Episode 72

Large Language Model (LLM) Risks and Mitigation Strategies

As machine learning algorithms continue to evolve, Large Language Models (LLMs) like GPT-4 are gaining popularity. While these models hold great promise in revolutionizing various functions and industries—ranging from content generation and customer service to research and development—they also come with their own set of risks and ethical concerns. In this episode, Rohan Sathe, Co-founder & CTO/Head of R&D at Nightfall.ai, and I review the LLM-related risks and how best to mitigate them.

Action Items and Discussion Highlights

  • Large Language Models (LLMs) are built on specialized machine learning models and architectures called transformer-based architectures, and they are leveraged in Natural Language Processing (NLP) contexts.
  • There's been a lot of ongoing work in using LLMs to automate customer support activities.
  • LLM usage has dramatically shifted to include creative capabilities such as image generation, copywriting, design creation, and code writing.
  • There are three main LLM attack vectors: a) Attacking the LLM Model directly, b) Attacking the infrastructure and integrations, and c)Attacking the application.
  • Prevention and mitigation strategies include a) Strict input validation and sanitization, b) Isolating the LLM environment from other critical systems and resources, c) Restricting the LLM's access to sensitive resources and limiting its capabilities to the minimum required for its intended purpose; d) Regularly audit and review the LLM's environment and access controls; e) Implement real-time monitoring to promptly detect and respond to unusual or unauthorized activities; and f) Establish robust governance around ethical development and use of LLMs.


Time Stamps



00:02 -- Introduction

01:54 -- Guest's Professional Highlights

02:50 -- Overview of Large Language Models (LLMs)

07:33 -- Common LLM Applications

08:53 -- AI-Safe Jobs and Skill Sets

11:41 -- LLM Related Risks

15:30 -- Protective Measures

19:09 -- Retrieval Augmented Generation (RAG)

20:57 -- Securing Sensitive Data

23:07 -- Selecting Appropriate Data Loss Protection Platforms

25:00 -- Human Involvement in Processing Alerts

26:56 -- Closing Thoughts



Memorable Rohan Sathe Quotes/Statements

"Large Language Models (LLMs) are built on specialized machine learning models and architectures called transformer-based architectures, and they are leveraged in Natural Language Processing (NLP) contexts. It is really just a computer program that has been fed enough examples to be able to recognize and interpret human language or other complex types of data. And this data comes from the internet."

"The quality of the LLM responses depends upon the data it's trained on."

"LLM is a type of deep learning model, and the goal is to understand how characters, words, and sentences function together and do that probabilistically."

"There's been a lot of ongoing work in using LLMs to automate customer support activities."

"The LLM usage has dramatically shifted to include creative capabilities such as image generation, copywriting, creating designs, and writing code."

"There are three kinds of core LLM attack vectors. One is just to attack the LLM model directly. The second is to attack the surrounding infrastructure and the integrations that the LLM has. The third is to attack the application that may use an LLM under the hood."

"I have seen a lot of infrastructure attacks and attacking the integrations around the LLMs. And then, of course, just the standard attack: attacking the software application that might be using an LLM under the hood."

"I think we're seeing this explosion of red teaming for AI. So folks are trying to see if these theoretical attacks are real attacks that will happen in the industry."

"There's the product security element, but there's also the corporate security. How are my employees using AI? What types of data are they sharing with AI? And so those are the types of things we see most commonly. So, I encourage your listeners to think about their product security and internal security programs for AI."



Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast, so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes release every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338

https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712

Latest Publications:

"Getting Cybersecurity Right,” California Management Review — Insights, July 8, 2024.

Published in USA Today — “Dave Chatterjee Drops the Cybersecurity Jargon, Encouraging Proactiveness Rather than Reactiveness,” April 8, 2024

Preventing Security Breaches Must Start at the Top

Mission Critical --How the American Cancer Society successfully and securely migrated to the cloud amid the pandemic



Latest Webinars & Podcasts with Dr. Chatterjee as the Guest

Cybersecurity Readiness: Essential Actions For CXOs, August 12, 2024

Non-profits and Cybersecurity, a CAPTRUST podcast

How can brands rethink data security to maintain customer trust?, A TELUS International podcast

Cybersecurity Readiness In the Age of Generative AI and LLM,” Let’s Talk About (Secur) IT Webinar, with Phillip de Souza

Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee, a HALO Security Webinar

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for The Cybersecurity Readiness Podcast Series
The Cybersecurity Readiness Podcast Series
with Dr. Dave Chatterjee

Listen for free

About your host

Profile picture for Dave Chatterjee

Dave Chatterjee

Dr. Debabroto 'Dave' Chatterjee is tenured professor in the Management Information Systems (MIS) department, at the Terry College of Business, The University of Georgia (UGA). He is also a Visiting Scholar at Duke University, affiliated with the Master of Engineering in Cybersecurity program in the Pratt School of Engineering. An accomplished scholar and technology thought leader, Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management – from technology sense-making to implementation and change management, data governance, internal controls, information security, and performance measurement. His work has been accepted and published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and Journal of Management Information Systems. Dr. Chatterjee’s research has been sponsored by industry and cited over two thousand times. His book Cybersecurity Readiness: A Holistic and High-Performance Approach was published by SAGE Publishing in March 2021.