版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
updatedQuarterly
|GenAI,LLMSecOpsandSecuritySolutionLandscape
RevisionHistory
Revision
Date
Authors
Description
.01
6/4/2024
ScottClinton
InitialDraftICharter
.05
8/10/2024
ScottClintonI
ContributorsInputs
Updatedwithinitialfeedback
.06
10/15/2024
ScottClintonI
ContributorsIReviewerInputs
Re-factorSolutions
LandscapecategoriesI
1.0
10/15/2024
ContributorsIReviewers
FinalReleaseCandidate
TheinformationprovidedinthisdocumentdoesnotIandisnotintendedtoIconstitutelegaladvice.Allinformationisforgeneralinformationalpurposesonly.Thisdocumentcontainslinkstootherthird-partywebsites.SuchlinksareonlyforconvenienceIandOWASPdoesnotrecommend
orendorsethecontentsofthethird-partysites.
LicenseandUsage
ThisdocumentisIicensedunderCreativeCommons,CCBY-SA4.0Youarefreeto:
●Share—copyandredistributethematerialinanymediumorformat
●Adapt—remixItransformIandbuilduponthematerialforanypurposeIevencommercially.
●Underthefollowingterms:
oAttribution—YoumustgiveappropriatecreditIprovidealinktothelicenseIandindicateifchangesweremade.Youmaydosoinanyreasonablemannerbutnotinanywaythatsuggeststhelicensorendorsesyouoryouruse.
oAttributionGuidelines-mustincludetheprojectnameaswellasthenameoftheassetReferenced
■OWASPTop10forLLMs-LLMSecOpsSolutionsLandscape
■OWASPTop10forLLMs-CyberSecuritySolutionandLLMSecOpsLandscapeGuide
●ShareAlike—IfyouremixItransformIorbuilduponthematerialIyoumustdistributeyourcontributionsunderthesamelicenseastheoriginal.
Linktofulllicensetext:
/licenses/by–sa/4.0/legalcode
TheinformationprovidedinthisdocumentdoesnotIandisnotintendedtoIconstitutelegaladvice.Allinformationisfor
generalinformationalpurposesonly.Thisdocumentcontainslinkstootherthird-partywebsites.Suchlinksareonlyfor
convenienceandOWASPdoesnotrecommendorendorsethecontentsofthethird-partysites.
Version1.01of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
Contents
WhoIsThisDocumentFor? 3
Objectives 3
Scope 3
Introduction 4
DefiningtheSecuritySolutionsLandscape 4
LandscapeConsiderations 4
LLMApplicationCategories,SecurityChallenges 5
StaticPromptAugmentationAppIications 6
AgenticAppIications 7
LLMPIug-ins,Extensions 8
CompIexAppIications 9
LLMDevelopmentandConsumptionModels 10
LLMOpsandLLMSecOpsDefined 11
AQuickOpsPrimer-FoundationforLLMOps 11
LLMOpsLifeCYcIeStages-FoundationforLLMDevSecOps 12
Scoping/PIanning 13
DataAugmentationandFine-Tuning 14
AppIicationDeveIopmentandExperimentation 14
TestandEvaIuation 15
ReIease 15
DepIoY 16
Operate 16
Monitor 17
Govern 18
MappingtotheOWASPTop10forLLMThreatModeI 18
AppIicationServices 19
ProductionServices 19
OWASPTop10forLLMsSolutionsLandscape 20
EmergingGenAI/LLM-SpecificSecuritYSoIutions 21
LLM&GenerativeAISecuritYSoIutions 22
SoIutionLandscapeMatrixDefinitions 22
LandscapeSoIutionMatrix 23
Acknowledgements 29
OWASPTop10forLLMProjectSponsors 30
References 31
ProjectSupporters 32
Version1.02of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
WhoIsThisDocumentFor?
ThisdocumentistailoredforadiverseaudiencecomprisingdevelopersIAppSecprofessionalsIDevSecOpsandMLSecOpsteamsIdataengineersIdatascientistsICISOsIandsecurityleaderswhoarefocusedondevelopingstrategiestosecureLargeLanguageModels(LLMs)andGenerativeAIapplications.ItprovidesareferenceguideofthesolutionsavailabletoaidinsecuringLLMapplicationsIequippingthemwiththeknowledgeandtoolsnecessarytobuildrobustIsecureAIapplications.
Objectives
ThisdocumentisintendedtobeacompaniontotheOWASPTop10forLargeLanguageModel(LLM)ApplicationsListandtheCISOCybersecurity&GovernanceChecklist.Itsprimaryobjectiveistoprovideareferenceresourcefororganizationsseekingtoaddresstheidentifiedrisksandenhancetheirsecurityprograms.Whilenotdesignedtobeanall-inclusiveresourceIthisdocumentoffersaresearchedpointofviewbasedonthetopsecuritycategoriesandemergingthreatareas.Itcapturesthemostimpactfulexistingandemergingcategories.BycategorizingIdefiningIandaligningapplicabletechnologysolutionareaswiththeemergingLLMandgenerativeAIthreatlandscapeIthisdocumentaimstosimplifyresearcheffortsandserveasasolutionsreferenceguide.
Scope
ThescopeofthisdocumentistocreateashareddefinitionofsolutioncategoryareasthataddressthesecurityoftheLLMandgenerativeAIlifecycleIfromdevelopmenttodeploymentandusage.ThisalignmentsupportstheOWASPTop10ListForLLMsoutcomesandtheCISOCybersecurityandGovernanceChecklist.ToachievethisIthedocumentwillcreateaninitialframeworkandcategorydescriptorsIutilizingbothopen-sourcesolutionsandprovidingmechanismsforsolutionproviderstoaligntheirofferingswithspecificcoverageareasasexamplestosupporteachcategory.
Thedocumentadherestoseveralkeyrulestomaintainitsintegrityandusefulness:
●Vendor-AgnosticandOpenApproach:ItmaintainsaneutralstanceIavoidingrecommendationsofonetechnologyoveranotherIinsteadprovidingcategoryguidancewithchoicesandoptions.
●Straightforward,ActionableGuidance:ThedocumentoffersclearIactionableadvicethatorganizationscanreadilyimplement.
●CoordinatedKnowledgeGraph:ItincludescoordinatedtermsIdefinitionsIanddescriptionsforkeyconcepts.
●PointtoExistingStandards:WhereexistingstandardsorsourcesoftruthareavailableIthedocumentreferencestheseinsteadofcreatingnewsourcesIensuringconsistencyandreliability.
Version1.03of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
Introduction
WiththegrowthofGenerativeAIadoption,usage,andappIicationdeveIopmentcomesnewrisksthataffecthoworganizationsstrategizeandinvest.AstheserisksevoIve,sodoriskmitigationsoIutions,technoIogies,frameworks,andtaxonomies.ToaidsecurityIeadersinprioritization,conversationsaboutemergingtechnoIogyandsoIutionareasmustbeaIignedappropriateIytocIearIyunderstoodbusinessoutcomesforAIsecuritysoIutions.ThebusinessoutcomesofAIsecuritysolutionsmustbeproperlydefinedtoaidsecurityleadersinbudgeting
ManyorganizationshavealreadyinvestedheavilyinvarioussecuritytoolsIsuchasvulnerabilitymanagementsystemsIidentityandaccessmanagement(IAM)solutionsIendpointsecurityIDynamicApplicationSecurityTesting(DAST)IobservabilityplatformsIandsecureCI/CD(ContinuousIntegration/ContinuousDeployment)toolsItonameafew.HoweverIthesetraditionalsecuritytoolsmaynotbesu代cienttofullyaddressthecomplexitiesofAIapplicationsIleadingtogapsinprotectionthatmaliciousactorscanexploit.ForexampleItraditionalsecuritytoolsmaynotsu代cientlyaddresstheuniquedatasecurityandsensitiveinformationdisclosureprotectioninthecontextofLLMandGenAIapplications.ThisincludesbutisnotlimitedtothechallengesofsecuringsensitivedatawithinpromptsIoutputsIandmodeltrainingdataIandthespecificmitigationstrategiessuchasencryptionIredactionIandaccesscontrolmechanisms.
EmergentsolutionslikeLLMFirewallsIAI-specificthreatdetectionsystemsIsecuremodeldeploymentplatformsIandAIgovernanceframeworksattempttoaddresstheuniquesecurityneedsofAI/MLapplications.HoweverItherapidevolutionofAI/MLtechnologyanditsapplicationshasdrivenanexplosionofsolutionapproachesIwhichhasonlyaddedtotheconfusionfacedbyorganizationsindeterminingwheretoallocatetheirsecuritybudgets.
DefiningtheSecuritySolutionsLandscape
TherehavebeenmanyapproachestocharacterizingthesolutionslandscapeforLargeLanguageModeltoolsandinfrastructure.InordertodevelopasolutionslandscapethatfocusesonthesecurityofLLMapplicationsacrossthelifecyclefromplanningIdevelopmentIdeploymentIandoperationItherearefourkeyareasofinputwehavefocusedontodevelopbothadefinitionforLargeLanguageModelDevSecOPsandrelatedsolutionslandscapecategories.
LandscapeConsiderations
ApplicationTypesandScope-whichimpactsthepeopleIprocessesIandtoolsneededbasedonthecomplexityoftheapplicationandtheLLMenvironmentIas-a-serviceIself-hostedIorcustom-built.
EmergingLLMSecOpsProcess-whilethisisaworkinprogressImanyarelookingtoadaptandadoptexistingDevOpsandMLOpsandassociatedsecuritypractices.WeexpectourdefinitiontoevolveasthedevelopmentprocessesforLLMapplicationsbegintomature.
Version1.04of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
ThreatandRiskModeling-understandingtherisksposedbyLLMsystemsIapplicationusageIormisuselikethoseoutlinedintheOWASPTop10forLLMsandGenerativeAIApplicationsIarekeytounderstandingwhichsolutionsarebestsuitedtoimprovethesecuritypostureandcombatarangeofattacks.
TrackingEmergingSolutions-manyexistingsecuritysolutionsareadaptingtosupportLLMdevelopmentworkflowsandusecaseshowevergiventhenatureofnewthreatsandevolvingtechnologyandarchitecturesnewtypesofLLM-specificsecuritysolutionswillbenecessary.
LLMApplicationCategories,SecurityChallenges
OrganizationshavebeenleveragingMachineLearninginapplicationsfordecades.ThisoftenrequireddetailedexpertiseinDataScienceandextensivemodeltraining.GenerativeAIhaschangedthis.SpecificallyILargeLanguageModels(LLMs)havemademachinelearningtechnologywidelyaccessible.Theabilitytodynamicallyinteractinplainlanguagehasopenedthedoorforthecreationofanewclassofdata-drivenapplicationsandapplicationintegrations.FurthermoreIusageisnolongerlimitedtothehighlyskilledeffortsoftraditionaldevelopersanddatascientists.Pre-trainedmodelsenablenearlyanyonetoperformcomplexcomputationaltasksIregardlessofpriorexposuretoprogrammingorsecurity.OrganizationshavebeenleveragingMachineLearninginapplicationsfordecadesincludingNaturalLanguageProcessing(NLP)modelsthatoftenrequiredetailedexpertiseinDataScienceandextensivemodeltraining.
Withtheadventoftransformerstechnologyenablinggenerativecapabilitiescombinedwiththeeaseofaccessforpre-trainedas-a-servicemodelslikeChatGPTandotheras-a-serviceIFourmajorcategoriesofLLMApplicationArchitectureemerged;Prompt-centricIAIAgentsIPlug-ins/extensionsIandcomplexgenerativeAIapplicationwheretheLLMplaysakeyroleinalargerapplicationusecase.
(figure:ApplicationCategories&SummaryAttributes)
HavingacommonviewoftypicalLLMapplicationarchitecturesIincludingagentsImodelsILLMsIandtheMLapplicationstackIiscrucialfordefiningandaligningtheapplicationstackIsecuritymodelIandapplicationofferings.BelowIwehaveprovidedashortdescriptionofkeycharacteristicsIusecasesIandsecuritychallengesforeachapplicationcategory.
Version1.05of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
StaticPromptAugmentationApplications
TheseapplicationsinvolvespecificstaticnaturaIIanguageinputstoguidethebehaviorofa
largelanguagemodel(LLM)towardgeneratingthedesiredoutput.Thistechniqueoptimizestheinteractionbetweentheuserandthemodelbyfine-tuningthephrasingIcontextIandinstructionsgiventotheLLM.Theseapplicationsallowuserstoaccomplishawiderangeoftasksbysimply
refininghowtheyaskquestionsorprovideinstructions.
KeyCharacteristics
oHumantomodel/modeltohumaninteractionandresponse
oStaticpromptaugmentation
oFlexibilityandCreativity
oSimplicityandAccessibility
oRapidPrototypingandExperimentation
UseCaseExamples
oExperimentation/RapidPrototyping
oContentGenerationTools
oTextSummarizationApplications
oQuestion-AnsweringSystems
oLanguageTranslationTools
oChatbotsandVirtualAssistants
SecurityChallenges
oPrompt-basedapplicationsfacesecurityriskslikepromptinjectionattacksand
dataleakagefrompoorlycraftedprompts.Lackofcontextorstatemanagement
canleadtounintendedoutputsIincreasingmisusevulnerability.User-generated
promptsmaycauseinconsistentorbiasedresponsesIriskingcomplianceorethicalviolations.EnsuringpromptintegrityIrobustinputvalidationIandsecuringtheLLMenvironmentarecrucialtomitigatetheserisks.
Version1.06of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
AgenticApplications
TheseapplicationsleverageLargeLanguageModels(LLMs)toautonomouslyorsemi-autonomouslyperformtasksImakedecisionsIandinteractwithusersorothersystems.TheseagentsaredesignedtoactonbehalfofusersIhandlingcomplexprocessesthatofteninvolvemultiplestepsIintegrationsIandreal-timedecision-making.TheyoperatewithalevelofautonomyIallowingthemtocompletetaskswithoutconstanthumanintervention.
KeyCharacteristics
oAutonomyandDecision-Making
oInteractionwithExternalSystems
oStateManagementandMemory
oComplexWorkflowAutomation
oHuman-AgentCollaboration
UseCaseExamples
oVirtualAssistants
oCustomerSupportBots
oProcessAutomationAgents
oDataAnalysisandReportingAgents
oIntelligentPersonalizationAgents
oSecurityandComplianceAgents
SecurityChallenges
oAgentapplicationsIwiththeirautonomyandaccesstovarioussystemsImustbecarefullysecuredtopreventmisuse.Theyfacesecuritychallengeslike
unauthorizedaccessIincreasedexploitationrisksduetointeractionwithmultiplesystemsIandvulnerabilitiesindecision-makingprocesses.Ifsomeonegains
controlofanautonomousagent,theconsequencescouldbesevere,especiallyincriticalsystems.Ensuringrobustaccesscontrolsandencryptionmethodsto
protectagainstthisisessential.Ensuringdataintegrityandconfidentialityis
criticalIasagentsoftenhandlesensitiveinformationitisimportanttosecuredataatallstagesIincludingat-restIinmotionIandaccessthroughsecuredAPIs.Theirautonomyalsoposesrisksofunintendedorharmfuldecisionswithoutoversight.RobustauthenticationIencryptionImonitoringIandfail-safemechanismsare
essentialtomitigatethesesecurityrisks.ObservabilityandTraceabilitysolutionsthatmonitortheentirelifecycleoftheAgents(DesignIDevelopmentIDeploymentIandVisibilityondecision-making)mustbeconsideredtoensurereal-time
correctionsusingahumans-in-the-loopprocesscanbeenforced.
Version1.07of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMPlug-ins,Extensions
Plug-insareextensionsoradd-onsthatintegrateLLMsintoexistingapplicationsorplatformsIenablingthemtoprovideenhancedornewfunctionalities.Plug-instypicallyserveasabridgebetweentheLLMandtheapplicationIfacilitatingseamlessintegrationIsuchasaddingalanguagemodeltoawordprocessorforgrammarcorrectionorintegratingwithcustomerrelationshipmanagement(CRM)systemsforautomatedemailresponses.
Whileitcanbesometimesdi代culttodrawthelinebetweenAgentsandplug-insorextensionswhichareoftencomponentsoflargerapplicationsIonemeasureisthewayitisdeployedandused.ForexampleIaplug-inwouldbeapre-builtagendesignedforreusethatyoucallexplicitlyIthroughanAPIIoraspartofanLLMspluginorextensionframeworkvs.customcoderunninginthebackgroundonaperiodicbasis.
KeyCharacteristics
oModularityandFlexibility
oSeamlessIntegration
oTaskSpecificFocus
oEaseofDeploymentandUse
oRapidUpdatesandMaintenance
UseCaseExamples
oContentGenerationTools
oTextSummarizationApplications
SecurityChallenges
oPluginsinteractingwithsensitivedataorcriticalsystemsmustbecarefullyvettedforsecurityvulnerabilities.Poorlydesignedormaliciouspluginscancausedatabreachesorunauthorizedaccess.LLMpluginsfacechallengeslikecompatibilityissuesIwhereupdatescanintroducevulnerabilitiesIandintegrationwithsensitivesystemsincreasestheriskofdataleaks.EnsuringsecureAPIinteractionsIregularupdatesIandrobustaccesscontrolsiscrucial.Resource-intensivepluginsmaydegradeperformanceIriskingexploitation.
o
Version1.08of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
ComplexApplications
ComplexapplicationsaresophisticatedsoftwaresystemsthatdeeplyintegrateLargeLanguageModels(LLMs)asacentralcomponenttoprovideadvancedfunctionalitiesandsolutions.TheseapplicationsarecharacterizedbytheircomprehensivescopeIscalabilityIandtheintegrationofmultipletechnologiesandcomponents.TheyaretypicallydesignedtosolveintricateproblemsIofteninenterpriseenvironmentsIandrequireextensivedevelopmentIengineeringIandongoingmaintenanceefforts.
KeyCharacteristics
oMulti-componentarchitecturesaredesignedtoprocesspromptsfromothernon-humansystems.
oOftenusemultipleintegrationsIincludingothermodels.
oMulti-ComponentArchitecture
oScalabilityandPerformance
oAdvancedFeaturesandCustomization
oEnd-to-EndWorkflowAutomation
UseCaseExamples
oLegalDocumentAnalysisPlatforms
oAutomatedFinancialReportingSystems
oCustomerServicePlatforms
oHealthcareDiagnostics
SecurityChallenges
oComplexLLMapplicationsfacemajorsecuritychallengesduetotheirintegrationwithmultiplesystemsandextensivedatahandling.TheseincludeAPIvulnerabilitiesIdatabreachesIandadversarialattacks.ThecomplexityincreasestheriskofmisconfigurationsIleadingtounauthorizedaccessordataleaks.Managingcomplianceacrosscomponentsisalsodi代cult.RobustencryptionIaccesscontrolsIregularsecurityauditsIandcomprehensivemonitoringareessentialtoprotecttheseapplicationsfromsophisticatedthreatsandensuredatasecurity.
Version1.09of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMDevelopmentandConsumptionModels
OneofthefirstconsiderationsforanorganizationisdecidingupontheapproachtoleveragingLLMcapabilitiesbasedonthetypeofapplicationandgoalsfortheproject.TodayIdevelopershaveachoiceoftwoprimarydeploymentmodelswhenimplementingLLM-basedapplicationsandsystems.
CreateaNewModel:ThetrainingprocessforcustomLLMsisintensiveIofteninvolvingdomain-specificdatasetsandextensivefine-tuningtoachievedesiredperformancelevels.ThisapproachismoreakintoMLOpsbuildingMLmodelsfromthegroundupIwithdetaileddataanalysisIcollectionformattingIcleaningIandlabeling.Oneofthebenefitsofthisapproachisthatyouknowthelineageandsourceofthedatathemodelisbuiltonandcanattestdirectlytoitsvalidityandfit.HoweverIamajordownsideistheresourcesIcostIandexpertisenecessarytobuildItrainIandverifyamodelthatmeetstheprojectobjectives.CustomLLMsprovidetailoredsolutionsoptimizedforspecifictasksanddomainsIofferinghigheraccuracyandalignmentwithanorganization'sspecificneeds.
ConsumeandCustomizeExistingModels:Pre-trained(foundation)modelsIwhetherself-hostedorofferedasaserviceIsuchaswithChatGPTIBertandothersontheotherhandprovideamoreaccessibleentrypointfororganizations.ThesemodelscanbequicklydeployedviaAPIsIallowingforrapidsolutionvalidationandintegrationintoexistingsystems.TheLLMOpsprocessinthisscenarioemphasizescustomizationthroughfine-tuningwithspecificdatasetsIensuringthemodelmeetstheapplication'suniquerequirementsIfollowedbyrobustdeploymentandmonitoringtomaintainperformanceandsecurity.
Version1.010of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMOpsandLLMSecOpsDefined
HavingacommonviewoftypicalLLMapplicationarchitecturesIincludingagentsImodelsILLMsIandtheMLapplicationstackIiscrucialfordefiningandaligningtheapplicationstackandsecuritymodel.
(figure:LLMOpsrelatedOperationsProcessforDataIMachineLearningandDevOps)
AQuickOPsPrimer-FoundationforLLMOPs
DevOpsIwhichemphasizescollaborationIautomationIandcontinuousintegrationanddeployment(CI/CD)Ihaslaidthegroundworkfore代cientsoftwaredevelopmentandoperations.BystreamliningthesoftwaredevelopmentlifecycleIDevOpsenablesrapidandreliabledeliveryofapplicationsIfosteringacultureofcollaborationbetweendevelopmentandoperationsteams.
DataOpsbuildsonDevOpsIwheredatapipelinesaremanagedwithsimilarautomationIversioncontrolIandcontinuousmonitoringIensuringdataqualityandcomplianceacrossthedatalifecycle.MLOpsalsoextendstheDevOpsprinciplestomachinelearningIfocusingontheuniquechallengesofmodeldevelopmentItrainingIdeploymentIandmonitoring.UtilizingDevOpsasafoundationensuresthatbothDataOpsandMLOpsinheritarobustinfrastructurethatprioritizese代ciencyIscalabilityIsecurityIandfasterinnovationindata-drivenandmachinelearningapplications.
MLOpsandDataOpsarefoundationaltoLLMOpsbecausetheyestablishthecriticalprocessesandinfrastructureneededformanagingthelifecycleoflargelanguagemodels(LLMs).DataOpsensuresthatdatapipelinesaree代cientlymanagedIfromdatacollectionandpreparationtostorageandretrievalIprovidinghigh-qualityIconsistentIandsecuredatathatLLMsrelyonfortrainingandinference.MLOpsextendstheseprinciplesbyautomatingandorchestratingthemachinelearninglifecycleIincludingmodeldevelopmentItrainingIdeploymentIandmonitoring.
Version1.011of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMOpsandMLOpsIwhilerootedinthesamefoundationalprinciplesoflifecyclemanagementIdivergesignificantlyintheirfocusandrequirementsduetothespecificdemandsoflargelanguagemodels(LLMs).LLMOpsencompassesthecomplexitiesoftrainingIdeployingIandmanagingLLMsIwhichrequiresubstantialcomputationalresourcesandsophisticatedhandling.LLMOpsensurethatLLMsaree代cientlyintegratedintoproductionenvironmentsImonitoredforperformanceandbiasesIandupdatedasneededtomaintaintheireffectiveness.ThisholisticapproachensuresthatthedeploymentandoperationofLLMsarestreamlinedIscalableIandsecureIincludingconsiderationsfordatavalidationandprovenancetoensurethatthedatausedfortrainingandfine-tuningLLMsistrustworthyandfreefromtampering.Thiscanincludetechniquesfordataauditingandverification.
LLMOPsLifeCycleStages-FoundationforLLMDevSecOPs
AsmentionedearlierinthisdocumentItoalignsecuritysolutionsforLLMapplicationsforoursolutionguideweareusingtheLLMOpsprocesstodefinethesolutioncategoriessothattheyalignwiththechallengesdevelopersarefacingindevelopinganddeployingLLM-basedapplications.
(figure:CombinedLLMCustomandLLMPre-TrainedImage)
TheLLMOpsprocessesdiffersignificantlybetweenusingpre-trainedLLMmodelsforapplicationdevelopmentandcreatingcustomLLMmodelsfromscratchusingopen-sourceandcustomdatasetsIwhichinheritmorefromMLOpspracticeswithsomeadditions.WefirstneedtodefinethestagesIthetypicaldevelopertasksIandthesecuritystepsateachstageofthelifecycle.
Version1.012of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
(figure:LLMopsPre-TrainedProcessandSteps)
Thesephaseswehavedefinedinclude:Scope/PlanIModelFine-Tuning/DataAugmentationITest/EvaluateIReleaseIDeployIOperateIMonitorIandGovern.OfcourseIthisisaniterativeapproachIwhetheryouarepracticingwaterfallIagileIorahybridapproacheachofthesestepscanbeleveraged.
Scoping/Planning
Thefocusisondefiningtheapplication'sgoalsIunderstandingthespecificneedstheLLMwilladdressIanddetermininghowthepre-trainedmodelwillbeintegratedintothelargersystem.ThisstageinvolvesgatheringrequirementsIassessingpotentialethicalandcomplianceconsiderationsIandsettingclearobjectivesforperformanceIscalabilityIanduserinteraction.TheoutcomeisadetailedprojectplanthatoutlinesthescopeIresourcesIandtimelinesneededtoimplementtheLLM-poweredapplicationsuccessfully.
TypicalActivities:
LLMOps
LLMSecOps
●
DataSuitability
●
AccessControlandAuthentication
●
ModelSelection
Planning
●
Requirem
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 员工岗位变动及薪酬调整合同
- 东营市胜利油建小学一年级数学加减法练习题
- 东莞市黄江翰杰小学一年级数学加减法练习题
- 小学二年级语文期末考试题目
- 2025年英语情景剧社团总结
- 建筑工程抗震设计标准及应用分析
- 雨水沟施工方案
- 酒店服务质量提升方案与实施步骤
- 项目市场调研报告案例范文
- 2025年四川省什邡市高三历史上册期末考试自测卷【基础题】附答案
- 【小学】【纪律主题】班会:-碎嘴子的代价【课件】
- 电力5G通信模组测试规范
- (2025版)微针点阵射频临床应用专家共识
- 2025年注册会计师公司战略与风险管理试题测试题及答案
- GB/T 19861-2026丙烯酸系阴离子交换树脂交换容量测定方法
- 计算机新技术简介
- 雨课堂学堂在线学堂云《The intangible cultural heritage textile - let the world understand the beauty of China(天津工业)》单元测试考核答案
- 2026年及未来5年中国MMA行业市场全景分析及投资战略规划报告
- 汛期矿山安全培训课件
- 弱电监控系统设备日常巡检表模板
- DB65∕T 4397-2021 戈壁地酸枣直播造林技术规程
评论
0/150
提交评论