Książki/rozdziały (WU)
Stały URI dla tej kolekcji
Przeglądaj
Przeglądanie Książki/rozdziały (WU) według Autor "Anchimiuk, Aleksander"
Wyniki na stronie
Opcje wyszukiwania
-
RekordInsecure Output Handling in Large Language Models / Niebezpieczne przetwarzanie danych wyjściowych w dużych modelach językowych(Akademia Bialska im. Jana Pawła II, 2025) Anchimiuk, AleksanderLarge Language Models (LLMs) are increasingly deployed across domains such as automation, healthcare, and software development. While existing research predominantly focuses on input-related risks, such as prompt injection and adversarial attacks, the critical challenge of Insecure Output Handling (IOH), as identified by the OWASP Top 10 for LLMs, remains understudied in the academic literature. This paper addresses this gap by providing a formal analysis of IOH as a distinct security threat, in which modelgenerated outputs introduce vulnerabilities into downstream systems. Through controlled experiments focusing on XSS vulnerabilities, we demonstrate significant variation in model security postures, with baseline exploit rates ranging from 4.2% to 27.6% across different architectures. Crucially, our findings validate OWASP’s concerns by showing that standard sanitisation techniques, recommended to mitigate IOH, provide 100% protection against successful XSS exploits in our experimental setup while maintaining negligible performance overhead. Furthermore, we examine how the European Union’s AI Act establishes concrete obligations for addressing such risks, positioning IOH mitigation not just as a technical best practice but as a regulatory imperative. The empirical evidence presented demonstrates that implementing output validation is both technically feasible and increasingly necessary for the deployment of compliant AI systems.