now an Application Security Engineer at a large cyber security company, Matt spends his time working with teams developing generative AI solutions, providing security guidance and recommendations.