CINXE.COM

<!doctype html> <html lang="en-US" class="no-touch js "> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1">  <meta name="blogsPostDate" content="2024-03-26 13:38:44"/><meta name="blogsPostTags" content="artificial-intelligence,cybersecurity,featured,llm"/><meta name="blogsPostCat" content="Learning"/><meta name="article:category" content="Learning"/><meta name=priorityNarrativeList" content="None"/> <meta name="wordCount" content="1835" /> <meta name="readTime" content="440" />  <script type='text/javascript' src="//www.cisco.com/etc/designs/cdc/clientlibs/responsive/js/web-component-foundation.min.js"></script> <script> /** * Invokes appropriate private methods based on input parameters based on needs of web component architecture * @param {Array} wcAssets array of strings that correlate to the names of web components or array of objects containing asset name and corresponding locale/path * @param {String} localePath specifies where web component should be retrieved from (expected format: en/us or en_au for all other locales); false if wcAssets, is array of objects * @param {Boolean} isWem [Optional] specifies if assets are being loaded on a WEM environment * @param {Boolean} needTargetter [Optional] specifies need for targetter bundle to be loaded (generally needed on external sites) * @param {Boolean} isRelative [Optional] specifies if asset path(s) should be relative * @param {String} env [Optional] specifies enviornment to append to relative path (should not be used with isRelative) * @param {Boolean} hasEnvOverride [Optional] specifies if environment needs to be overridden (should be used with env) */ cdc.wcAncillaryAssetAllocator.init(['cdc-template-blogs'], 'en/us', false, true, false, 'prod'); if (window.cdc === undefined) { window.cdc = {}; } if (cdc.cdcMasthead === undefined) { cdc.cdcMasthead = {}; } if (cdc.cdcMasthead.additional === undefined) { cdc.cdcMasthead.additional = {}; } cdc.cdcMasthead.additional.env = 'prod'; </script> <script type="text/javascript"> if ( typeof cdc === "undefined")cdc = {}; if ( typeof cdc.util === "undefined")cdc.util = {}; cdc.util.ensureNamespace = function (namespaceStr) { if (!namespaceStr) { return; var parts = namespaceStr.split("."); var o = window; var i; var aPart; for (i = 0; i < parts.length; i++) aPart = parts[i]; if (typeof (o[aPart]) != "object"){ o[aPart] = {}; } o = o[aPart]; } }; cdc.dm = {}; cdc.dm.util = {}; cdc.dm.util.ensureNamespace = cdc.util.ensureNamespace; </script> <meta name="author" content="Omar Santos" /><meta name="blogsPostAuthor" content="Omar Santos" /><meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' /> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm-core.js"></script>  <title>Securing the LLM Stack - Cisco Blogs</title> <meta name="description" content="Learn how to protect data, preserve user trust, and ensure the operational integrity, reliability, and ethical use of LLMs." /> <link rel="canonical" href="https://blogs.cisco.com/learning/securing-the-llm-stack" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="Securing the LLM Stack" /> <meta property="og:description" content="Learn how to secure AI and Large Language Model (LLM) technologies." /> <meta property="og:url" content="https://blogs.cisco.com/learning/securing-the-llm-stack" /> <meta property="og:site_name" content="Cisco Blogs" /> <meta property="article:published_time" content="2024-03-26T20:38:44+00:00" /> <meta property="article:modified_time" content="2024-04-05T14:15:41+00:00" /> <meta property="og:image" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_Omar-Santos-scaled.jpg" /> <meta property="og:image:width" content="2560" /> <meta property="og:image:height" content="1329" /> <meta property="og:image:type" content="image/jpeg" /> <meta name="author" content="Omar Santos" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:title" content="Securing the LLM Stack" /> <meta name="twitter:creator" content="@santosomar" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Omar Santos" /> <meta name="twitter:label2" content="Est. reading time" /> <meta name="twitter:data2" content="9 minutes" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"Article","@id":"https://blogs.cisco.com/learning/securing-the-llm-stack#article","isPartOf":{"@id":"https://blogs.cisco.com/learning/securing-the-llm-stack"},"author":{"name":"Omar Santos","@id":"https://blogs.cisco.com/#/schema/person/ac0ee8c864cd6aa5af90567cf313e8d1"},"headline":"Securing the LLM Stack","datePublished":"2024-03-26T20:38:44+00:00","dateModified":"2024-04-05T14:15:41+00:00","mainEntityOfPage":{"@id":"https://blogs.cisco.com/learning/securing-the-llm-stack"},"wordCount":1834,"publisher":{"@id":"https://blogs.cisco.com/#organization"},"image":{"@id":"https://blogs.cisco.com/learning/securing-the-llm-stack#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_Omar-Santos-scaled.jpg","keywords":["Artificial Intelligence (AI)","Cybersecurity","Featured","Large Language Models (LLM)"],"articleSection":["Learning"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https://blogs.cisco.com/learning/securing-the-llm-stack","url":"https://blogs.cisco.com/learning/securing-the-llm-stack","name":"Securing the LLM Stack - Cisco Blogs","isPartOf":{"@id":"https://blogs.cisco.com/#website"},"primaryImageOfPage":{"@id":"https://blogs.cisco.com/learning/securing-the-llm-stack#primaryimage"},"image":{"@id":"https://blogs.cisco.com/learning/securing-the-llm-stack#primaryimage"},"thumbnailUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_Omar-Santos-scaled.jpg","datePublished":"2024-03-26T20:38:44+00:00","dateModified":"2024-04-05T14:15:41+00:00","description":"Learn how to protect data, preserve user trust, and ensure the operational integrity, reliability, and ethical use of LLMs.","breadcrumb":{"@id":"https://blogs.cisco.com/learning/securing-the-llm-stack#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https://blogs.cisco.com/learning/securing-the-llm-stack"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/learning/securing-the-llm-stack#primaryimage","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_Omar-Santos-scaled.jpg","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_Omar-Santos-scaled.jpg","width":2560,"height":1329},{"@type":"BreadcrumbList","@id":"https://blogs.cisco.com/learning/securing-the-llm-stack#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Cisco Blogs","item":"https://blogs.cisco.com/"},{"@type":"ListItem","position":2,"name":"Learning","item":"https://blogs.cisco.com/learning"},{"@type":"ListItem","position":3,"name":"Securing the LLM Stack"}]},{"@type":"WebSite","@id":"https://blogs.cisco.com/#website","url":"https://blogs.cisco.com/","name":"Cisco Blogs","description":"","publisher":{"@id":"https://blogs.cisco.com/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://blogs.cisco.com/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https://blogs.cisco.com/#organization","name":"Cisco Systems","url":"https://blogs.cisco.com/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/logo/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2020/10/Cisco_Logo_no_TM_Sky_Blue-RGB.png","width":912,"height":482,"caption":"Cisco Systems"},"image":{"@id":"https://blogs.cisco.com/#/schema/logo/image/"}},{"@type":"Person","@id":"https://blogs.cisco.com/#/schema/person/ac0ee8c864cd6aa5af90567cf313e8d1","name":"Omar Santos","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https://blogs.cisco.com/#/schema/person/image/","url":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1492091254-bpfull.jpg","contentUrl":"https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1492091254-bpfull.jpg","caption":"Omar Santos"},"description":"Omar Santos is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, cybersecurity research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the lead of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee. Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer and Intelligence (C4I) systems.","sameAs":["https://www.linkedin.com/in/santosomar","https://twitter.com/santosomar"],"url":"https://blogs.cisco.com/author/omarsantos"}]}</script>  <link rel='dns-prefetch' href='//www.cisco.com' /> <link rel='dns-prefetch' href='//s.w.org' /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Feed" href="https://blogs.cisco.com/feed" /> <link rel="alternate" type="application/rss+xml" title="Cisco Blogs » Comments Feed" href="https://blogs.cisco.com/comments/feed" /> <script type="text/javascript"> window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/blogs.cisco.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=5.9.2"}}; /*! This file is auto-generated */ !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode;p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0);e=i.toDataURL();return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p||!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([10084,65039,8205,55357,56613],[10084,65039,8203,55357,56613])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything||(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(n=t.source||{}).concatemoji?c(n.concatemoji):n.wpemoji&&n.twemoji&&(c(n.twemoji),c(n.wpemoji)))}(window,document,window._wpemojiSettings); </script> <style type="text/css"> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-library/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-components-css' href='https://blogs.cisco.com/wp-includes/css/dist/components/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/block-editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-nux-css' href='https://blogs.cisco.com/wp-includes/css/dist/nux/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://blogs.cisco.com/wp-includes/css/dist/reusable-blocks/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://blogs.cisco.com/wp-includes/css/dist/editor/style.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='mux_video_block_style-css' href='https://blogs.cisco.com/wp-content/plugins/ilab-media-tools/public/blocks/mediacloud-mux.blocks.style.css' type='text/css' media='all' /> <style id='global-styles-inline-css' type='text/css'> body{--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--cisco-midnight-blue: #0d274d;--wp--preset--color--cisco-ocean-blue: #1e4471;--wp--preset--color--cisco-sky-blue: #00bceb;--wp--preset--color--cisco-green: #6abf4b;--wp--preset--color--cisco-orange: #fbab18;--wp--preset--color--cisco-red: #e2231a;--wp--preset--color--dark-gray: #495057;--wp--preset--color--medium-gray: #9e9ea2;--wp--preset--color--light-gray: #ced4da;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--duotone--dark-grayscale: url('#wp-duotone-dark-grayscale');--wp--preset--duotone--grayscale: url('#wp-duotone-grayscale');--wp--preset--duotone--purple-yellow: url('#wp-duotone-purple-yellow');--wp--preset--duotone--blue-red: url('#wp-duotone-blue-red');--wp--preset--duotone--midnight: url('#wp-duotone-midnight');--wp--preset--duotone--magenta-yellow: url('#wp-duotone-magenta-yellow');--wp--preset--duotone--purple-green: url('#wp-duotone-purple-green');--wp--preset--duotone--blue-orange: url('#wp-duotone-blue-orange');--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} </style> <link rel='stylesheet' id='category-css-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-category-page-enhancement/css/category-css.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='multiauthor_custom_front_style-css' href='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/css/multiauthor.css?ver=1.1' type='text/css' media='all' /> <link rel='stylesheet' id='parent-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='child-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='ciscowordpress-style-css' href='https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/style.css?ver=5.9.2' type='text/css' media='all' /> <style id='ciscowordpress-style-inline-css' type='text/css'> @media only screen and (min-width: 930px){ ul#featured_categories li{ width: calc(100%/ ); }} </style> <link rel='stylesheet' id='cui-standard-css' href='https://www.cisco.com/web/fw/cisco-ui/1.3.5/dist/css/cui-standard.min.css?ver=5.9.2' type='text/css' media='all' /> <link rel='stylesheet' id='style_login_widget-css' href='https://blogs.cisco.com/wp-content/plugins/miniorange-oauth-oidc-single-sign-on/resources/css/style_login_widget.css?ver=5.9.2' type='text/css' media='all' /> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/plugins/cisco-multiple-authors/js/custom-multiauthor.js?ver=5.9.2' id='multiauthor_custom_js-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/card-dropdown.js?ver=5.9.2' id='ciscowordpress-card-tag-dropdown-js'></script> <link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://blogs.cisco.com/xmlrpc.php?rsd" /> <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="https://blogs.cisco.com/wp-includes/wlwmanifest.xml" /> <meta name="generator" content="WordPress 5.9.2" /> <link rel='shortlink' href='https://blogs.cisco.com/?p=454622' /> <link rel="alternate" type="application/json+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Flearning%2Fsecuring-the-llm-stack" /> <link rel="alternate" type="text/xml+oembed" href="https://blogs.cisco.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fblogs.cisco.com%2Flearning%2Fsecuring-the-llm-stack&format=xml" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-150x150.jpg" sizes="32x32" /> <link rel="icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" sizes="192x192" /> <link rel="apple-touch-icon" href="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" /> <meta name="msapplication-TileImage" content="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/09/cropped-Cisco-logo-thumb-sky-blue-300x300.jpg" /> </head> <body class="post-template-default single single-post postid-454622 single-format-standard no-sidebar"> <div id="page" class="site"> <cdc-template-micro lang="en" search-set-context="blogs"> <a class="skip-link screen-reader-text" href="#content">Skip to content</a> <header id="masthead" class="site-header"> </header> <div id="content" class="site-content"> <div id="primary" class="content-area"> <main id="main" class="site-main"> <p id="breadcrumbs"><span><span><a href="https://blogs.cisco.com/">Cisco Blogs</a> / <span><a href="https://blogs.cisco.com/learning">Learning</a> / <span class="breadcrumb_last" aria-current="page">Securing the LLM Stack</span></span></span></span></p> <div class="blog-post-header"> </div> <article id="post-454622" class="post-454622 post type-post status-publish format-standard has-post-thumbnail hentry category-learning tag-artificial-intelligence tag-cybersecurity tag-featured tag-llm"> <div class="main-content"> <header class="entry-header"> <div class="entry-meta"> March 26, 2024 <a id="post-comments" href="https://blogs.cisco.com/learning/securing-the-llm-stack#respond">Leave a Comment</a> <hr> </div> </header> <div class="blog-post-header"> <div class="thumbnail-avatar"> <div class="post-thumbnail" style="background-image:url(https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/IL20240326200531-Securing-the-LLM-Stack_Omar-Santos-scaled-600x200.jpg);"> <img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1492091254-bpfull.jpg" width="102" height="102" alt="Avatar" class="avatar avatar-102 wp-user-avatar wp-user-avatar-102 photo avatar-default"> </div> </div> <div class="blog-cat-post-author-container"> <a href=https://blogs.cisco.com/learning><h5>Learning</h5></a> <h1 class="entry-title">Securing the LLM Stack</h1><p class="wordcount"><span class="black">7 min read</span></p> <p> <a href="https://blogs.cisco.com/author/omarsantos" title="Posts by Omar Santos" rel="author">Omar Santos</a> </p> </div> </div>  <div class="entry-content"> <p>A few months ago, I wrote about the security of AI models, fine-tuning techniques, and the use of Retrieval-Augmented Generation (RAG) in a <a href="https://blogs.cisco.com/security/securing-ai-navigating-the-complex-landscape-of-models-fine-tuning-and-rag" target="_blank" rel="noopener">Cisco Security Blog post</a>. In this blog post, I will continue the discussion on the critical importance of learning how to secure AI systems, with a special focus on current LLM implementations and the “LLM stack.”</p> <p>I also recently published two books. The first book is titled “<a href="https://www.ciscopress.com/store/ai-revolution-in-networking-cybersecurity-and-emerging-9780138293697" target="_blank" rel="noopener">The AI Revolution in Networking, Cybersecurity, and Emerging Technologies”</a> where my co-authors and I cover the way AI is already revolutionizing networking, cybersecurity, and emerging technologies. The second book, “<a href="https://www.ciscopress.com/store/beyond-the-algorithm-ai-security-privacy-and-ethics-9780138268459" target="_blank" rel="noopener">Beyond the Algorithm: AI, Security, Privacy, and Ethics,”</a> co-authored with <a href="https://www.cs.ox.ac.uk/news/2282-full.html" target="_blank" rel="noopener">Dr. Petar Radanliev of Oxford University</a>, presents an in-depth exploration of critical subjects including red teaming AI models, monitoring AI deployments, AI supply chain security, and the application of privacy-enhancing methodologies such as federated learning and homomorphic encryption. Additionally, it discusses strategies for identifying and mitigating bias within AI systems.</p> <p>For now, let’s explore some of the key factors in securing AI implementations and the LLM Stack.</p> <h2><strong>What is the LLM Stack?</strong></h2> <p>The “LLM stack” generally refers to a stack of technologies or components centered around Large Language Models (LLMs). This “stack” can include a wide range of technologies and methodologies aimed at leveraging the capabilities of LLMs (e.g., vector databases, embedding models, APIs, plugins, orchestration libraries like LangChain, guardrail tools, etc.).</p> <p>Many organizations are trying to implement <a href="https://community.cisco.com/t5/security-blogs/generative-ai-retrieval-augmented-generation-rag-and-langchain/ba-p/4933714" target="_blank" rel="noopener">Retrieval-Augmented Generation (RAG)</a> nowadays. This is because RAG significantly enhances the accuracy of LLMs by combining the generative capabilities of these models with the retrieval of relevant information from a database or knowledge base. I introduced <a href="https://community.cisco.com/t5/security-blogs/generative-ai-retrieval-augmented-generation-rag-and-langchain/ba-p/4933714" target="_blank" rel="noopener">RAG in this article</a>, but in short, RAG works by first querying a database with a question or prompt to retrieve relevant information. This information is then fed into an LLM, which generates a response based on both the input prompt and the retrieved documents. The result is a more accurate, informed, and contextually relevant output than what could be achieved by the LLM alone.</p> <p>Let’s go over the typical “LLM stack” components that make RAG and other applications work. The following figure illustrates the LLM stack.</p> <p><img class="aligncenter wp-image-454633 size-medium_large" src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_insertion-graphic-768x706.png" alt="diagram showing the Large Language Models (LLM ) stack components that make Retrieval Augmented Retrieval Generation (RAG) and applications work" width="640" height="588" srcset="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_insertion-graphic-768x706.png 768w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_insertion-graphic-300x276.png 300w, https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2024/03/Securing-the-LLM-Stack_insertion-graphic.png 936w" sizes="(max-width: 640px) 100vw, 640px" /></p> <h2><strong>Vectorizing Data and Security</strong></h2> <p>Vectorizing data and creating embeddings are crucial steps in preparing your dataset for effective use with RAG and underlying tools. Vector embeddings, also known as vectorization, involve transforming words and different types of data into numerical values, where each piece of data is depicted as a vector within a high-dimensional space. OpenAI offers different <a href="https://platform.openai.com/docs/guides/embeddings/embedding-models" target="_blank" rel="noopener">embedding models</a> that can be used via their API. You can also use open source <a href="https://huggingface.co/models?other=embeddings" target="_blank" rel="noopener">embedding models from Hugging Face</a>. The following is an example of how the text “<em>Example from Omar for this blog</em>” was converted into “numbers” (<em>embeddings</em>) using the <a href="https://platform.openai.com/docs/guides/embeddings/embedding-models" target="_blank" rel="noopener">text-embedding-3-small</a> model from OpenAI.</p> <p> </p> <pre> "object": "list", "data": [ { "object": "embedding", "index": 0, "embedding": [ 0.051343333, 0.004879803, -0.06099363, -0.0071908776, 0.020674748, -0.00012919278, 0.014209986, 0.0034705158, -0.005566879, 0.02899774, 0.03065297, -0.034541197, <output omitted for brevity> ] } ], "model": "text-embedding-3-small", "usage": { "prompt_tokens": 6, "total_tokens": 6 } }</pre> <p>The first step (even before you start creating embeddings) is data collection and ingestion. Gather and ingest the raw data from different sources (e.g., databases, PDFs, JSON, log files and other information from Splunk, etc.) into a centralized data storage system called a <a href="https://www.mongodb.com/basics/vector-databases#:~:text=A%20vector%20database%20%E2%80%94%20also%20known,in%20a%20multi%2Ddimensional%20space.">vector database</a>.</p> <p><strong>Note</strong>: Depending on the type of data you will need to clean and normalize the data to remove noise, such as irrelevant information and duplicates.</p> <p>Ensuring the security of the embedding creation process involves a multi-faceted approach that spans from the selection of embedding models to the handling and storage of the generated embeddings. Let’s start discussing some security considerations in the embedding creation process.</p> <p>Use well-known, commercial or open-source embedding models that have been thoroughly vetted by the community. Opt for models that are widely used and have a strong community support. Like any software, embedding models and their dependencies can have vulnerabilities that are discovered over time. Some embedding models could be manipulated by threat actors. This is why supply chain security is so important.</p> <p>You should also validate and sanitize input data. The data used to create embeddings may contain sensitive or personal information that needs to be protected to comply with data protection regulations (e.g., GDPR, CCPA). Apply data anonymization or pseudonymization techniques where possible. Ensure that data processing is performed in a secure environment, using encryption for data at rest and in transit.</p> <p>Unauthorized access to embedding models and the data they process can lead to data exposure and other security issues. Use strong authentication and access control mechanisms to restrict access to embedding models and data.</p> <h2><strong>Indexing and Storage of Embeddings</strong></h2> <p>Once the data is vectorized, the next step is to store these vectors in a searchable database or a vector database such as ChromaDB, pgvector, MongoDB Atlas, FAISS (Facebook AI Similarity Search), or Pinecone. These systems allow for efficient retrieval of similar vectors.</p> <p>Did you know that some vector databases do not support encryption? Make sure that the solution you use supports encryption.</p> <h2><strong>Orchestration Libraries and Frameworks like LangChain</strong></h2> <p>In the diagram I used earlier, you can see a reference to libraries like LangChain and LlamaIndex. LangChain is a framework for developing applications powered by LLMs. It enables context-aware and reasoning applications, providing libraries, templates, and a developer platform for building, testing, and deploying applications. LangChain consists of several parts, including libraries, templates, LangServe for deploying chains as a REST API, and LangSmith for debugging and monitoring chains. It also offers a <a href="https://python.langchain.com/docs/expression_language/" target="_blank" rel="noopener">LangChain Expression Language (LCEL)</a> for composing chains and provides standard interfaces and integrations for modules like model I/O, retrieval, and AI agents. I wrote <a href="https://becomingahacker.org/langchain-is-everywhere-5415613390f1">an article</a> about numerous LangChain resources and related tools that are also available at <a href="https://hackerrepo.org/" target="_blank" rel="noopener">one of my GitHub repositories</a>.</p> <p>Many organizations use LangChain supports many use cases, such as personal assistants, question answering, chatbots, querying tabular data, and more. It also provides example code for building applications with an emphasis on more applied and end-to-end examples.</p> <p>Langchain can interact with external APIs to fetch or send data in real-time to and from other applications. This capability allows LLMs to access up-to-date information, perform actions like booking appointments, or retrieve specific data from web services. The framework can dynamically construct API requests based on the context of a conversation or query, thereby extending the functionality of LLMs beyond static knowledge bases. When integrating with external APIs, it’s crucial to use secure authentication methods and encrypt data in transit using protocols like HTTPS. API keys and tokens should be stored securely and never hard-coded into the application code.</p> <h2><strong>AI Front-end Applications</strong></h2> <p>AI front-end applications refer to the user-facing part of AI systems where interaction between the machine and humans takes place. These applications leverage AI technologies to provide intelligent, responsive, and personalized experiences to users. The front end for chatbots, virtual assistants, personalized recommendation systems, and many other AI-driven applications can be easily created with libraries like <a href="https://docs.streamlit.io/" target="_blank" rel="noopener">Streamlit</a>, <a href="https://vercel.com/templates/ai" target="_blank" rel="noopener">Vercel</a>, <a href="https://github.com/steamship-core/python-client" target="_blank" rel="noopener">Streamship</a>, and others.</p> <p>The implementation of traditional web application security practices is essential to protect against a wide range of vulnerabilities, such as <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/" target="_blank" rel="noopener">broken access control</a>, <a href="https://owasp.org/Top10/A02_2021-Cryptographic_Failures/" target="_blank" rel="noopener">cryptographic failures</a>, <a href="https://owasp.org/Top10/A03_2021-Injection/" target="_blank" rel="noopener">injection vulnerabilities</a> like <a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html" target="_blank" rel="noopener">cross-site scripting (XSS)</a>, <a href="https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html" target="_blank" rel="noopener">server-side request forgery (SSRF),</a> and many other vulnerabilities.</p> <h2><strong>LLM Caching</strong></h2> <p>LLM caching is a technique used to improve the efficiency and performance of LLM interactions. You can use implementations like SQLite Cache, Redis, and GPTCache. <a href="https://python.langchain.com/docs/integrations/llms/llm_caching" target="_blank" rel="noopener">LangChain provides examples</a> of how these caching methods could be leveraged.</p> <p>The basic idea behind LLM caching is to store previously computed results of the model’s outputs so that if the same or similar inputs are encountered again, the model can quickly retrieve the stored output instead of recomputing it from scratch. This can significantly reduce the computational overhead, making the model more responsive and cost-effective, especially for frequently repeated queries or common patterns of interaction.</p> <p>Caching strategies must be carefully designed to ensure they do not compromise the model’s ability to generate relevant and updated responses, especially in scenarios where the input context or the external world knowledge changes over time. Moreover, effective cache invalidation strategies are crucial to prevent outdated or irrelevant information from being served, which can be challenging given the dynamic nature of knowledge and language.</p> <h2><strong>LLM Monitoring and Policy Enforcement Tools</strong></h2> <p>Monitoring is one of the most important elements of LLM stack security. There are many open source and commercial LLM monitoring tools such as <a href="https://mlflow.org/docs/latest/introduction/index.html" target="_blank" rel="noopener">MLFlow.</a> There are also several tools that can help protect against prompt injection attacks, such as Rebuff. Many of these work in isolation. Cisco recently announced <a href="https://motific.ai/" target="_blank" rel="noopener">Motific.ai</a>.</p> <p>Motific enhances your ability to implement both predefined and tailored controls over Personally Identifiable Information (PII), toxicity, hallucination, topics, token limits, prompt injection, and data poisoning. It provides comprehensive visibility into operational metrics, policy flags, and audit trails, ensuring that you have a clear oversight of your system’s performance and security. Additionally, by analyzing user prompts, Motific enables you to grasp user intents more accurately, optimizing the utilization of foundation models for improved outcomes.</p> <p>Cisco also provides an LLM security protection suite inside <a href="https://www.panoptica.app/solutions/cloud-native-application-security-solution#genai" target="_blank" rel="noopener">Panoptica</a>. Panoptica is Cisco’s cloud application security solution for code to cloud. It provides seamless scalability across clusters and multi-cloud environments.</p> <h2><strong>AI Bill of Materials and Supply Chain Security</strong></h2> <p>The need for transparency, and traceability in AI development has never been more crucial. Supply chain security is top-of-mind for many individuals in the industry. This is why AI Bill of Materials (AI BOMs) are so important. But what exactly are AI BOMs, and why are they so important? How do Software Bills of Materials (SBOMs) differ from AI Bills of Materials (AI BOMs)? SBOMs serve a crucial role in the software development industry by providing a detailed inventory of all components within a software application. This documentation is essential for understanding the software’s composition, including its libraries, packages, and any third-party code. On the other hand, AI BOMs cater specifically to artificial intelligence implementations. They offer comprehensive documentation of an AI system’s many elements, including model specifications, model architecture, intended applications, training datasets, and additional pertinent information. This distinction highlights the specialized nature of AI BOMs in addressing the unique complexities and requirements of AI systems, compared to the broader scope of SBOMs in software documentation.</p> <p>I <a href="https://dx.doi.org/10.13140/RG.2.2.18893.61929" target="_blank" rel="noopener">published a paper</a> with Oxford University, titled “Toward Trustworthy AI: An Analysis of Artificial Intelligence (AI) Bill of Materials (AI BOMs)”, that explains the concept of AI BOMs. Dr. Allan Friedman (CISA), Daniel Bardenstein, and I presented in <a href="https://drive.google.com/file/d/1mEWlTLq2tzsvNXlMe8xOub2CguqBsxXf/view?usp=drive_link" target="_blank" rel="noopener">a webinar</a> describing the role of AI BOMs. Since then, the Linux Foundation <a href="https://spdx.dev/learn/areas-of-interest/ai/" target="_blank" rel="noopener">SPDX</a> and OWASP <a href="https://cyclonedx.org/" target="_blank" rel="noopener">CycloneDX</a> have started working on AI BOMs (otherwise known as AI profile SBOMs).</p> <p>Securing the LLM stack is essential not only for protecting data and preserving user trust but also for ensuring the operational integrity, reliability, and ethical use of these powerful AI models. As LLMs become increasingly integrated into various aspects of society and industry, their security becomes paramount to prevent potential negative impacts on individuals, organizations, and society at large.</p> <p style="text-align: center;">Sign up for <a href="https://u.cisco.com/?utm_campaign=ciscou&utm_source=blog-cisco&utm_medium=cu-static-blog-footer" target="_blank" rel="noopener">Cisco U.</a> | Join the <a href="https://learningnetwork.cisco.com/s/?ccid=learning&dtid=blog&oid=blog-cisco-footer" target="_blank" rel="noopener">Cisco Learning Network</a>.</p> <blockquote> <h2 style="text-align: center;"><strong>Follow Cisco Learning & Certifications</strong></h2> <h3 style="text-align: center;"><strong><a href="https://twitter.com/LearningatCisco" target="_blank" rel="noopener">Twitter</a> | <a href="https://www.facebook.com/learningatcisco" target="_blank" rel="noopener">Facebook</a> | <a href="https://www.linkedin.com/showcase/cisco_training_and_certification" target="_blank" rel="noopener">LinkedIn</a> | <a href="https://www.instagram.com/learningatcisco/" target="_blank" rel="noopener">Instagram</a></strong><strong> | <a href="https://www.youtube.com/@CiscoUtube" target="_blank" rel="noopener">YouTube</a></strong></h3> </blockquote> <p style="text-align: center;">Use<strong> #CiscoU</strong> and <strong>#CiscoCert</strong> to join the conversation.</p> <div id="share_bar_desktop"> <span class = "share_title">Share</span> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=https://blogs.cisco.com/learning/securing-the-llm-stack&text=Securing the LLM Stack&via=LearningatCisco" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/learning/securing-the-llm-stack&title=Securing the LLM Stack" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/learning/securing-the-llm-stack" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Securing the LLM Stack&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0ASecuring the LLM Stack%0A%0Ahttps://blogs.cisco.com/learning/securing-the-llm-stack%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> <div class = "share_text">Share:</div> <div id="share_bar_mobile"> <div class="twitter"> <div class = "box"> <a class = "share" href="https://twitter.com/intent/tweet?url=https://blogs.cisco.com/learning/securing-the-llm-stack&text=Securing the LLM Stack&via=LearningatCisco" target='_blank' data-config-metrics-group='social_shares' data-config-metrics-title='twitter_shares' data-config-metrics-item='twitter_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_white.svg" alt="share on twitter"></a> </div> </div> <div class="facebook"> <div class = "box"> <a class = "share" href = "http://www.facebook.com/sharer/sharer.php?u=https://blogs.cisco.com/learning/securing-the-llm-stack&title=Securing the LLM Stack" data-config-metrics-group='social_shares' data-config-metrics-title='facebook_shares' data-config-metrics-item='facebook_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_fb_white.svg" alt="share on facebook"></a> </div> </div> <div class="linkedin"> <div class = "box"> <a class = "share" href = "https://www.linkedin.com/cws/share?url=https://blogs.cisco.com/learning/securing-the-llm-stack" data-title=" " data-config-metrics-group='social_shares' data-config-metrics-title='linkedin_shares' data-config-metrics-item='linkedin_share' onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_white.svg" alt="share on linkedin"></a> </div> </div> <div class = "mail"> <div class = "box"> <a class="share" href="mailto:?subject=Cisco Blog: Securing the LLM Stack&body=I saw this post on Cisco Blogs and thought you might like to read it.%0A%0ASecuring the LLM Stack%0A%0Ahttps://blogs.cisco.com/learning/securing-the-llm-stack%0A%0A****Disclaimer****%0A%0ACisco is not responsible for the content of this email, and its contents do not necessarily reflect Cisco’s views or opinions. Cisco has not verified the email address or name of the sender." data-config-metrics-group='social_shares' data-config-metrics-title='email_shares' data-config-metrics-item='email_share'> <img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_email_white.svg"> </a> </div> </div> <div class = "clear"></div> </div> <br> </div> <div class="author-section"> <div><h2>Authors</h2></div> <div class="auth-row"> <div class="blog-row author-bio"> <div class="item-thirds-1 author-bio-box" > <div class="author-image" > <a href="https://blogs.cisco.com/author/omarsantos"><img src="https://storage.googleapis.com/blogs-images-new/ciscoblogs/1/2022/07/1492091254-bpfull.jpg" width="150" height="150" alt="Avatar" class="avatar avatar-150wp-user-avatar wp-user-avatar-150 alignnone photo avatar-default"> </a> </div> <div class="author-info"> <h3><a href="https://blogs.cisco.com/author/omarsantos"> Omar Santos</a> </h3> <h4 class="title">Distinguished Engineer </h4> <h4>Cisco Product Security Incident Response Team (PSIRT) Security Research and Operations</h4> <a href="https://twitter.com/santosomar" rel="nofollow" target="_blank"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_X_navy.svg" alt="share on facebook"></a><a href="https://www.linkedin.com/in/santosomar" rel="nofollow" target="_blank"><img class="share_image" src="https://blogs.cisco.com/wp-content/themes/ciscowordpress-child/svg/share_li_navy.svg" alt="share on facebook"></a> </div> </div> </div> </div> </div> <footer class="entry-footer"> </footer> </article> <div id="tags-container">Tags: <a href="https://blogs.cisco.com/tag/artificial-intelligence" rel="tag">Artificial Intelligence (AI)</a> <a href="https://blogs.cisco.com/tag/cybersecurity" rel="tag">Cybersecurity</a> <a href="https://blogs.cisco.com/tag/featured" rel="tag">Featured</a> <a href="https://blogs.cisco.com/tag/llm" rel="tag">Large Language Models (LLM)</a> <hr id="comment-break-line"> </div> </main> </div> </div>  <div id="social-footer" class="blog-row"> <ul class="social-footer-item item-full"> <h5> CONNECT WITH US </h5> <ul id="social-icons-list"> <li> <a href="https://www.linkedin.com/company/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's LinkedIn"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m24.80382,24.53603l-3.70694,0l0,-5.62559c0,-1.34209 -0.02431,-3.06801 -1.92709,-3.06801c-1.92986,0 -2.22361,1.46262 -2.22361,2.97171l0,5.72189l-3.70347,0l0,-11.56902l3.55417,0l0,1.58181l0.05069,0c0.49445,-0.90976 1.70486,-1.86868 3.50903,-1.86868c3.75347,0 4.44722,2.39528 4.44722,5.51111l0,6.34478zm-15.74236,-13.1495c-1.19097,0 -2.15139,-0.934 -2.15139,-2.08552c0,-1.15084 0.96042,-2.08485 2.15139,-2.08485c1.18611,0 2.14931,0.93401 2.14931,2.08485c0,1.15152 -0.9632,2.08552 -2.14931,2.08552l0,0zm1.85486,13.1495l0,-11.56902l-3.71111,0l0,11.56902l3.71111,0zm15.73403,-20.65724l-21.30556,0c-1.01736,0 -1.84444,0.78249 -1.84444,1.74815l0,20.74545c0,0.96499 0.82708,1.74882 1.84444,1.74882l21.30556,0c1.02014,0 1.84931,-0.78383 1.84931,-1.74882l0,-20.74545c0,-0.96566 -0.82917,-1.74815 -1.84931,-1.74815l0,0z" fill="#fff" fill-rule="evenodd"></path></svg></a></li> <li> <a href="https://twitter.com/LearningatCisco" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Twitter"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> <path d="M25.2019 2H30.1087L19.3887 13.8605L32 30H22.1254L14.3913 20.2115L5.54174 30H0.631901L12.0981 17.3138L0 2H10.1252L17.1162 10.9471L25.2019 2ZM23.4797 27.1569H26.1987L8.64785 4.69374H5.73013L23.4797 27.1569Z" fill="#fff"/> </svg></a></li> <li> <a href="https://www.facebook.com/cisco/" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Facebook"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m26.62006,4l-22.2403,0c-0.7622,0 -1.37976,0.59894 -1.37976,1.33804l0,21.56635c0,0.73891 0.61756,1.33803 1.37976,1.33803l11.97343,0l0,-9.38796l-3.25793,0l0,-3.65868l3.25793,0l0,-2.69815c0,-3.13113 1.97213,-4.83613 4.85266,-4.83613c1.37975,0 2.56571,0.09955 2.91135,0.14415l0,3.2722l-1.99788,0.00091c-1.56654,0 -1.86993,0.72183 -1.86993,1.7812l0,2.33582l3.7362,0l-0.48652,3.65868l-3.24968,0l0,9.38796l6.37067,0c0.76191,0 1.37975,-0.59912 1.37975,-1.33803l0,-21.56635c0,-0.7391 -0.61784,-1.33804 -1.37975,-1.33804" fill="#fff"></path></svg></a></li> <li> <a href="https://www.instagram.com/cisco/?hl=en" target="_blank" rel=”noopener noreferrer” tabindex="0" alt= "Go to Cisco's Instagram"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g fill="#fff"><path d="m22.23823,2.07724l-12.4768,0c-4.23706,0 -7.68419,3.44729 -7.68419,7.68435l0,12.4768c0,4.23723 3.44713,7.68436 7.68419,7.68436l12.4768,0c4.23739,0 7.68452,-3.4473 7.68452,-7.68436l0,-12.4768c0.00016,-4.23706 -3.44713,-7.68435 -7.68452,-7.68435zm5.21409,20.16115c0,2.87494 -2.33899,5.21377 -5.21393,5.21377l-12.47696,0c-2.87478,0.00016 -5.2136,-2.33883 -5.2136,-5.21377l0,-12.4768c0,-2.87477 2.33882,-5.21376 5.2136,-5.21376l12.4768,0c2.87494,0 5.21393,2.33899 5.21393,5.21376l0,12.4768l0.00016,0z"></path><path d="m15.99999,8.82524c-3.9564,0 -7.17508,3.21868 -7.17508,7.17508c0,3.95624 3.21868,7.17476 7.17508,7.17476c3.9564,0 7.17509,-3.21852 7.17509,-7.17476c0,-3.9564 -3.21869,-7.17508 -7.17509,-7.17508zm0,11.87908c-2.59395,0 -4.70449,-2.11021 -4.70449,-4.70416c0,-2.59412 2.11038,-4.7045 4.70449,-4.7045c2.59412,0 4.7045,2.11038 4.7045,4.7045c0,2.59395 -2.11054,4.70416 -4.7045,4.70416z"></path><path d="m23.47599,6.73035c-0.476,0 -0.9436,0.1927 -1.27976,0.53035c-0.33781,0.336 -0.532,0.80376 -0.532,1.28141c0,0.47617 0.19435,0.94377 0.532,1.28141c0.336,0.336 0.80376,0.53036 1.27976,0.53036c0.47765,0 0.94377,-0.19436 1.28141,-0.53036c0.33765,-0.33764 0.53036,-0.80541 0.53036,-1.28141c0,-0.47765 -0.19271,-0.94541 -0.53036,-1.28141c-0.336,-0.33765 -0.80376,-0.53035 -1.28141,-0.53035z"></path></g></svg></a></li> <li> <a href="https://www.youtube.com/user/Cisco/welcome" target="_blank" rel=”noopener noreferrer” tabindex="0" alt="Go to Cisco's Youtube"><svg width="32" height="32" viewBox="0 0 32 32" role="img" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><path d="m12.73901,19.93335l-0.00144,-8.54172l8.47104,4.28574l-8.4696,4.25598zm18.59878,-10.02146c0,0 -0.30631,-2.09493 -1.24635,-3.01746c-1.19214,-1.21081 -2.52842,-1.21682 -3.14122,-1.28769c-4.38704,-0.30753 -10.96784,-0.30753 -10.96784,-0.30753l-0.01363,0c0,0 -6.58064,0 -10.96784,0.30753c-0.61283,0.07087 -1.94862,0.07688 -3.14119,1.28769c-0.93998,0.92253 -1.24586,3.01746 -1.24586,3.01746c0,0 -0.31352,2.46013 -0.31352,4.92024l0,2.30635c0,2.46008 0.31352,4.92018 0.31352,4.92018c0,0 0.30588,2.09496 1.24586,3.01749c1.19257,1.21085 2.7591,1.17254 3.45682,1.29945c2.50808,0.23321 10.65906,0.30539 10.65906,0.30539c0,0 6.58758,-0.00962 10.97462,-0.31712c0.6128,-0.07089 1.94908,-0.07687 3.14122,-1.28772c0.94004,-0.92253 1.24635,-3.01749 1.24635,-3.01749c0,0 0.31306,-2.4601 0.31306,-4.92018l0,-2.30635c0,-2.46011 -0.31306,-4.92024 -0.31306,-4.92024l0,0z" fill="#fff"></path></svg></a></li> </ul> </ul> </div>  </cdc-template-micro>  </div> <script type="text/javascript" src="//www.cisco.com/c/dam/cdc/t/ctm.js"></script> <script> function convert_to_url(obj) { return Object .keys(obj) .map(k => `${encodeURIComponent(k)}=${encodeURIComponent(obj[k])}`) .join('&'); } function pass_to_backend() { if(window.location.hash) { var hash = window.location.hash; var elements = {}; hash.split("#")[1].split("&").forEach(element => { var vars = element.split("="); elements[vars[0]] = vars[1]; }); if(("access_token" in elements) || ("id_token" in elements) || ("token" in elements)) { if(window.location.href.indexOf("?") !== -1) { window.location = (window.location.href.split("?")[0] + window.location.hash).split('#')[0] + "?" + convert_to_url(elements); } else { window.location = window.location.href.split('#')[0] + "?" + convert_to_url(elements); } } } } pass_to_backend(); </script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/navigation.js?ver=20151215' id='ciscowordpress-navigation-js'></script> <script type='text/javascript' src='https://blogs.cisco.com/wp-content/themes/ciscowordpress/js/skip-link-focus-fix.js?ver=20151215' id='ciscowordpress-skip-link-focus-fix-js'></script> </body> </html>