Large Language Models (LLMs) have emerged as a groundbreaking technology due to their remarkable natural language processing capabilities. They offer efficient and user-friendly solutions to complex problems, such as enabling interactive chatbots within web applications. As a result, many web applications are being developed to harness LLMs, catering to specific user needs. However, with the rapid proliferation of these applications, the importance of securing them is also growing.
This paper presents a systematic, easily extensible methodology for the security testing of LLM-based applications. The proposed approach consists of four phases designed to identify vulnerabilities in applications integrated with LLMs. It also discusses common attack vectors and outlines potential defense techniques. To demonstrate the effectiveness of this methodology, an experimental evaluation was conducted on popular applications from the GitHub repository. From the most widely used applications, fourteen were selected and analyzed, resulting in the identification of 24 vulnerabilities. The problems found were reported and subsequently fixed, resulting in the assignment of 16 Common Vulnerabilities and Exposures (CVEs) identifiers.
Autorzy: Dawid Nastaj, Wojciech Mazurczyk