10 Safeguarding Generative AI

 

This chapter covers

  • Authorization-enabling RAG results
  • Securing tool invocations
  • Mitigating adversarial prompts

Most organizations have documents that fall under one or more levels of classification ranging from Top Secret to Confidential to Restricted access. And not every person has the same access to applications and services that others need to do their job. Security and information rights management is an important aspect of any organization as well as in software.

You’ve seen how Retrieval Augmented Generation (RAG) and tools make it possible to integrate Generative AI with your documents and data. But not all documents and tools are intended for all users. It’s important to secure access to documents and tools to ensure that users who aren’t authorized won’t have access to them indirectly via an LLM.

Moreover, a cleverly phrased prompt submitted by a sneaky user could trick the LLM into doing something or revealing information that shouldn’t be exposed. You’ll need to apply guardrails that intercept a user’s questions and the LLM’s responses to ensure that sensitive responses aren’t returned to the users.

10.1 Controlling document access with RAG

10.1.1 Designating premium content

10.1.2 Adding security to Board Game Buddy

10.1.3 Filtering for premium content

10.1.4 Applying per-user conversational memory

10.1.5 Trying it out

10.2 Securing tools

10.3 Safeguarding against adversarial prompting

10.3.1 Preventing prompts with sensitive terms

10.3.2 Preventing prompt leaks

10.4 Moderating user input

10.5 Summary