# The Developer’s Guide to LLM Security Page: https://stenobird.com/podcast/the-data-exchange-with-ben-lorica/the-developer-s-guide-to-llm-security Text version: https://stenobird.com/podcast/the-data-exchange-with-ben-lorica/the-developer-s-guide-to-llm-security.md Podcast: [The Data Exchange with Ben Lorica](https://stenobird.com/podcast/the-data-exchange-with-ben-lorica) Published: 2025-12-18T12:00:00+00:00 Episode link: https://dts.podtrac.com/redirect.mp3/www.buzzsprout.com/682433/episodes/18332191-the-developer-s-guide-to-llm-security.mp3 Audio file: https://dts.podtrac.com/redirect.mp3/www.buzzsprout.com/682433/episodes/18332191-the-developer-s-guide-to-llm-security.mp3 Processing state: processed JSON: https://stenobird.com/v1/public/podcasts/the-data-exchange-with-ben-lorica/episodes/the-developer-s-guide-to-llm-security Duration seconds: 2412 ## Resource Securing Large Language Models requires a fundamental shift from traditional software security to managing probabilistic risks. Steve Wilson explains how to navigate new vulnerabilities like prompt injection and complex AI supply chains. ## Highlights - Main idea: LLM security is distinct from traditional software security because models are probabilistic 'pleasers' rather than deterministic systems - Failure mode: The AI supply chain is significantly more complex than traditional software, involving unverified model weights and massive datasets - Practical takeaway: Use RAG (Retrieval-Augmented Generation) effectively to ground models and reduce the security risks associated with hallucinations - Main idea: Prompt injection remains a top-tier threat where malicious instructions can hijack model behavior - Practical takeaway: Integrate security tools directly into the development workflow ('shifting left') rather than treating security as an afterthought ## Topics LLM Security, Prompt Injection, AI Supply Chain, OWASP GenAI, Agentic AI, Machine Learning Security, RAG, Cybersecurity ## Chapters - 1:00 — The Shift in AI Security: Why LLM and agentic AI security differs fundamentally from traditional software security paradigms. - 4:10 — The AI Supply Chain Risk: Exploring the dangers of unverified libraries, model weights, and training data provenance. - 10:00 — Top LLM Vulnerabilities: A breakdown of the OWASP top threats, including prompt injection and sensitive data disclosure. - 21:40 — The Nature of Hallucination: Understanding why LLMs hallucinate and how to treat these errors as potential security traps. - 30:20 — Building Security into the Stack: The importance of automated security tools and the evolution of the OWASP GenAI Security Project. ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/the-data-exchange-with-ben-lorica/episodes/the-developer-s-guide-to-llm-security/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/the-data-exchange-with-ben-lorica/the-developer-s-guide-to-llm-security.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.