CHAPTER 1
Overview of Generative Artificial Intelligence Security

Enterprises need to be aware of the new risks that come with using generative artificial intelligence (AI) and tackle them proactively to reap the benefits. These risks are different from software risks, which have many established standards and best practices to help enterprises manage them. AI applications are complicated, and they use data and probabilistic models that can change the results over the course of the lifecycle, causing the applications to act in unforeseen ways.

Enterprises can get a good start in reducing these risks by having strong security measures across existing domains such as data security and secure software development.

Common Use Cases for Generative AI in the Enterprise

Generative AI introduces completely new risk categories and changes our established risk management approach.

Generative Artificial Intelligence

Large language models (LLMs) represent a significant advancement in natural language processing. These statistical language models are trained to predict the next word in a partial sentence, using massive amounts of data. By adding multimodal capabilities—the ability to process images as well as text—generative AI models enable many new use cases, previously limited to highly specialized, narrow AI.

The key difference is not that these use cases were impossible before but the low barrier of entry and democratization of these tools. You no longer need a team of specially trained engineers or a datacenter full of dedicated hardware to build these solutions.

OpenAI's GPT-4, a widely popular LLM, is a transformer-style model that performs well even on tasks that have typically eluded narrow, task-specific AI models. Successful task categories include abstraction, coding, mathematics, medicine, and law. GPT-4 performs at “human-level” in a variety of academic benchmarks. While several risks remain to be addressed, the success of GPT-4 and its predecessor is remarkable.

A defining characteristic of LLMs is their probabilistic nature, indicating that, rather than delivering a singular definite response, they present various potential responses associated with varying probabilities. In chat applications designed for users, a single response is typically shown. The setup or calibration of the LLM helps to identify which response is most suitable.

Because of their probabilistic design, LLMs are inherently nondeterministic. They might produce varying results for identical inputs because of randomness and the uncertainties inherent in the text generation process. This can be problematic in scenarios that demand uniform and dependable outcomes, such as in legal or medical fields. Therefore, it is essential to carefully evaluate the accuracy and reliability of text from these models, as well as reflect on the potential ethical and social implications of using LLMs in sensitive contexts.

Generative AI Use Cases

Generative AI has a variety of use cases in the enterprise, such as content summarization, virtual assistants, code generation, and crafting highly personalized marketing campaigns on a large scale.

Text summarization can help users quickly access relevant information from large amounts of text, such as internal documents, meeting minutes, call transcripts, or customer reviews.

Generative AI can leverage their multimodal capabilities to perform both types of summarization, depending on the input and output formats. For example, an LLM can take an image and a caption as input and generate a short summary of what the image shows. Or, an LLM can take a long article as input and generate a bullet-point list of the key facts or arguments.

Generative AI can power virtual assistants that can interact with customers or employees through natural language, voice, or text. These assistants can provide information, answer queries, perform tasks, or offer suggestions based on the chat context and enterprise-specific training data. For example, a generative AI assistant can help a customer book a flight, order a product replacement within the warranty policy, or provide troubleshooting support for a technical issue.

Generative AI can be used to generate code based on natural language queries. This can help enhance developer productivity and reduce onboarding time for new team members. For example, a generative AI system can generate regular expression queries from natural language prompts, explain how a project works, or write unit tests.

Finally, generative AI can be used to scale outbound marketing by creating highly personalized and engaging content for the enterprise's target audiences, based on their profiles, preferences, behavior, and feedback. This can improve customer loyalty, retention, and conversion. For example, a generative AI system can tailor the content and tone of an email campaign to each recipient. Generative AI has been shown to be especially effective in crafting convincing messaging at scale.

LLM Terminology

Before we dive deeper into generative AI applications, let us briefly define some key terms that are commonly used in this domain.

A prompt is a text input that triggers the generative AI system to produce a text output. A prompt can be a word, a phrase, a question, or a sentence that provides some context or guidance for the system. For example, a prompt to a virtual assistant can be “Write a summary of this article.” For text completion models, the prompt might simply be a partial sentence.

A system message, also referred to as a metaprompt, appears at the start of the prompt and serves to equip the model with necessary context, directives, or additional details pertinent to the specific application.

The system message contains additional instructions or constraints for the LLM application, such as the length, style, or format of the output. It can be used to outline the virtual assistant's character, establish parameters regarding what should and should not be addressed by the model, and specify how the model's replies should be structured. System messages can also be used to implement safeguards for model input and output. The following snippet illustrates a system message:

Training data is the information used to develop an LLM. LLMs are equipped with vast knowledge from extensive data that grants them a comprehensive understanding of language, world knowledge, logic, and textual skills. The effectiveness and precision of an LLM are influenced by the quality and amount of its training data. Note that since the training data consists solely of publicly accessible information, it excludes any recent developments post the creation of the model, underscoring the necessity of grounding to supplement the model with additional context pertinent to specific use cases.

Grounding encompasses the integration of LLMs with particular datasets and contexts. By integrating supplemental data during runtime, which lies outside of the LLM's ingrained knowledge, grounding helps prevent the generation of inaccurate or contradicting content. For instance, it can prevent errors such as stating, “The latest Olympic Games were held in Athens” or “The Phoenix product weighs 10 kg and 20 kg.”

Retrieval-augmented generation (RAG) represents a technique to facilitate grounding. This approach involves fetching task-relevant details, presenting such data to the language model alongside a prompt, and allowing the model to leverage this targeted information in its response.

Fine-tuning is the practice of rebuilding the model and refining its parameters to enhance its task or domain-specific functions. Fine-tuning is performed using a smaller, more relevant subset of training data. It includes additional training phases to evolve a new model version that supplements the baseline training with specialized task knowledge. Fine-tuning used to be a more common approach to grounding. However, compared to RAG, fine-tuning often involves a higher expenditure of time and resources and now generally offers minimal benefit in several scenarios.

Plugins are separate modules that enhance the functionality of language models or retrieval systems. They can offer extra information sources for the system to query, which expands the context for the model. You have the option to develop custom plugins, use those made by the language model developers, or obtain plugins from third parties. Note that just like in the case of other dependencies, ensuring the security of the plugins built by others is your responsibility.

Sample Three-Tier Application

From application architecture point of view, most of the common use cases can be represented in the familiar three-tier model. While this approach omits some details, it is a beneficial...