Video

OWASP Top 10 for LLMs and Generative AI Apps
The Motley Fool Director of Application Security Paolo del Mundo leads an insightful Community session connecting the foundational OWASP Top 10 framework for traditional web applications to the emerging world of AI, exploring the unique security challenges posed by large language models (LLMs). Paolo discusses the profile and impact of vulnerabilities such as prompt injection, insecure plugin design, and excessive agency. Just a few among the many excellent takeaways from his presented findings: the importance of input and output filtering to mitigate prompt injection risks, and the benefits of leveraging tools like PromptGuard to safeguard against threats and tools Damn Vulnerable LLM Agent to experiment with and better understand them. This session offers practical insights into real-world attacks and demonstrates with engaging examples how attackers can exploit weaknesses in generative AI apps, offering actionable protection/risk reduction strategies for security professionals navigating the evolving landscape of AI-based applications.

𝗔𝗯𝗼𝘂𝘁 𝗣𝗮𝗼𝗹𝗼

Paolo is the Director of Application Security at The Motley Fool, where he has been leading the AppSec team for the past 4 years. With a strong foundation of 15 years as a software developer, Paolo made a successful transition into the security field, driven by his passion for bug bounties and capture the flag competitions.

Paolo's unique background combines deep technical expertise with a keen understanding of security challenges in modern software development. He is particularly interested in the emerging security implications of Generative AI, viewing it as a fertile ground for exploring new attack vectors and defensive strategies.

Drawing from his extensive experience in both development and security, Paolo offers valuable insights into the evolving landscape of application security in today's rapidly changing technological environment.