LLM4Shell - Discovering and Exploiting RCE Vulnerabilities in LLM-Integrated Frameworks
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore the critical security risks associated with integrating Large Language Models (LLMs) into applications through frameworks like LangChain and LlamaIndex in this 36-minute Black Hat conference talk. Dive deep into the causes of Remote Code Execution (RCE) vulnerabilities, termed LLM4Shell, within LLM-Integrated frameworks. Discover the findings of a systematic investigation that uncovered 15 critical vulnerabilities across 8 popular frameworks, with 13 confirmed by developers and 9 CVE IDs assigned. Examine the exploitation of 51 LLM-Integrated applications, including 16 with RCE vulnerabilities and one susceptible to SQL injection. Learn about the automated prompt-based exploitation method and its real-world implications, from data theft to DoS and phishing attacks. Gain actionable insights and potential mitigations to secure LLM-Integrated frameworks and applications against these emerging threats.
Syllabus
LLM4Shell: Discovering and Exploiting RCE Vulnerabilities in Real-World LLM-Integrated Frameworks
Taught by
Black Hat