Join us on May 15 for a live demo of how Burp Suite DAST solves real-world security challenges.            Register Now
Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

Web LLM attacks

This learning path teaches you how to perform attacks using Large Language Models (LLMs). You'll learn how to construct attacks that take advantage of an LLM's access to data, API, and user information that you would not be able to access directly.

Contents

Get started: What is a large language model?

0 of 17

GET STARTED

What is a Large Language Model? 0 of 3

What is a large language model? Get started

LLM attacks and prompt injection

Detecting LLM vulnerabilities

Exploiting LLM APIs, functions, and plugins 0 of 6

Exploiting LLM APIs, functions, and plugins

How LLM APIs work

Mapping LLM API attack surface

Lab: Exploiting LLM APIs with excessive agency APPRENTICE

Chaining vulnerabilities in LLM APIs

Lab: Exploiting vulnerabilities in LLM APIs PRACTITIONER

Indirect prompt injection 0 of 4

Indirect prompt injection

Indirect prompt injection - Continued

Lab: Indirect prompt injection PRACTITIONER

Training data poisoning

Leaking sensitive training data 0 of 1

Leaking sensitive training data

Defending against LLM attacks 0 of 3

Treat APIs given to LLMs as publicly accessible

Don't feed LLMs sensitive data

Don't rely on prompting to block attacks