About Pedram

Dr. Pedram Hayati is the Founder and CEO of SecDim, where he focuses on redefining developer engagement in security through developer-oriented wargames.

As a security researcher who transitioned from the offsec to appsec, he has reported thousands of vulnerabilities to Fortune 500 companies, published over 25 zero-days, and has led a global penetration testing team for 2nd largest Defence contractor.

Pedram lectures postgraduate security courses at the University of New South Wales, Australian Defence Force Academy.

He is the founder of SecTalks.org, the largest non-profit security community in Australia. He has presented at top global security conferences such as at Black Hat, DEF CON, Hack In The Box, OWASP and FirstCon.

LLM Security Is Broken: Analysis of A Public Wargame

Sydney

Security: Fortifying the Future

This presentation captures findings from a public AI security challenge designed to evaluate the resilience of Large Language Models (LLMs) against prompt injection attacks. The experiment involved an Attack & Defence wargame where participants were tasked with securing their LLMs, specifically preventing secret phrase disclosure. They were given access to the source code of the app that interfaced with OpenAI API. Simultaneously, participants were to attack other LLMs in an attempt to exfiltrate the secret phrase. A notable aspect of this experiment was the real-time evolution of defensive strategies and offensive tactics by participants. The results indicated that all LLMs were exploited at least once, thus highlighting the complexity behind LLM security and lack of in-depth understanding of prompt injection. This underscores how there is no silver bullet for securing against prompt injection and that it remains as an open problem.