Sichere Softwareentwicklung, Team
Cecilie_Arcurs/ iStock

Mastering Large Language Models: Seizing Opportunities, Managing Risks

Security in the Development and Use of Large Language Models - Intensive Course

Gain a comprehensive understanding of large language models (LLMs) and learn toidentify and avoid common security risks. Our intensive course provides knowledgeon the development and critical security challenges of LLMs. Through numerouspractical exercises, you will acquire skills in building LLM applications, advancedtechniques such as Prompt Engineering and Retrieval-Augmented Generation(RAG), and in analyzing security risks according to the OWASP Top 10 LLM Risks.Develop strategies against threats like prompt injection and model theft and integratesecurity assessments into industrial practices.

The Challenge

Complex LLM applications bring new security risks.

The increasing use of large language models (LLMs) in various applications andbusiness areas poses significant security challenges. LLMs are technically complexand not fully understood in their operation. Implementing and customizing thesemodels for specific applications requires comprehensive knowledge of tools such asthe HuggingFace Transformer library and techniques like RAG, LoRA, PEFT, etc.

LLM-based applications are vulnerable to specific attacks such as prompt injectionand model theft, as well as other risks represented in the OWASP Top 10 LLM Risks.Security experts, developers, and data scientists should be able to identify the risksassociated with using LLMs and develop and implement appropriate securitystrategies.

The Solution

Secure adaptation and use of LLM applications in a business environment.

In this intensive course, you will gain in-depth knowledge of the fundamentals andarchitectures of LLMs. Through practical examples, you will learn techniques forimplementing, customizing, and integrating LLM applications using models and toolsfrom the open-source community, thereby understanding the security aspects of LLMapplications from the ground up.

You will be trained to analyze security risks based on the OWASP Top 10 LLM Risksand develop strategies against threats such as prompt injection and model theft. Thetraining will provide you with practical fundamentals to efficiently assess the securityproperties of LLM applications and models. Additionally, security analyses aresystematically embedded in industry-relevant practices and processes such asDevOps and MLOps.

Your Benefits at a Glance

After the seminar, you will be able to:

  • Analyze, assess, and avoid security risks in LLM-based applications
  • Develop strategies against threats like prompt injection
  • Efficiently evaluate and optimize LLM models


This seminar offers you:

  • In-depth knowledge of LLM fundamentals and their development
  • Practical experience in implementing and customizing LLM applications
  • Intensive support for programming tasks
  • Use of open-source software and free models
  • Systematic application to industry-relevant practices and processes such as DevOps and MLOps

Details

Content:

  • Fundamentals of LLMs
  • Building an LLM application (introduction to Huggingface’s transformer library,Huggingface, Gradio)
  • Extending standard LLMs (several techniques like RAG or Finetuning forimprovement for specific applications)
  • Evaluation metrics (overview and application)
  • From prototype to production: MLOps
  • Security aspects of LLM-based applications
  • OWASP Top 10 risks for LLM applications


Learning Objectives:

  • Understand the development of LLMs in a temporal context and identify keyplayers in the field of artificial intelligence.
  • Explain the fundamental concepts and architectures of/for LLMs.
  • Understand the principles and practical basics of training, fine-tuning, andoperating open-source LLMs.
  • Implement an LLM application using transformers, Huggingface, and Gradio.
  • Apply and optimize techniques to improve standard LLMs for specificapplications.
  • Analyze and evaluate security risks in LLM-based applications using theOWASP Top 10.
  • Develop and implement security strategies against threats such as promptinjection and model theft.


Target Audience:

  • Data scientists
  • Software developers and security experts with practical knowledge of machinelearning


Prerequisites for participation in the seminar:

  • Programming experience with Python
  • Basic knowledge of machine learning


Instructors:

    Dorian Knoblauch (dorian.knoblauch@fokus.fraunhofer.de)

  • Over 5 years of professional experience in ML
  • Academic publications on research topics focused on ML, auditing, andtesting of AI and security
  • Trainer at the Fraunhofer Academy specializing in ML, security, andtesting

    Paul Ranly (paul.ranly@sit.fraunhofer.de)

  • Research work/publications in the fields of ML, NLP, and LLMs
  • Trainer at the Fraunhofer Academy

   

    Lukas Graner (lukas.graner@sit.fraunhofer.de)

  • Over 5 years of professional experience in ML
  • Academic publications on research topics focused on ML, imageprocessing, privacy, and NLP, e.g., authorship verification, LLMs
  • Consultancy work on authorship verification and detection of AI-generated texts
  • Trainer at the Fraunhofer Academy

Course Overview: "Mastering Large Language Models: Leveraging Opportunities, Managing Risks"

Duration

3,5 days (24 hours)

FormatIn-house, by arrangement
LanguageGerman or Englisch
InstructorsDorian Knoblauch, Lukas Graner, Paul Ranly
Target Audience

IT security experts, professionals, and specialists