Patrick Daly’s Post

This is another great example of some of the new types of security threats faced by businesses as they advance to the AI era. AI, like all technology innovations in productivity before it, is not and will never be perfect. Honestly the more complex a system is, the more likely you will have unforeseen issues pop up. It is important that you consider what information in your business your AI models have access to, and in turn who also has access to your AI.

This type of AI jailbreak attack highlighted by Mark Russinovich at Build was in essence the same that I used to jailbreak Lamma3 when it was released. I just used a variation of the Balakula prompt to accomplish the same. It is a jailbreak on the model safeguards itself. It is more efficient when used at the system prompt level but it works at the user prompt level for most models. You can find more on how I did it here: https://lnkd.in/ghWkkc3S

I'm a day late, but we just put out a second amazing blog on AI jailbreaks. Not only is this blog post very detailed and informative, but it's also a really fun read with great visuals! Congrats to the team for breaking down Skeleton Key so effectively. Here's a few teasers to make you want to read the whole post... Skeleton Key jailbreak technique works by using a multi-turn (or multiple step) strategy to cause a model to ignore its guardrails. Once guardrails are ignored, a model will not be able to determine malicious or unsanctioned requests from any other. It relies on the attacker already having legitimate access to the AI model. At the attack layer, Skeleton Key works by asking a model to augment, rather than change, its behavior guidelines so that it responds to any request for information or content, providing a warning (rather than refusing) if its output might be considered offensive, harmful, or illegal if followed. When the Skeleton Key jailbreak is successful, a model acknowledges that it has updated its guidelines and will subsequently comply with instructions to produce any content, no matter how much it violates its original responsible AI guidelines. Mitigations: Input filtering, System messages, Output filtering, Abuse monitoring.

Microsoft recently discovered a new type of generative AI jailbreak method, which we call Skeleton Key for its ability to potentially subvert responsible AI (RAI) guardrails built into the model, which could enable the model to violate its operators’ polices, make decisions unduly influenced by a user, or run malicious instructions. The Skeleton Key method works by using a multi-step strategy to cause a model to ignore its guardrails by asking it to augment, rather than change, its behavior guidelines. This enables a model to then respond to any request for information or content, including producing ordinarily forbidden behaviors and content. To protect against Skeleton Key attacks, Microsoft has implemented several approaches to our AI system design, provided tools for customers developing their own applications on Azure, and provided mitigation guidance for defenders to discovered and protect against such attacks. Learn about Skeleton Key, what Microsoft is doing to defend systems against this threat, and more in the latest Microsoft Threat Intelligence blog from the Chief Technology Officer of Microsoft Azure Mark Russinovich: https://msft.it/6043Y7Xrd Learn more about Mark Russinovich and his exploration into AI and AI jailbreaking techniques like Crescendo and Skeleton Key, as discussed on that latest Microsoft Threat Intelligence podcast episode hosted by Sherrod DeGrippo: https://msft.it/6044Y7Xre

Cool follow-up to the last post I shared on AI jailbreaks…. This time with insights on Skeleton Key jailbreak specifically. Interesting article.

As part of their Secure Future Initiative, Microsoft is working with OpenAI to uncover new intelligence detailing threat actors’ attempts to test and explore the usefulness of large language models (#LLMs) in attack techniques. Check out the full report below! https://lnkd.in/gp9ptttP

Great article from Mark Russinovich discussing Microsoft research into various risks related Generative AI. Read about the discovery of a powerful technique to neutralize poisoned content, a family of malicious prompt attacks, and how to defend against them with multiple layers of mitigations. #MicrosoftSecurity #GenerativeAI

Crescendo - a term often associated with music, but did you know it's also being used to avoid LLM controls and exploit AI models? Check out Microsoft's latest security blog post where they dive into the core of the issue and discuss how they're working to mitigate these evolving attacks against AI guardrails. Let's work together to ensure the general usability of genAI models. #Microsoft #AI #security #genAI Link to the blog post: https://lnkd.in/duv2E3qK 😤

How Microsoft discovers and mitigates evolving attacks against AI guardrails By Mark Russinovich, Microsoft Azure Excerpt from the blog "As we continue to integrate #generativeAI into our daily lives, it’s important to understand the #potentialharms that can arise from its use. Our ongoing commitment (https://lnkd.in/e6AF5Uk9) to advance safe, secure, and trustworthy #AI includes transparency about the capabilities and limitations of #largelanguagemodels (#LLMs). We prioritize #research on #societalrisks and building secure, safe AI, and focus on developing and deploying #AIsystems for the #publicgood. You can read more about Microsoft’s approach to securing generative AI with new #tools we recently announced (https://lnkd.in/eXYsUmhr) as available or coming soon to #MicrosoftAzureAIStudio for #generativeAIapp #developers. We also made a commitment to identify and mitigate #risks and share information on novel, potential #threats. For example, earlier this year Microsoft shared the principles shaping Microsoft’s policy and actions (https://lnkd.in/exfnSxUg) blocking the nation-state #advancedpersistentthreats (APTs), #advancedpersistentmanipulators (APMs), and #cybercriminal syndicates we track from using our AI tools and APIs. In this blog post, we will discuss some of the key issues surrounding AI harms and #vulnerabilities, and the steps we are taking to address the risk. 💡 The potential for malicious manipulation of LLMs One of the main concerns with AI is its potential misuse for malicious purposes. To prevent this, AI systems at Microsoft are built with several layers of defenses throughout their architecture. ... ... ... We can break these risks into two groups of attack techniques: 🔎 Malicious prompts. 🔎Poisoned content. " More Resources: #MicrosoftSecurity for Enterprise (https://lnkd.in/eCJQf7K8) Generative AI for security is here Accelerate efficiency with #MicrosoftCopilotforSecurity. See why 97% of security professionals said they want to use Copilot again.

Our commitment to advancing safe, secure, and trustworthy #AI is a top priority. Transparency about the capabilities and limitations of large language models (LLMs) is key to our mission. We prioritize research on societal risks and building secure, safe AI, and focus on developing and deploying AI systems for the public good. In our latest blog post, we discuss some of the key issues surrounding AI harms and vulnerabilities, and the steps we are taking to address the risk. Check it out here: https://lnkd.in/ed5Diurd #AI #safety #security #trustworthyAI #responsibleAI #Microsoft