From the course: Introduction to LLM Vulnerabilities

Unlock this course with a free trial

Join today to access over 24,000 courses taught by industry experts.

Insecure plugin design

Insecure plugin design

- [Instructor] Insecure plugin design is then us building code that will interact with a large language model in an insecure way. And for me, that basically means that we're going to trust implicitly what is coming back from the large language model and act on it to call some other code that could potentially be leveraged for remote execution. So in this case, we are going to take a look at this plugin that I have, plugins in different frameworks and in different types of large language model software development kits or SDKs will look slightly different and will be named slightly different in this case. And I'm going to scroll all the way to the top here, what we're going to be using is semantic_kernel, which is an actual framework for dealing with various types of different large language model services. In this case, you can see here I have connectors.ai.open_ai, and this is an AzureChatCompletion. So I'm going to be using Azure behind the scenes. Now, I'm not going to run this…

Contents