About The Speaker

vulncon2024@vulncon:~
speaker
Omkar Joshi
Lead Security Engineer @ Coupa Software
vulncon
vulncon2024@vulncon-[~]
cat ~/talk-title
The Art of Threat Modeling for LLM Applications
vulncon
vulncon2024@vulncon-[~]
cat ~/talk-category
Technical Speaker
vulncon
vulncon2024@vulncon-[~]
cat ~/talk-abstract

Large Language Models (LLMs) have undoubtedly taken the news by storm, as everyone from cybersecurity professionals are interested in exploring the power of this magic. As this technology becomes an integral part of our daily lives, it's imperative for us to implement robust security measures in the face of rapid deployment. This challenge has prompted us to think deeply about threat modeling these types of LLMs

Threat Modeling talks about modeling a system from a security perspective, identifying applicable threats based on this model, and determining responses to these threats. Ideally this is performed early in the SDLC, such as during the design phase. We call it as Depth-first approach instead of a breadth-first approach.

We’re going to talk about and answer on below parameters,

  • What are we working on?
  • What can go wrong?
  • What are we going to do about it?
  • Did we do a good enough job?

Will discuss about possible threats w.r.t. LLMs and AI apps globally and how those attacks are becoming more risks to organizations. We’re going to talk about various methods and techniques to conduct threat modeling for LLM apps.

Will talk about sample LLM DFD and architecture along with the demo on how to conduct threat modeling for the same. Will define trust boundaries and model standard LLM against possible threats.

vulncon
vulncon2024@vulncon-[~]
cat ~/speaker-bio

More than 11 years of experience in Security domain especially Pentest, Application Security, Forensics Investigation, Architecture Design Review Leading OffSec team, Passionate Red teamer, Security researcher Reported multiple vulnerabilities in products, applications and acknowledged with CVE's Holds prestigious certifications that testify to his expertise and commitment to the cybersecurity industry, including Offensive Security Certified Professional (OSCP), Offensive Security Wireless Professional (OSWP), Certified Red Team Operator (CRTO) and much more. Presented across conferences such as Bsides Budapest, Bsides Milano, Hacktivity.