Issues on External Tools
The external tools (e.g., web APIs) present trustworthiness and privacy issues to LLM-based applications.
ENTITY
3 - Other
INTENT
3 - Other
TIMING
3 - Other
Risk ID
mit28
Domain lineage
2. Privacy & Security
2.2 > AI system security vulnerabilities and attacks
Mitigation strategy
1. Enforce stringent data minimization and access control principles, limiting the LLM's interaction with external APIs to only the absolutely requisite data and functions. 2. Implement robust API security measures, including mandatory authentication, secure development practices, and continuous security testing to fortify the interface against exploitation. 3. Establish comprehensive monitoring of third-party API usage to detect anomalous activity, and incorporate a human-in-the-loop validation process before executing actions via external tools.