https://github.com/nahumsa/llm-security-chatbot

Chatbot for llm security.
https://github.com/nahumsa/llm-security-chatbot

Last synced: 4 months ago
JSON representation

Chatbot for llm security.

• Host: GitHub
• URL: https://github.com/nahumsa/llm-security-chatbot
• Owner: nahumsa
• License: apache-2.0
• Created: 2024-09-03T13:36:06.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2024-10-08T02:07:24.000Z (8 months ago)
• Last Synced: 2025-01-11T00:22:48.499Z (5 months ago)
• Language: Python
• Size: 114 KB
• Stars: 3
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Chatbot with OWASP Top 10 for LLMs Applications

## Introduction

As large language models (LLMs) become more integrated into applications, ensuring their security is crucial. LLMs can inadvertently introduce vulnerabilities such as prompt injections, data leaks, and insecure output handling, which can lead to serious security breaches if not properly managed.

This project focuses on raising awareness of these potential risks by embedding the OWASP Top 10 guidelines for LLMs directly into the chatbot's architecture. By utilizing a Retrieval-Augmented Generation (RAG) model, the chatbot delivers relevant, up-to-date security advice, helping developers and users mitigate the specific threats associated with deploying LLMs in production environments.

The importance of this project lies in its ability to:

- Promote secure LLM development: By highlighting key security risks and providing actionable guidance.

- Reduce common vulnerabilities: Addressing critical risks like unauthorized access, prompt injections, and data leakage.

- Foster trust in AI applications: Encouraging the development of LLMs that handle sensitive information responsibly.

- Align with industry standards: Ensuring that applications adhere to the well-recognized OWASP Top 10 for LLM security practices.

- This project serves as a practical resource for developers, security professionals, and AI practitioners aiming to build LLM-based systems that are both effective and secure.

## Getting Started

### Prerequisites

To run this project, you'll need:

- Python 3.10

- Elasticsearch

- Docker

- Make

## Environment Variables

In order to get your GOOGLE_API_KEY you can access [aistudio](https://aistudio.google.com/):

| Variable Name  | Description                                                  | Example Value               |

|----------------|--------------------------------------------------------------|-----------------------------|

| `GOOGLE_API_KEY` | API key Google Gemini                                          | `asinodnoiansd12po3i2` |

## Running the Application

To run the application, follow these steps:

1. **Clone the repository**:

    ```bash

    git clone https://github.com/nahumsa/llm-security-chatbot.git

    ```

2. **Set up environment variables**:

    You can set the environment variables directly in your shell or create a `.env` file in the root directory of your project:

    ```bash

    export google_api_key="api_key"

    ```

    Or create a `.env` file:

    ```dotenv

    google_api_key="api_key"

    ```

    and run:

    ```bash

    export $(cat .env | xargs)

    ```

3. **Run the application**:

    ```bash

    docker compose up

    ```

Now, your application should be running and you can see the swagger at: [http://localhost:8080/docs](http://localhost:8080/docs#/default/rag_query_rag_post).

4. If you want to run the evals you can run them using using Make:

- 4.1 Evaluating Retrieval

    ```bash

    make evaluate_retrieval

    ```

- 4.2 Evaluating RAG

    ```bash

    make evaluate_rag

    ```