Complex LLM applications bring new security risks.

The increasing use of large language models (LLMs) in various applications andbusiness areas poses significant security challenges. LLMs are technically complexand not fully understood in their operation. Implementing and customizing thesemodels for specific applications requires comprehensive knowledge of tools such asthe HuggingFace Transformer library and techniques like RAG, LoRA, PEFT, etc.

LLM-based applications are vulnerable to specific attacks such as prompt injectionand model theft, as well as other risks represented in the OWASP Top 10 LLM Risks.Security experts, developers, and data scientists should be able to identify the risksassociated with using LLMs and develop and implement appropriate securitystrategies.

Secure adaptation and use of LLM applications in a business environment.

In this intensive course, you will gain in-depth knowledge of the fundamentals andarchitectures of LLMs. Through practical examples, you will learn techniques forimplementing, customizing, and integrating LLM applications using models and toolsfrom the open-source community, thereby understanding the security aspects of LLMapplications from the ground up.

You will be trained to analyze security risks based on the OWASP Top 10 LLM Risksand develop strategies against threats such as prompt injection and model theft. Thetraining will provide you with practical fundamentals to efficiently assess the securityproperties of LLM applications and models. Additionally, security analyses aresystematically embedded in industry-relevant practices and processes such asDevOps and MLOps.

After the seminar, you will be able to:

• Analyze, assess, and avoid security risks in LLM-based applications
• Develop strategies against threats like prompt injection
• Efficiently evaluate and optimize LLM models

This seminar offers you:

• In-depth knowledge of LLM fundamentals and their development
• Practical experience in implementing and customizing LLM applications
• Intensive support for programming tasks
• Use of open-source software and free models
• Systematic application to industry-relevant practices and processes such as DevOps and MLOps

• Fundamentals of LLMs
• Building an LLM application (introduction to Huggingface’s transformer library,Huggingface, Gradio)
• Extending standard LLMs (several techniques like RAG or Finetuning forimprovement for specific applications)
• Evaluation metrics (overview and application)
• From prototype to production: MLOps
• Security aspects of LLM-based applications
• OWASP Top 10 risks for LLM applications

• Understand the development of LLMs in a temporal context and identify keyplayers in the field of artificial intelligence.
• Explain the fundamental concepts and architectures of/for LLMs.
• Understand the principles and practical basics of training, fine-tuning, andoperating open-source LLMs.
• Implement an LLM application using transformers, Huggingface, and Gradio.
• Apply and optimize techniques to improve standard LLMs for specificapplications.
• Analyze and evaluate security risks in LLM-based applications using theOWASP Top 10.
• Develop and implement security strategies against threats such as promptinjection and model theft.

  Dorian Knoblauch (dorian.knoblauch@fokus.fraunhofer.de)

• Over 5 years of professional experience in ML
• Academic publications on research topics focused on ML, auditing, andtesting of AI and security
• Trainer at the Fraunhofer Academy specializing in ML, security, and testing

    Paul Ranly (paul.ranly@sit.fraunhofer.de)

• Research work/publications in the fields of ML, NLP, and LLMs
• Trainer at the Fraunhofer Academy

    Lukas Graner (lukas.graner@sit.fraunhofer.de)

• Over 5 years of professional experience in ML
• Academic publications on research topics focused on ML, imageprocessing, privacy, and NLP, e.g., authorship verification, LLMs
• Consultancy work on authorship verification and detection of AI-generated texts
• Trainer at the Fraunhofer Academy