S6E29: Resilient Cyber w/ Steve Wilson

In this episode of Resilient Cyber, host Chris Hughes sits down with Steve Wilson, leader of the OWASP Top 10 for LLMs and author of the upcoming book The Developer's Playbook for LLM Security: Building Secure AI Applications. The conversation centers around securing the explosive adoption of Generative AI (GenAI) and Large Language Models (LLMs).

Key Highlights:

• Steve’s background as the Chief Product Officer at Beam, focusing on AI-driven security operations. He also leads the OWASP project addressing vulnerabilities in LLMs and is publishing a book on LLM security.

• Discussion on AI’s evolution, with Steve sharing how his first AI startup dates back to 1992, and comparing the computing power then versus now, highlighting the rapid advancements.

• Introduction to the OWASP Top 10 for LLMs, a project Steve started, which quickly grew to hundreds of contributors, becoming a key resource for understanding vulnerabilities in LLM applications.

• Explanation of Prompt Injection, one of the top risks on the OWASP list, and how it differs from traditional injection attacks in cybersecurity.

• Recommendations for securely adopting LLMs, including starting slow with constrained use cases, and being mindful of the risks of giving too much agency to LLMs (allowing them to make decisions that could have real-world consequences).

• Insight into Steve’s book, The Developer’s Playbook for LLM Security, which covers in-depth topics like knowledge acquisition, hallucinations in LLMs, and the implications of supply chain risks in AI models.

• Discussion on the growing open-source vs. closed-source LLM ecosystems, the importance of managing AI supply chain risks, and why the current AI supply chain is still a "dumpster fire."