[Evening Read] Malla: Demystifying Real-World LLM Integrated Malicious Services
GenAI has given rise to a new generation of applications powered by LLMs.
But what is the biggest problem of GenAI? They are one of the most vulnerable technologies out there! Get it out of your mind that AI is infallible.
How are LLMs used in malicious services? Researchers call such applications as Mallas.
Mallas either abuse unsensored LLMs or exploit public LLM APIs through jailbreaking prompts.
What kind of workflow is used with Malla services?
What are some mallas that researchers uncovered?
Researcher were able to collect over 200 mallas.
How good are these mallas at performing various malicious activities?
Researchers assessed them for three different tasks: malware generation, phishing email creation and phishing website creation.
What can we, as defenders, do to make it hard to develop mallas?
One measure is to make it hard to bypass current safety measures of public LLM APIs through prompt injection.
Further, access to uncensored LLMs should be granted judiciously to avoid them ending in the hands of threat actors.
What can we learn from all this?
Do not blindly trust any LLM powered apps (any software for that matter). Question everything. The more we do that, the better prepared we are to use the app with the known risks.
Think twice before you type, copy or upload files to these apps.
Reference:
