Prompt injections, the most common form of LLM attacks, involve bypassing filters or manipulating the LLM to make it ignore previous instructions and to perform unintended actions, while training data poisoning involves manipulation of LLM training data to introduce vulnerabilities, backdoors and biases.

“The firewall monitors user prompts to pre-emptively identify and mitigate potential malicious use,” Jalil said. “At times, users can try to maliciously override LLM behavior and the firewall blocks such attempts. It also redacts sensitive data, if any, from the prompts, making sure that LLM models do not access any protected information.”

Additionally, the offering deploys a firewall that monitors and controls the data retrieved during the retrieval augmented generation (RAG) process, which references an authoritative knowledge base outside of the model’s training data sources, to check the retrieved data for data poisoning or indirect prompt injection, Jalil added.    

Although it’s still early days for genAI applications, said John Grady, principal analyst for Enterprise Strategy Group (ESG), “These threats are significant. We’ve seen some early examples of how genAI apps can inadvertently provide sensitive information. It’s all about the data, and as long as there’s valuable information behind the app, attackers will look to exploit it. I think we’re at the point where, as the number of genAI-powered applications in use begins to rise and gaps exist on the security side, we’ll begin to see more of these types of successful attacks in the wild.”

This offering, and those like it, fills a significant gap and will become more important as genAI usage expands, Grady added.

Enabling AI compliance
Securiti LLM Firewalls are also aimed at helping enterprises meet compliance goals, whether legislative (such as the EU AI Act) or internally mandated policies (for example, following the NIST AI Risk Management framework, AI RMF).