Stenobird

Episode

The Developer’s Guide to LLM Security

Podcast
The Data Exchange with Ben Lorica
Published
Dec 18, 2025
Duration seconds
2412
Processing state
processed
Canonical source
https://dts.podtrac.com/redirect.mp3/www.buzzsprout.com/682433/episodes/18332191-the-developer-s-guide-to-llm-security.mp3
Audio
https://dts.podtrac.com/redirect.mp3/www.buzzsprout.com/682433/episodes/18332191-the-developer-s-guide-to-llm-security.mp3
JSON
/v1/public/podcasts/the-data-exchange-with-ben-lorica/episodes/the-developer-s-guide-to-llm-security
Markdown
/podcast/the-data-exchange-with-ben-lorica/the-developer-s-guide-to-llm-security.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/the-data-exchange-with-ben-lorica/episodes/the-developer-s-guide-to-llm-security/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/the-data-exchange-with-ben-lorica/the-developer-s-guide-to-llm-security.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

Securing Large Language Models requires a fundamental shift from traditional software security to managing probabilistic risks. Steve Wilson explains how to navigate new vulnerabilities like prompt injection and complex AI supply chains.

Topics

  • LLM Security
  • Prompt Injection
  • AI Supply Chain
  • OWASP GenAI
  • Agentic AI
  • Machine Learning Security
  • RAG
  • Cybersecurity

Highlights

  • Main idea: LLM security is distinct from traditional software security because models are probabilistic 'pleasers' rather than deterministic systems
  • Failure mode: The AI supply chain is significantly more complex than traditional software, involving unverified model weights and massive datasets
  • Practical takeaway: Use RAG (Retrieval-Augmented Generation) effectively to ground models and reduce the security risks associated with hallucinations
  • Main idea: Prompt injection remains a top-tier threat where malicious instructions can hijack model behavior
  • Practical takeaway: Integrate security tools directly into the development workflow ('shifting left') rather than treating security as an afterthought

Chapters

  1. 1:00 The Shift in AI Security: Why LLM and agentic AI security differs fundamentally from traditional software security paradigms.
  2. 4:10 The AI Supply Chain Risk: Exploring the dangers of unverified libraries, model weights, and training data provenance.
  3. 10:00 Top LLM Vulnerabilities: A breakdown of the OWASP top threats, including prompt injection and sensitive data disclosure.
  4. 21:40 The Nature of Hallucination: Understanding why LLMs hallucinate and how to treat these errors as potential security traps.
  5. 30:20 Building Security into the Stack: The importance of automated security tools and the evolution of the OWASP GenAI Security Project.