Elastic unveils guide on securing large language models

Elastic has unveiled pivotal findings through its latest research, "LLM Safety Assessment: The Definitive Guide on Avoiding Risk and Abuses." This report, produced by Elastic Security Labs, examines the safety measures necessary to securely implement large language models (LLMs) in contemporary cybersecurity frameworks.

As generative AI and LLMs have been widely implemented over the past 18 months, many companies have been swift to integrate these technologies. This rapid adoption has increased potential attack vectors, leaving developers and security teams in need of clear guidelines on secure LLM deployment. The LLM Safety Assessment seeks to address these concerns by providing comprehensive guidelines and countermeasures.

"Despite their potential, the broad adoption of LLMs has caused apprehension amongst enterprise leaders, perceiving it as another potential entry point for malicious actors," stated Jake King, head of threat and security intelligence at Elastic. King emphasised that sharing security knowledge is crucial, and the new rules and guidance are designed to be inclusive and beneficial for all organisations, irrespective of whether they are Elastic customers.

The LLM Safety Assessment extends the research previously undertaken by the Open Web Application Security Project (OWASP), focusing on the most common LLM attack vectors. The document includes detailed explanations of risks, best practices, and countermeasures that security teams can employ to safeguard their LLM implementations. Key areas addressed in the report cover in-product controls and information security measures that Security Operations Centres (SOCs) should implement to verify and validate the secure use of LLMs.

Elastic Security Labs has also introduced a new set of detection rules specifically aimed at LLM abuses. These rules complement over 1,000 existing detection rules published and maintained on GitHub. Asjad Athick, Elastic's Cyber Security Lead for Asia Pacific and Japan, remarked on the rapid adoption and continuous innovation in LLMs, noting the corresponding rise in opportunities for adversaries to exploit vulnerabilities. Athick underscored the importance of standardised data ingestion and analysis in enhancing industry safety and aligning with Elastic's research goals.

In line with the new research, Elastic has bolstered its detection rule repository to incorporate measures for monitoring LLM-related threats, ensuring that customers can efficiently manage potential issues in their environments. The company's proactive approach in creating integration workflows aims to reduce friction when assessing LLM security and is highlighted in multiple blog posts on Elastic's platform.

These blogs explore various elements of Elastic's commitment to LLM research. They detail integration workflows with AWS Bedrock and provide guidance on detecting malicious LLM activities using Elastic's query language ES|QL. They also propose a proxy-based telemetry solution to further fortify LLM security workflows.