Securing GPT : A Practical Introduction to Attack and Defend ChatGPT Applications
You might be familiar with defending web applications against traditional attacks like Cross-Site-Scripting or SQL Injection. However, securing an application where all user inputs are funneled into an AI, like a ChatGPT instance, is uncharted territory.
How do you ensure its security? How do you detect potential attacks or breaches? How do you even 'penetration test' a ChatGPT instance?
This book provides a comprehensive guide, exploring both offensive and defensive strategies in securing LLM applications. We'll start a fun adventure to make an AI helper for a hypothetical store. But the challenge doesn't stop there. We'll also be 'putting on the black hat,' trying to hack into your own creation, testing its vulnerabilities and exploiting them, only to learn how to reinforce its defenses.
In this new world of AI, traditional firewalls and security systems might not be enough. Here is where the book takes you one step further. We'll guide you through crafting smart firewalls and Data Leakage Prevention (DLP) systems using ChatGPT, thereby securing your AI applications.
This book isn't just about understanding the potential risks that AI applications present; it's about proactively preparing for them and knowing how to respond. We provide tools, strategies, and knowledge to secure your AI applications.
Highlights:
- Learn how to use OpenAI's API Interface
- Explore how to write system prompts for creating a store assistant.
- Use different prompt injection techniques on our AI assistant. Learn how to use "promptmap" tool.
- Reinforce system prompts against prompt injection attacks.
- Learn how to turn ChatGPT into firewall and DLP systems, to protect our store assistant.
- Discover how to automatically create system prompts for your security needs.
- Learn how to protect the Git repository of your AI project.
About The Author
Utku Sen is a security researcher known for creating open-source security tools including promptmap, urlhunter, and wholeaked. His work has been featured many times at DEF CON, the biggest hacker conference in the world. He was also nominated for Pwnie Awards on "Best Backdoor" category in 2016.
He was part of HackerOne's Triage team, where he was actively involved in triaging and addressing vulnerabilities for the world's biggest companies. Now, he works for Delivery Hero in Berlin.