LASCON 2024

As developer teams initially rushed to adopt LLMs, they often did so without clear security protocols, leaving applications vulnerable. As AI utilization broadens, the industry is also facing the threat of excessive agency. This session will define three categories of Rogue AI that have come to light in recent months, including the Accidental, Subverted and The Malicious Rogue. The speaker will outline the risks of each and how to apply defenses for detecting and mitigating them, including tips from the OWASP Top 10 for LLM Applications on preventing Excessive Agency. The speaker will demonstrate how a defense in depth (OSI) model can counter potential evasions at each level and explain how to establish an advanced Zero Trust maturity model for effective defense. Attendees will walk away with the understanding they need to recognize intentional AI behaviors and detect/mitigate risks when an AI goes rogue.