Assessment Services
Security Innovation’s GenAI LLM assessment services are tailored to address the unique threats that GenAI systems face, providing tailored remediation guidance for optimal risk mitigation in AI environments. In addition, our assessments align with industry best practices, including assisting organizations in meeting the security requirements of the ISO/IEC 42001 standard, which focuses on AI system governance and risk management. By ensuring your AI solution is secure and follows these international guidelines, we help you maintain compliance while addressing critical security concerns.
Scalable methodologies for Optimized Results
Each engineer follows the same test methodology, which includes the OWASP LLM Top 10 and over twenty-five custom test cases based upon the multitude of contexts, modalities, and content processing that Gen AI and LLM provide.
Our team has the capability to thoroughly inspect various aspects of the AI system, including:
- Tokenization: We analyze the process of converting text into numerical representations that the model can understand.
- Guardrails: We examine the safeguards and constraints in place to ensure the system behaves as intended.
- Model training: We review the process of training the AI model on relevant data.
We accomplish this through static analysis, which involves examining the system’s code and architecture without executing it.
Additionally, we perform penetration testing, which is the dynamic assessment of the system’s security. This involves interacting with the AI and testing user-controlled prompts to ensure the system responds appropriately and securely.
Finally, we validate that the integrated systems and supporting environments are being utilized in a secure manner.
This comprehensive approach allows us to thoroughly evaluate the AI system and ensure it is functioning as expected, with the necessary security measures in place.
GenAI security assessments require crafting input tailored to the User Prompt, Guardrails, Input and Output filtering, and supporting technology stack as required. Documented test cases will highlight inputs to the system, expected outputs, and analysis of resulting outputs. Real world attacks include context specific requests such as from an employee facing HR assistant, a customer facing system that blends self-help content with escalation to human agents, or a system to generate user-designed images.
Focus on Mitigating Key AI Threats
Emerging threats that our engineers consider while assessing AI models or systems developed with AI include:
