版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
updatedQuarterly
|GenAI,LLMSecOpsandSecuritySolutionLandscape
RevisionHistory
Revision
Date
Authors
Description
.01
6/4/2024
ScottClinton
InitialDraftICharter
.05
8/10/2024
ScottClintonI
ContributorsInputs
Updatedwithinitialfeedback
.06
10/15/2024
ScottClintonI
ContributorsIReviewerInputs
Re-factorSolutions
LandscapecategoriesI
1.0
10/15/2024
ContributorsIReviewers
FinalReleaseCandidate
TheinformationprovidedinthisdocumentdoesnotIandisnotintendedtoIconstitutelegaladvice.Allinformationisforgeneralinformationalpurposesonly.Thisdocumentcontainslinkstootherthird-partywebsites.SuchlinksareonlyforconvenienceIandOWASPdoesnotrecommend
orendorsethecontentsofthethird-partysites.
LicenseandUsage
ThisdocumentisIicensedunderCreativeCommons,CCBY-SA4.0Youarefreeto:
●Share—copyandredistributethematerialinanymediumorformat
●Adapt—remixItransformIandbuilduponthematerialforanypurposeIevencommercially.
●Underthefollowingterms:
oAttribution—YoumustgiveappropriatecreditIprovidealinktothelicenseIandindicateifchangesweremade.Youmaydosoinanyreasonablemannerbutnotinanywaythatsuggeststhelicensorendorsesyouoryouruse.
oAttributionGuidelines-mustincludetheprojectnameaswellasthenameoftheassetReferenced
■OWASPTop10forLLMs-LLMSecOpsSolutionsLandscape
■OWASPTop10forLLMs-CyberSecuritySolutionandLLMSecOpsLandscapeGuide
●ShareAlike—IfyouremixItransformIorbuilduponthematerialIyoumustdistributeyourcontributionsunderthesamelicenseastheoriginal.
Linktofulllicensetext:
/licenses/by–sa/4.0/legalcode
TheinformationprovidedinthisdocumentdoesnotIandisnotintendedtoIconstitutelegaladvice.Allinformationisfor
generalinformationalpurposesonly.Thisdocumentcontainslinkstootherthird-partywebsites.Suchlinksareonlyfor
convenienceandOWASPdoesnotrecommendorendorsethecontentsofthethird-partysites.
Version1.01of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
Contents
WhoIsThisDocumentFor? 3
Objectives 3
Scope 3
Introduction 4
DefiningtheSecuritySolutionsLandscape 4
LandscapeConsiderations 4
LLMApplicationCategories,SecurityChallenges 5
StaticPromptAugmentationAppIications 6
AgenticAppIications 7
LLMPIug-ins,Extensions 8
CompIexAppIications 9
LLMDevelopmentandConsumptionModels 10
LLMOpsandLLMSecOpsDefined 11
AQuickOpsPrimer-FoundationforLLMOps 11
LLMOpsLifeCYcIeStages-FoundationforLLMDevSecOps 12
Scoping/PIanning 13
DataAugmentationandFine-Tuning 14
AppIicationDeveIopmentandExperimentation 14
TestandEvaIuation 15
ReIease 15
DepIoY 16
Operate 16
Monitor 17
Govern 18
MappingtotheOWASPTop10forLLMThreatModeI 18
AppIicationServices 19
ProductionServices 19
OWASPTop10forLLMsSolutionsLandscape 20
EmergingGenAI/LLM-SpecificSecuritYSoIutions 21
LLM&GenerativeAISecuritYSoIutions 22
SoIutionLandscapeMatrixDefinitions 22
LandscapeSoIutionMatrix 23
Acknowledgements 29
OWASPTop10forLLMProjectSponsors 30
References 31
ProjectSupporters 32
Version1.02of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
WhoIsThisDocumentFor?
ThisdocumentistailoredforadiverseaudiencecomprisingdevelopersIAppSecprofessionalsIDevSecOpsandMLSecOpsteamsIdataengineersIdatascientistsICISOsIandsecurityleaderswhoarefocusedondevelopingstrategiestosecureLargeLanguageModels(LLMs)andGenerativeAIapplications.ItprovidesareferenceguideofthesolutionsavailabletoaidinsecuringLLMapplicationsIequippingthemwiththeknowledgeandtoolsnecessarytobuildrobustIsecureAIapplications.
Objectives
ThisdocumentisintendedtobeacompaniontotheOWASPTop10forLargeLanguageModel(LLM)ApplicationsListandtheCISOCybersecurity&GovernanceChecklist.Itsprimaryobjectiveistoprovideareferenceresourcefororganizationsseekingtoaddresstheidentifiedrisksandenhancetheirsecurityprograms.Whilenotdesignedtobeanall-inclusiveresourceIthisdocumentoffersaresearchedpointofviewbasedonthetopsecuritycategoriesandemergingthreatareas.Itcapturesthemostimpactfulexistingandemergingcategories.BycategorizingIdefiningIandaligningapplicabletechnologysolutionareaswiththeemergingLLMandgenerativeAIthreatlandscapeIthisdocumentaimstosimplifyresearcheffortsandserveasasolutionsreferenceguide.
Scope
ThescopeofthisdocumentistocreateashareddefinitionofsolutioncategoryareasthataddressthesecurityoftheLLMandgenerativeAIlifecycleIfromdevelopmenttodeploymentandusage.ThisalignmentsupportstheOWASPTop10ListForLLMsoutcomesandtheCISOCybersecurityandGovernanceChecklist.ToachievethisIthedocumentwillcreateaninitialframeworkandcategorydescriptorsIutilizingbothopen-sourcesolutionsandprovidingmechanismsforsolutionproviderstoaligntheirofferingswithspecificcoverageareasasexamplestosupporteachcategory.
Thedocumentadherestoseveralkeyrulestomaintainitsintegrityandusefulness:
●Vendor-AgnosticandOpenApproach:ItmaintainsaneutralstanceIavoidingrecommendationsofonetechnologyoveranotherIinsteadprovidingcategoryguidancewithchoicesandoptions.
●Straightforward,ActionableGuidance:ThedocumentoffersclearIactionableadvicethatorganizationscanreadilyimplement.
●CoordinatedKnowledgeGraph:ItincludescoordinatedtermsIdefinitionsIanddescriptionsforkeyconcepts.
●PointtoExistingStandards:WhereexistingstandardsorsourcesoftruthareavailableIthedocumentreferencestheseinsteadofcreatingnewsourcesIensuringconsistencyandreliability.
Version1.03of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
Introduction
WiththegrowthofGenerativeAIadoption,usage,andappIicationdeveIopmentcomesnewrisksthataffecthoworganizationsstrategizeandinvest.AstheserisksevoIve,sodoriskmitigationsoIutions,technoIogies,frameworks,andtaxonomies.ToaidsecurityIeadersinprioritization,conversationsaboutemergingtechnoIogyandsoIutionareasmustbeaIignedappropriateIytocIearIyunderstoodbusinessoutcomesforAIsecuritysoIutions.ThebusinessoutcomesofAIsecuritysolutionsmustbeproperlydefinedtoaidsecurityleadersinbudgeting
ManyorganizationshavealreadyinvestedheavilyinvarioussecuritytoolsIsuchasvulnerabilitymanagementsystemsIidentityandaccessmanagement(IAM)solutionsIendpointsecurityIDynamicApplicationSecurityTesting(DAST)IobservabilityplatformsIandsecureCI/CD(ContinuousIntegration/ContinuousDeployment)toolsItonameafew.HoweverIthesetraditionalsecuritytoolsmaynotbesu代cienttofullyaddressthecomplexitiesofAIapplicationsIleadingtogapsinprotectionthatmaliciousactorscanexploit.ForexampleItraditionalsecuritytoolsmaynotsu代cientlyaddresstheuniquedatasecurityandsensitiveinformationdisclosureprotectioninthecontextofLLMandGenAIapplications.ThisincludesbutisnotlimitedtothechallengesofsecuringsensitivedatawithinpromptsIoutputsIandmodeltrainingdataIandthespecificmitigationstrategiessuchasencryptionIredactionIandaccesscontrolmechanisms.
EmergentsolutionslikeLLMFirewallsIAI-specificthreatdetectionsystemsIsecuremodeldeploymentplatformsIandAIgovernanceframeworksattempttoaddresstheuniquesecurityneedsofAI/MLapplications.HoweverItherapidevolutionofAI/MLtechnologyanditsapplicationshasdrivenanexplosionofsolutionapproachesIwhichhasonlyaddedtotheconfusionfacedbyorganizationsindeterminingwheretoallocatetheirsecuritybudgets.
DefiningtheSecuritySolutionsLandscape
TherehavebeenmanyapproachestocharacterizingthesolutionslandscapeforLargeLanguageModeltoolsandinfrastructure.InordertodevelopasolutionslandscapethatfocusesonthesecurityofLLMapplicationsacrossthelifecyclefromplanningIdevelopmentIdeploymentIandoperationItherearefourkeyareasofinputwehavefocusedontodevelopbothadefinitionforLargeLanguageModelDevSecOPsandrelatedsolutionslandscapecategories.
LandscapeConsiderations
ApplicationTypesandScope-whichimpactsthepeopleIprocessesIandtoolsneededbasedonthecomplexityoftheapplicationandtheLLMenvironmentIas-a-serviceIself-hostedIorcustom-built.
EmergingLLMSecOpsProcess-whilethisisaworkinprogressImanyarelookingtoadaptandadoptexistingDevOpsandMLOpsandassociatedsecuritypractices.WeexpectourdefinitiontoevolveasthedevelopmentprocessesforLLMapplicationsbegintomature.
Version1.04of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
ThreatandRiskModeling-understandingtherisksposedbyLLMsystemsIapplicationusageIormisuselikethoseoutlinedintheOWASPTop10forLLMsandGenerativeAIApplicationsIarekeytounderstandingwhichsolutionsarebestsuitedtoimprovethesecuritypostureandcombatarangeofattacks.
TrackingEmergingSolutions-manyexistingsecuritysolutionsareadaptingtosupportLLMdevelopmentworkflowsandusecaseshowevergiventhenatureofnewthreatsandevolvingtechnologyandarchitecturesnewtypesofLLM-specificsecuritysolutionswillbenecessary.
LLMApplicationCategories,SecurityChallenges
OrganizationshavebeenleveragingMachineLearninginapplicationsfordecades.ThisoftenrequireddetailedexpertiseinDataScienceandextensivemodeltraining.GenerativeAIhaschangedthis.SpecificallyILargeLanguageModels(LLMs)havemademachinelearningtechnologywidelyaccessible.Theabilitytodynamicallyinteractinplainlanguagehasopenedthedoorforthecreationofanewclassofdata-drivenapplicationsandapplicationintegrations.FurthermoreIusageisnolongerlimitedtothehighlyskilledeffortsoftraditionaldevelopersanddatascientists.Pre-trainedmodelsenablenearlyanyonetoperformcomplexcomputationaltasksIregardlessofpriorexposuretoprogrammingorsecurity.OrganizationshavebeenleveragingMachineLearninginapplicationsfordecadesincludingNaturalLanguageProcessing(NLP)modelsthatoftenrequiredetailedexpertiseinDataScienceandextensivemodeltraining.
Withtheadventoftransformerstechnologyenablinggenerativecapabilitiescombinedwiththeeaseofaccessforpre-trainedas-a-servicemodelslikeChatGPTandotheras-a-serviceIFourmajorcategoriesofLLMApplicationArchitectureemerged;Prompt-centricIAIAgentsIPlug-ins/extensionsIandcomplexgenerativeAIapplicationwheretheLLMplaysakeyroleinalargerapplicationusecase.
(figure:ApplicationCategories&SummaryAttributes)
HavingacommonviewoftypicalLLMapplicationarchitecturesIincludingagentsImodelsILLMsIandtheMLapplicationstackIiscrucialfordefiningandaligningtheapplicationstackIsecuritymodelIandapplicationofferings.BelowIwehaveprovidedashortdescriptionofkeycharacteristicsIusecasesIandsecuritychallengesforeachapplicationcategory.
Version1.05of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
StaticPromptAugmentationApplications
TheseapplicationsinvolvespecificstaticnaturaIIanguageinputstoguidethebehaviorofa
largelanguagemodel(LLM)towardgeneratingthedesiredoutput.Thistechniqueoptimizestheinteractionbetweentheuserandthemodelbyfine-tuningthephrasingIcontextIandinstructionsgiventotheLLM.Theseapplicationsallowuserstoaccomplishawiderangeoftasksbysimply
refininghowtheyaskquestionsorprovideinstructions.
KeyCharacteristics
oHumantomodel/modeltohumaninteractionandresponse
oStaticpromptaugmentation
oFlexibilityandCreativity
oSimplicityandAccessibility
oRapidPrototypingandExperimentation
UseCaseExamples
oExperimentation/RapidPrototyping
oContentGenerationTools
oTextSummarizationApplications
oQuestion-AnsweringSystems
oLanguageTranslationTools
oChatbotsandVirtualAssistants
SecurityChallenges
oPrompt-basedapplicationsfacesecurityriskslikepromptinjectionattacksand
dataleakagefrompoorlycraftedprompts.Lackofcontextorstatemanagement
canleadtounintendedoutputsIincreasingmisusevulnerability.User-generated
promptsmaycauseinconsistentorbiasedresponsesIriskingcomplianceorethicalviolations.EnsuringpromptintegrityIrobustinputvalidationIandsecuringtheLLMenvironmentarecrucialtomitigatetheserisks.
Version1.06of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
AgenticApplications
TheseapplicationsleverageLargeLanguageModels(LLMs)toautonomouslyorsemi-autonomouslyperformtasksImakedecisionsIandinteractwithusersorothersystems.TheseagentsaredesignedtoactonbehalfofusersIhandlingcomplexprocessesthatofteninvolvemultiplestepsIintegrationsIandreal-timedecision-making.TheyoperatewithalevelofautonomyIallowingthemtocompletetaskswithoutconstanthumanintervention.
KeyCharacteristics
oAutonomyandDecision-Making
oInteractionwithExternalSystems
oStateManagementandMemory
oComplexWorkflowAutomation
oHuman-AgentCollaboration
UseCaseExamples
oVirtualAssistants
oCustomerSupportBots
oProcessAutomationAgents
oDataAnalysisandReportingAgents
oIntelligentPersonalizationAgents
oSecurityandComplianceAgents
SecurityChallenges
oAgentapplicationsIwiththeirautonomyandaccesstovarioussystemsImustbecarefullysecuredtopreventmisuse.Theyfacesecuritychallengeslike
unauthorizedaccessIincreasedexploitationrisksduetointeractionwithmultiplesystemsIandvulnerabilitiesindecision-makingprocesses.Ifsomeonegains
controlofanautonomousagent,theconsequencescouldbesevere,especiallyincriticalsystems.Ensuringrobustaccesscontrolsandencryptionmethodsto
protectagainstthisisessential.Ensuringdataintegrityandconfidentialityis
criticalIasagentsoftenhandlesensitiveinformationitisimportanttosecuredataatallstagesIincludingat-restIinmotionIandaccessthroughsecuredAPIs.Theirautonomyalsoposesrisksofunintendedorharmfuldecisionswithoutoversight.RobustauthenticationIencryptionImonitoringIandfail-safemechanismsare
essentialtomitigatethesesecurityrisks.ObservabilityandTraceabilitysolutionsthatmonitortheentirelifecycleoftheAgents(DesignIDevelopmentIDeploymentIandVisibilityondecision-making)mustbeconsideredtoensurereal-time
correctionsusingahumans-in-the-loopprocesscanbeenforced.
Version1.07of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMPlug-ins,Extensions
Plug-insareextensionsoradd-onsthatintegrateLLMsintoexistingapplicationsorplatformsIenablingthemtoprovideenhancedornewfunctionalities.Plug-instypicallyserveasabridgebetweentheLLMandtheapplicationIfacilitatingseamlessintegrationIsuchasaddingalanguagemodeltoawordprocessorforgrammarcorrectionorintegratingwithcustomerrelationshipmanagement(CRM)systemsforautomatedemailresponses.
Whileitcanbesometimesdi代culttodrawthelinebetweenAgentsandplug-insorextensionswhichareoftencomponentsoflargerapplicationsIonemeasureisthewayitisdeployedandused.ForexampleIaplug-inwouldbeapre-builtagendesignedforreusethatyoucallexplicitlyIthroughanAPIIoraspartofanLLMspluginorextensionframeworkvs.customcoderunninginthebackgroundonaperiodicbasis.
KeyCharacteristics
oModularityandFlexibility
oSeamlessIntegration
oTaskSpecificFocus
oEaseofDeploymentandUse
oRapidUpdatesandMaintenance
UseCaseExamples
oContentGenerationTools
oTextSummarizationApplications
SecurityChallenges
oPluginsinteractingwithsensitivedataorcriticalsystemsmustbecarefullyvettedforsecurityvulnerabilities.Poorlydesignedormaliciouspluginscancausedatabreachesorunauthorizedaccess.LLMpluginsfacechallengeslikecompatibilityissuesIwhereupdatescanintroducevulnerabilitiesIandintegrationwithsensitivesystemsincreasestheriskofdataleaks.EnsuringsecureAPIinteractionsIregularupdatesIandrobustaccesscontrolsiscrucial.Resource-intensivepluginsmaydegradeperformanceIriskingexploitation.
o
Version1.08of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
ComplexApplications
ComplexapplicationsaresophisticatedsoftwaresystemsthatdeeplyintegrateLargeLanguageModels(LLMs)asacentralcomponenttoprovideadvancedfunctionalitiesandsolutions.TheseapplicationsarecharacterizedbytheircomprehensivescopeIscalabilityIandtheintegrationofmultipletechnologiesandcomponents.TheyaretypicallydesignedtosolveintricateproblemsIofteninenterpriseenvironmentsIandrequireextensivedevelopmentIengineeringIandongoingmaintenanceefforts.
KeyCharacteristics
oMulti-componentarchitecturesaredesignedtoprocesspromptsfromothernon-humansystems.
oOftenusemultipleintegrationsIincludingothermodels.
oMulti-ComponentArchitecture
oScalabilityandPerformance
oAdvancedFeaturesandCustomization
oEnd-to-EndWorkflowAutomation
UseCaseExamples
oLegalDocumentAnalysisPlatforms
oAutomatedFinancialReportingSystems
oCustomerServicePlatforms
oHealthcareDiagnostics
SecurityChallenges
oComplexLLMapplicationsfacemajorsecuritychallengesduetotheirintegrationwithmultiplesystemsandextensivedatahandling.TheseincludeAPIvulnerabilitiesIdatabreachesIandadversarialattacks.ThecomplexityincreasestheriskofmisconfigurationsIleadingtounauthorizedaccessordataleaks.Managingcomplianceacrosscomponentsisalsodi代cult.RobustencryptionIaccesscontrolsIregularsecurityauditsIandcomprehensivemonitoringareessentialtoprotecttheseapplicationsfromsophisticatedthreatsandensuredatasecurity.
Version1.09of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMDevelopmentandConsumptionModels
OneofthefirstconsiderationsforanorganizationisdecidingupontheapproachtoleveragingLLMcapabilitiesbasedonthetypeofapplicationandgoalsfortheproject.TodayIdevelopershaveachoiceoftwoprimarydeploymentmodelswhenimplementingLLM-basedapplicationsandsystems.
CreateaNewModel:ThetrainingprocessforcustomLLMsisintensiveIofteninvolvingdomain-specificdatasetsandextensivefine-tuningtoachievedesiredperformancelevels.ThisapproachismoreakintoMLOpsbuildingMLmodelsfromthegroundupIwithdetaileddataanalysisIcollectionformattingIcleaningIandlabeling.Oneofthebenefitsofthisapproachisthatyouknowthelineageandsourceofthedatathemodelisbuiltonandcanattestdirectlytoitsvalidityandfit.HoweverIamajordownsideistheresourcesIcostIandexpertisenecessarytobuildItrainIandverifyamodelthatmeetstheprojectobjectives.CustomLLMsprovidetailoredsolutionsoptimizedforspecifictasksanddomainsIofferinghigheraccuracyandalignmentwithanorganization'sspecificneeds.
ConsumeandCustomizeExistingModels:Pre-trained(foundation)modelsIwhetherself-hostedorofferedasaserviceIsuchaswithChatGPTIBertandothersontheotherhandprovideamoreaccessibleentrypointfororganizations.ThesemodelscanbequicklydeployedviaAPIsIallowingforrapidsolutionvalidationandintegrationintoexistingsystems.TheLLMOpsprocessinthisscenarioemphasizescustomizationthroughfine-tuningwithspecificdatasetsIensuringthemodelmeetstheapplication'suniquerequirementsIfollowedbyrobustdeploymentandmonitoringtomaintainperformanceandsecurity.
Version1.010of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMOpsandLLMSecOpsDefined
HavingacommonviewoftypicalLLMapplicationarchitecturesIincludingagentsImodelsILLMsIandtheMLapplicationstackIiscrucialfordefiningandaligningtheapplicationstackandsecuritymodel.
(figure:LLMOpsrelatedOperationsProcessforDataIMachineLearningandDevOps)
AQuickOPsPrimer-FoundationforLLMOPs
DevOpsIwhichemphasizescollaborationIautomationIandcontinuousintegrationanddeployment(CI/CD)Ihaslaidthegroundworkfore代cientsoftwaredevelopmentandoperations.BystreamliningthesoftwaredevelopmentlifecycleIDevOpsenablesrapidandreliabledeliveryofapplicationsIfosteringacultureofcollaborationbetweendevelopmentandoperationsteams.
DataOpsbuildsonDevOpsIwheredatapipelinesaremanagedwithsimilarautomationIversioncontrolIandcontinuousmonitoringIensuringdataqualityandcomplianceacrossthedatalifecycle.MLOpsalsoextendstheDevOpsprinciplestomachinelearningIfocusingontheuniquechallengesofmodeldevelopmentItrainingIdeploymentIandmonitoring.UtilizingDevOpsasafoundationensuresthatbothDataOpsandMLOpsinheritarobustinfrastructurethatprioritizese代ciencyIscalabilityIsecurityIandfasterinnovationindata-drivenandmachinelearningapplications.
MLOpsandDataOpsarefoundationaltoLLMOpsbecausetheyestablishthecriticalprocessesandinfrastructureneededformanagingthelifecycleoflargelanguagemodels(LLMs).DataOpsensuresthatdatapipelinesaree代cientlymanagedIfromdatacollectionandpreparationtostorageandretrievalIprovidinghigh-qualityIconsistentIandsecuredatathatLLMsrelyonfortrainingandinference.MLOpsextendstheseprinciplesbyautomatingandorchestratingthemachinelearninglifecycleIincludingmodeldevelopmentItrainingIdeploymentIandmonitoring.
Version1.011of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
LLMOpsandMLOpsIwhilerootedinthesamefoundationalprinciplesoflifecyclemanagementIdivergesignificantlyintheirfocusandrequirementsduetothespecificdemandsoflargelanguagemodels(LLMs).LLMOpsencompassesthecomplexitiesoftrainingIdeployingIandmanagingLLMsIwhichrequiresubstantialcomputationalresourcesandsophisticatedhandling.LLMOpsensurethatLLMsaree代cientlyintegratedintoproductionenvironmentsImonitoredforperformanceandbiasesIandupdatedasneededtomaintaintheireffectiveness.ThisholisticapproachensuresthatthedeploymentandoperationofLLMsarestreamlinedIscalableIandsecureIincludingconsiderationsfordatavalidationandprovenancetoensurethatthedatausedfortrainingandfine-tuningLLMsistrustworthyandfreefromtampering.Thiscanincludetechniquesfordataauditingandverification.
LLMOPsLifeCycleStages-FoundationforLLMDevSecOPs
AsmentionedearlierinthisdocumentItoalignsecuritysolutionsforLLMapplicationsforoursolutionguideweareusingtheLLMOpsprocesstodefinethesolutioncategoriessothattheyalignwiththechallengesdevelopersarefacingindevelopinganddeployingLLM-basedapplications.
(figure:CombinedLLMCustomandLLMPre-TrainedImage)
TheLLMOpsprocessesdiffersignificantlybetweenusingpre-trainedLLMmodelsforapplicationdevelopmentandcreatingcustomLLMmodelsfromscratchusingopen-sourceandcustomdatasetsIwhichinheritmorefromMLOpspracticeswithsomeadditions.WefirstneedtodefinethestagesIthetypicaldevelopertasksIandthesecuritystepsateachstageofthelifecycle.
Version1.012of34
|GenAI,LLMSecOpsandSecuritySolutionLandscape
(figure:LLMopsPre-TrainedProcessandSteps)
Thesephaseswehavedefinedinclude:Scope/PlanIModelFine-Tuning/DataAugmentationITest/EvaluateIReleaseIDeployIOperateIMonitorIandGovern.OfcourseIthisisaniterativeapproachIwhetheryouarepracticingwaterfallIagileIorahybridapproacheachofthesestepscanbeleveraged.
Scoping/Planning
Thefocusisondefiningtheapplication'sgoalsIunderstandingthespecificneedstheLLMwilladdressIanddetermininghowthepre-trainedmodelwillbeintegratedintothelargersystem.ThisstageinvolvesgatheringrequirementsIassessingpotentialethicalandcomplianceconsiderationsIandsettingclearobjectivesforperformanceIscalabilityIanduserinteraction.TheoutcomeisadetailedprojectplanthatoutlinesthescopeIresourcesIandtimelinesneededtoimplementtheLLM-poweredapplicationsuccessfully.
TypicalActivities:
LLMOps
LLMSecOps
●
DataSuitability
●
AccessControlandAuthentication
●
ModelSelection
Planning
●
Requirem
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 肋骨骨折患者疼痛的药物治疗护理
- 新生儿常见疾病识别与处理
- T-NMSP 75-2025 鄂尔多斯细毛羊肉
- 护理社区护理
- 肺气肿患者的呼吸阻力训练方法
- 支架术后社会支持系统构建
- 检验试剂购销合同模板(2篇)
- 销售工装楼梯合同模板(2篇)
- 店铺推广合作合同模板(2篇)
- 2026年湖州市中心医院医护人员招聘考试备考题库及答案详解
- 2025安全考试题及答案
- 2025年山西万家寨水务控股集团所属企业招聘笔试参考题库含答案解析
- 浙江省宁波镇海区六校联考2025届七年级英语第二学期期末调研模拟试题含答案
- 中医培训课件:《穴位敷贴疗法》
- 保险学 课件 第九章 健康保险与意外伤害保险
- 欠薪分期支付协议书
- 新版施工现场临时用电安全管理合同书模板
- 配套课件-文化市场营销学
- 职业道德与法治综合练习2024-2025学年中职高教版
- 南京信息工程大学《遥感数字图像处理》2023-2024学年第一学期期末试卷
- ISO13485与GMP的区别培训
评论
0/150
提交评论