From f3a4440064c785ab0f3bdcb2ae365bf428c46d79 Mon Sep 17 00:00:00 2001 From: Talesh Seeparsan Date: Mon, 25 Nov 2024 14:47:40 -0800 Subject: [PATCH] Fixed typo (#483) --- 2_0_vulns/LLM03_SupplyChain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2_0_vulns/LLM03_SupplyChain.md b/2_0_vulns/LLM03_SupplyChain.md index 807bb2b4..3b9e739c 100644 --- a/2_0_vulns/LLM03_SupplyChain.md +++ b/2_0_vulns/LLM03_SupplyChain.md @@ -44,7 +44,7 @@ A simple threat model can be found [here](https://github.com/jsotiro/ThreatModel 6. Only use models from verifiable sources and use third-party model integrity checks with signing and file hashes to compensate for the lack of strong model provenance. Similarly, use code signing for externally supplied code. 7. Implement strict monitoring and auditing practices for collaborative model development environments to prevent and quickly detect any abuse. "HuggingFace SF_Convertbot Scanner" is an example of automated scripts to use. (Ref. link: [HuggingFace SF_Convertbot Scanner](https://gist.github.com/rossja/d84a93e5c6b8dd2d4a538aa010b29163)) -8. AAnomaly detection and adversarial robustness tests on supplied models and data can help detect tampering and poisoning as discussed in "LLM04 Data and Model Poisoning; ideally, this should be part of MLOps and LLM pipelines; however, these are emerging techniques and may be easier to implement as part of red teaming exercises. +8. Anomaly detection and adversarial robustness tests on supplied models and data can help detect tampering and poisoning as discussed in "LLM04 Data and Model Poisoning; ideally, this should be part of MLOps and LLM pipelines; however, these are emerging techniques and may be easier to implement as part of red teaming exercises. 9. Implement a patching policy to mitigate vulnerable or outdated components. Ensure the application relies on a maintained version of APIs and underlying model. 10. Encrypt models deployed at AI edge with integrity checks and use vendor attestation APIs to prevent tampered apps and models and terminate applications of unrecognized firmware.