LLMs and AI positioned to dominate the AppSec world

2023-07-20 04:30

A new research report explores emerging trends that software organizations need to consider as part of their security strategy, and risks associated with the use of existing open source software in application development.

In particular, as modern software development increasingly adopts distributed architectures and microservices alongside third party and open source components, the report tracks the astonishing popularity of ChatGPT's API, how current large language model-based AI platforms are unable to accurately classify malware risk in most cases, and how almost half of all applications make no calls at all to security-sensitive APIs in their code base.

Even though 71% of typical Java application code is from open source components, applications use only 12% of imported code.

Focusing specifically on LLM applications in security, the research uncovers how LLM can effectively create and hide malware, and even become a nemesis to defensive LLM applications.

Applications typically use only a small percentage of the open source components they integrate, while developers seldom understand the torrent of dependencies in each of those components.

To satisfy transparency requirements and protect the brand, it's important for organizations to go beyond standard SBOMs. They need to understand not only the list of components but also how they're being used within their applications, and which vulnerabilities are exploitable.

News URL

https://www.helpnetsecurity.com/2023/07/20/llm-applications-security-risks/

#AI #appsec