Large language models (LLMs) have emerged as powerful tools with numerous applications. However, their advanced capabilities also bring significant cybersecurity concerns. According to Elad Schulman, co-founder and CEO of Lasso Security, “As powerful as they are, LLMs should not be trusted uncritically.” In an exclusive interview with VentureBeat, Schulman emphasizes that these models are vulnerable to security threats and require careful consideration.
LLMs have revolutionized various industries and are considered a crucial asset for businesses seeking a competitive advantage. Their conversational nature makes them accessible to everyone, but this ease of use also opens doors for exploitation. When manipulated through prompt injection or jailbreaking, LLMs can inadvertently expose training data, sensitive information, proprietary algorithms, and other confidential details. In fact, Samsung had to ban the use of ChatGPT and other generative AI tools after company data was leaked.
Another significant concern is data “poisoning,” where tampered training data introduces bias that compromises security, effectiveness, and ethical behavior. Inadequate validation and hygiene of LLM outputs can lead to insecure output handling, potentially exposing backend systems to attackers. The OWASP online community outlines various security vulnerabilities associated with LLMs, including model denial of service and compromised software supply chain from third-party components.
