Aqua Security Releases Industry-first Solution to Secure Large Language Model (LLM)-Based Applications from Code to Cloud
May 3, 2024Aqua Security unveiled new capabilities specifically designed to secure the development and operation of generative AI applications leveraging Large Language Models (LLMs). As more and more businesses embrace LLMs, new attack vectors get introduced into their applications and operations. Aqua is now pioneering LLM application security to help companies stay secure while keeping on the cutting edge of application development.
LLM technology has introduced new capabilities for applications, empowering businesses to deliver personalized experiences and increase efficiencies. However, these innovations bring forward risks that demand proactive strategies to mitigate potential vulnerabilities.
“The widespread adoption of LLM-powered applications, without a full understanding of the security risks and implications, highlights the critical need for security tools that allow companies to use this technology confidently without slowing down innovation,” says Gilad Elyashar, Chief Product Officer, Aqua Security. “The immense promise of LLM applications is contrasted by the new attack vectors that come with it, such as prompt injections, insecure LLM interactions and unauthorized data access. OWASP created the Top 10 list for LLM applications to drive awareness around these risks. Aqua Security provides comprehensive protection for LLM-powered applications from code to cloud using the OWASP recommendations, preventing and detecting GenAI-related attacks and tracing security gaps back to specific lines of code.”
Aqua Security offers a comprehensive approach to LLM security:
- Code Integrity: Aqua Security employs advanced code scanning technology to identify and mitigate unsafe use of LLM in application code, including unauthorized data access, misconfigurations, and vulnerabilities specific to LLM-powered applications. For example, Aqua can detect unauthorized access of LLM outputs which may try to execute malicious code and initiate attacks.
- Real-Time Monitoring: Aqua Security’s runtime protection capabilities actively monitor LLM-powered application workloads and prevent unauthorized actions that LLMs might attempt, such as executing malicious code due to prompt injection attacks.
- GenAI Assurance Policies: Aqua Security employs specific GenAI assurance policies that serve as guardrails for developers of LLM-powered applications. These policies prevent unsafe usage of LLMs and are based on practices from the OWASP Top 10 for LLMs and other recognized industry standards.
“Organizations are transforming their businesses with LLM technologies. Our mission is to enable the secure and rapid adoption of LLMs, enhancing their market readiness quickly and safely,” adds Elyashar. “With Aqua Security, businesses can confidently navigate the complexities of LLM-based application development and deployment, ensuring compliance with regulatory standards and safeguarding against malicious exploits.”
Aqua Security’s solution equips security teams, DevOps practitioners, and compliance professionals with the tools and expertise needed to navigate the intricate landscape of LLM security. By bridging the gap between security requirements and development processes, Aqua Security enables organizations to embrace innovation while mitigating potential risks.
These new capabilities seamlessly integrate into the company’s broader cloud native application protection platform (CNAPP), providing a unified solution for holistic protection across the entire cloud native application lifecycle.