Programming Language
Most LLMs are developed using the Python language, whereas the vulnerabilities of Python interpreters pose threats to the developed models
ENTITY
3 - Other
INTENT
2 - Unintentional
TIMING
1 - Pre-deployment
Risk ID
mit20
Domain lineage
2. Privacy & Security
2.2 > AI system security vulnerabilities and attacks
Mitigation strategy
1. Adopt the principle of least privilege in code execution by utilizing internal Python APIs for functionality instead of invoking Operating System (OS) commands, and employ secure execution environments (sandboxing) for any dynamically generated or untrusted code to contain potential threats. 2. Implement a robust software supply chain security protocol, which includes continuous vulnerability scanning of all project dependencies, maintaining the minimal viable runtime environment, and applying security patches promptly to mitigate risks associated with third-party packages. 3. Enforce strict input validation and sanitization mechanisms on all user-supplied data to prevent injection attacks; specifically, utilize parameterized statements for database interactions and array-based arguments for subprocess execution to logically separate data from code.