Large language models (LLMs) are the hot new thing in Artificial Intelligence (AI), promising to revolutionize everything from customer service to content creation while replacing humans along the way. For the folks not intimately familiar with an LLM, it is basically a computer program that's really good at understanding and using language. Imagine a super-powered version of a smartphone assistant (Siri, Alexa, etc), able to communicate and generate human-like text in response to a wide range of prompts and questions. They are getting better everyday to understanding a wide variety of requests but they aren't LLM backend yet, still prebuilt inputs and outputs. But before you rush to integrate one into your business, hold on to your britches or else you'll be experiencing far more negatives than positives.

To no surprise, LLMs are trained on massive amounts of data. We are talking hundreds of billions of parameters a few years ago to now tens of trillions, yes with a "T", in current models. This allows them to understand what the user is requesting (not just from a definition perspective but also the intent) and respond with a relevant and accurate answer. There is a potential problem here though in that data can be messy and full of biases and other issues. You've heard the phrase "crap data in equals crap data out"; same rules apply in training a LLM. This is solved by performing a task called data science, which we will get into shortly.

LLM security is more than ensuring encryption at rest and transport but since the system is designed to interact with the human language as an input so protecting what can be requested is highly important. Without proper guardrails, everyone can request all types of information that they shouldn't have access to like confidential, financial, or HR data like salaries, P&L, R&D, etc which could be devastating. Users can also tell the LLM to perform a certain way and give a specific output causing additional liability to the company. You've probably heard of this situation where someone told a chatbot to sell them a car for $1 and it did just that. Now that company is currently going through a legal battle to determine if they actually need to sell the car for that price which could've been avoided if they used proper mitigation techniques.

You really want to test the absolute crap out of these things. There is a lot that can go wrong with all of the possible outcomes like hallucinations, jailbreaking, and biases.

Hallucinations are where the LLM just makes stuff up because it doesn't know the answer (yes, they do that).

Jailbreaking or Prompt Injection are when a user overrides the rules built in the source code of the LLM to perform a negative task. This was used in the car purchase example mentioned above.

Biases occur when a system is trained with incomplete or incorrect data. For instance, let's assume a HR/Hiring process, if the training data mostly consists of resumes from men who were hired for engineering roles, the LLM might favor resumes with keywords commonly found in men's engineering resumes, overlooking qualified women candidates. Biases can come in many forms like culture, racism, sexism, etc. 

Nearly all platforms have a mechanism to record feedback on responses, basically the like/dislike buttons. This helps fine-tune the responses based on feedback for future use. This is called Reinforcement Learning from Human Feedback or RLHF. When discussing this, I generally just call it Reinforcement Learning, the rest feels like a mouthfull. 

Data Science is not like your typical sciences like chemistry or physics. In the words of the infamous Josh Haselhorst (Southwest Sales Engineer at Telarus) in a room full of colleagues - "I don't know physics, I'm not a Physician!". 

This is the process of finding the relevant data, cleansing it, and then preparing it for training. It is one of the most important, if not THE most important, task when training a LLM. You may be thinking, "that's cool, what does that mean?" Let's get to it.

Since Microsoft released their Copilot solution powered by Open.ai which is the backend for the infamous ChatGPT, there was a lot of information relevant to Security that wasn't part of the marketing fluff. For instance, once Copilot is enabled (license addon per user), it has access to data at the tenant level. This is the top hierarchy within the microsoft ecosystem that a customer can have. Microsoft claims that responses are governed by the access level of the user performing the request but after talking to many Gold CSPs (solution providers); there have been numerous instances where a user was able to retrieve information above their roles and permissions. For instance, a lower level employee getting access to HR information like salary data, confidential information like patent data, or financials like P&L, etc. Is your company willing to accept this risk knowing the potential possibilities? 

The best way to control this data access is through thorough data classification, where you tag data with its level of risk whether public, internal-only, confidential, etc (there are many possibilities here) and apply data loss prevention (DLP) techniques restricting sharing capabilities of specific data to specific users allowing for least privilege. More information on these terms can be found in the Cybersecurity training module.