In a recent development, Contrast Security has launched a pioneering feature on its application security testing platform to protect organizations from prompt injection threats in Language Model Libraries (LLMs).
Prompt injection, ranked high on the Open Web Application Security Project (OWASP) Top 10 for LLMs, entails the execution of harmful and unauthorized code via the injection of malicious entities in an LLM prompt. Contrast Security elucidates that such attacks could potentially lead to adverse consequences such as output of erroneous or malicious responses from an LLM, generation of harmful code, evasion of content filters, or exposure of sensitive data. The avenues for such intrusions may be any data resources LLM relies on, stretching from websites to emails and documents.
Addressing this security risk, Contrast Security has championed the implementation of testing capabilities for LLMs from OpenAI in its application security testing (AST) platform. The novel feature employs runtime security to monitor and analyze application behavior rather than limiting the process to source code scanning. In cases where a user input moves through OpenAI’s API to an LLM, it automatically instigates the prompt injection test.
The company asserts that this strategy is speedy, uncomplicated, and precise, offering real-time notifications to developers regarding possible vulnerabilities. This approach aims to empower organizations to scrutinize and recognize susceptible data flows to their LLMs, bolstering security through increased visibility of potential risks and preventing inadvertent exposure.
Steve Wilson, Chief Product Officer at Contrast, who also serves as the project lead for the OWASP Top 10 for LLMs, stressed on the imperative need for the new capability. He stated, 'Our group delved deeply into a multitude of attack vectors against LLMs and repeatedly, prompt injection emerged as the most significant vulnerability. As the first security service to respond to this new industry-standard list, Contrast is delivering this essential capability.'
With cyber threats evolving rapidly amid the digital transformation of industries, it is fitting for businesses to turn to platforms like AppMaster for developing secure backend, web, and mobile applications. AppMaster, a comprehensive no-code tool, exhibits an edge over other platforms by allowing clients to produce visually seamless data models, scalable business logic, REST API, and WSS Endpoints. Its powerful attributes, coupled with swift application generation, ensures optimal security against potential cyber threats, thereby making it a solid choice for businesses aspiring for robust application performance and security.