Defending Large Language Models: Securing Chatbots, Copilots, and AI Agents

This talk will explore the critical and vulnerable points in large language models (LLMs) used in chatbots, AI copilots, and intelligent agents. We’ll begin by understanding the trust boundaries in these systems and then dive into how to defend them against emerging threats. Taking a comprehensive approach, we’ll examine the tools, processes, and best practices that every security professional should adopt.

The session will draw on several real-world case studies to demonstrate the concepts. We will dive into the Responsible AI Software Engineering (RAISE) framework as a way to approach end-to-end security for your LLM system.

This is a must-attend event for anyone preparing to face the evolving challenges of AI security and protect their systems from tomorrow's cutting-edge threats.

Steve Wilson is a pioneer in Generative AI and cybersecurity, driving advancements in AI-powered cyber defense and securing AI systems. As the Chief Product Officer at Exabeam, Steve spearheaded the launch of a powerful Generative AI copilot for security analysts, significantly enhancing the speed and accuracy of cybersecurity incident investigations.

Steve leads the charge on securing large language models as the founder and project leader of the OWASP Top 10 for Large Language Model Applications, where he guides a global team in developing the industry-standard guide to critical vulnerabilities in AI systems. The Top 10 List has become the go-to reference for developers, architects, and security professionals working to safeguard AI applications.

As the author of The Developer’s Playbook for Large Language Model Security, Steve provides a comprehensive framework for building secure, responsible AI systems. His book has become an essential resource for professionals navigating the complexities of AI and security.

He is an inventor on 11 U.S. and international patents in cybersecurity, networking, and IoT. In 2023, Steve was awarded Cybersecurity Innovation Leader of the Year by Enterprise Security Tech, and his 2024 RSA Conference talk was voted a Top Session.

This talk will discuss the management of the DNSSEC trust anchor for the Internet.

The quarterly KSK ceremonies which generate the cryptographic signatures allowing DNSSEC operations will be presented including:

● Physical and Logical Security Design

● Community involvement

● Audit and Transparency/Chain of Custody

● Hardware Security Modules

● Programmable Ceremony Scripts

● Maintenance and Lifecycles

The presentation will demonstrate how this novel approach to operations and security with an “open source” style of continuous improvement promotes trust perception.

Aaron Foley is a Senior Cryptographic Key Manager for the Internet Corporation of Assigned Names and Numbers (ICANN). His primary responsibility is the management of the Root DNSSEC KSK trust anchor, essential to global DNSSEC implementation. He has served in this role since 2019 and has been employed by ICANN in varying capacities since 2015.

Aaron has 25+ years of Internet related IT/security experience.

Because ISSA Los Angeles makes commitments to our facilities well in advance of each event, we regret that we cannot offer any refunds or credits within 48 hours of any of our events. If you cannot attend an event you can send someone in your place as long as they have your written permission.

CPEs: There will be 2 CPE credits for the meeting.

Disclaimer: ISSA-LA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISSA-LA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISSA-LA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices.

All materials used in the preparation and delivery of presentations on behalf of ISSA-LA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISSA-LA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers. Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Permission to be Photographed: By attending this event, the registrant grants permission to be photographed during the event. The resultant photographs may be used by ISSA-LA for future promotion of ISSA-LA’s educational events on ISSA-LA’s web site and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs now or in the future.

Host or Publisher Information Systems Security Association Los Angeles | ISSA-LA