Valorem Reply Wins 2024 Microsoft Nonprofit Partner Award!
Valorem Reply is the 2024 Microsoft Nonprofit Partner of the Year! Chosen from global nominees by Microsoft executives and industry experts.
Read More
Transcript
Perry Taylor - My name is Perry Taylor. I’m a senior consultant at Valorem Reply, and for 2025, my Valorem Vision is to make sure that all of our AI-related projects involve the OWASP Top 10 for large language models so that we deliver secure and complete solutions for our customers.
So traditionally speaking, when developing applications, we use a resource called OWASP Top 10 security concerns. OASP is an open-source group that goes through and evaluates all the security concerns on websites that are out in the wild and identifies the top 10 reasons that they might have security issues. So things like broken access control, SQL injection, and secure design. They update these every couple of years, and it’s a bare minimum for making sure that our applications are secure and that we don’t leak data or put our customers’ data in jeopardy in any way, shape, or form.
Going forward, the same group has created a top 10 list for large language models to try to address the new security concerns that those large language models might introduce. That’s what we’re trying to implement at Valorem to make sure that all of our customers’ applications don’t leak information and create problems that are unique to large language model implementations.
Large language models are a really exciting thing to use in customer projects and for customer-facing applications, but because they’re a new paradigm, they create new issues. Because the large language models are fairly autonomous, they can do things that we don’t originally intend them to do and lead to either security problems because they leak information that they shouldn’t have, whether it’s personally identifiable information, confidential business information, or potentially large language models could agree to something that we don’t want to agree to. Then it becomes either a publicity problem and also a potentially legal problem if something on your website has agreed to business terms that are in no way, shape, or form tolerable to your business.
So in order to support this trend, we’re educating our developers on these top 10 ways to how the security problems might arise that OWASP has raised and then how to reduce those threats and proactively address the threats so that our customers don’t run into problems with the applications and deployment of our AI that we push out.
