[OWASP HU] LLM AppSec in 3 takes: local-first, SDLC, psychology [en]

![[OWASP HU] LLM AppSec in 3 takes: local-first, SDLC, psychology [en]](https://secure.meetupstatic.com/photos/event/d/9/0/4/highres_522655556.webp?w=750)
Details
OWASP Hungarian chapter in collaboration with CyEx delivers a meetup where LLMs security is treated in three different takes: A practicioner's insights into hardening security of local-first business solutions; SDLC related practical examples from a cybersec management veteran; Psychology vs LLMs/GenAI vs safety/security as seen by an academic psychology researcher. Attend the event in person in Budapest or follow it live online!
Main event page:
https://www.meetup.com/owasp-hu/events/302470528/
📎 Sidenote1: Do not forget to hop over to 'OWASP Top 10 for LLM apps': https://genai.owasp.org/llm-top-10/
1️⃣ 18:10 CET* Applied LLM security: How to harden the local ones (plus tips for API users)
🎙️ Irina Nikolaeva, Head of Data Science at Raft Digital Solutions, Russia
With her master's degree and academic papers in applied mathematics and statistics, Irina is literally a scientist in the field where notions of science and artificial intelligence are exaggerated. Her many years of practical experience with ML in general, and DL, NLP, LLMs and others before the Coming of ChatGPT makes her approach chill and dehyped. Irina will give tips on how to protect your solution from LLM leaking data/PII, treating users inadequately or giving bad advice. Our expert's good advice will be focusing on local-first solutions, which she has accumulated experience in, as it is the choice of implementation which is reasonably favorable in a sanctioned country. However, folks implementing business solutions using the popular LLM APIs are expected to get their valuable share of advice too. [30 mins talk, 10 mins Q/A, break]
2️⃣ 19:00 CET LLM Sprinkles for your SDLC Sundae
🎙️ Craig Balding, Independent Cyber Security Consultant, UK
One of the fathers of cybersec red teaming, today Craig's top interest is AI security research and education, and his technical and non-technical consulting has also turned primarily to that direction. The current session applies his many years of cybersec leadership and navigating secure development in large financial institutions to the new situation created by the emerging omnipresence of LLMs -- how SDLC, secure software development methodologies and practices change. The session will be showing small, practical examples of using LLMs and hopefully give attendees food for thought to run their own experiments (and share back to OWASP anything useful!) [20 mins talk, 10 mins Q/A, break]
3️⃣ 19:45 CET Utilizing the psychology of generative language models to get better and safer behavior
🎙️ Kekecs Zoltán, PhD, Researcher, Assistant Professor, ELTE Faculty of Education and Psychology, HU
"We commonly point out flaws in anthropomorphizing generative language models, but we rarely talk about the benefits. This talk will describe the similarities and differences in the functioning of LLMs compared to human psychology, touching on topics of memory, thinking/reasoning, cognitive biases and stereotypes, goals and motivation, emotions, and consciousness. We will discuss how we can utilize the advances in human behavioral science and neuroscience to better understand the behavior of generative models, and to achieve better and safer results with these systems." [20 mins talk, 10 mins Q/A]
4️⃣ Networking, free beer, refreshments or tea-like drinks. 🏜️😊🍻🫖
Host: CyEx, a Budapest-based cyber security service provider, whose founders are prominent figures in Hungarian pentesters' education
🏛️ Doors open at 17:45
Budapest, Elnök u. 1, 1089 [Nagyvárad tér metro]
https://maps.app.goo.gl/oKrqHMfhpyxnnpFs9
📻 Online:
Telegram (live stream, panel, questions)
https://t.me/owasphu?livestream
Youtube (broadcast, questions)
https://www.youtube.com/watch?v=BHSpvzgk05g
https://youtube.com/@owasphu
* Times are given in CE[S]T / Berlin / Budapest time = UTC + 2
Produced by: Timur Khrotko, OWASP HU
📎 Sidenote2: Another OWASP and LLMs related thingy to know about is the below checklist:
https://genai.owasp.org/resource/llm-applications-cybersecurity-and-governance-checklist-english/

[OWASP HU] LLM AppSec in 3 takes: local-first, SDLC, psychology [en]