The Critical Domain of LLM Cybersecurity

May 15, 2025 / bugejajoseph / Leave a comment

Organizations worldwide are adopting Large Language Models (LLMs) at an accelerated pace, confronting unprecedented security challenges. These sophisticated systems introduce fundamental vulnerabilities that circumvent conventional security architectures — notably the inability to isolate control and data planes, their non-deterministic outputs, and susceptibility to hallucinations. According to the OWASP’s LLM AI Cybersecurity & Governance Checklist, these characteristics substantially transform an organization’s threat landscape beyond traditional parameters.

Establishing robust LLM defense frameworks requires a comprehensive security approach. The OWASP checklist outlines specific defensive measures for LLM implementation including “resilience-first” approaches that emphasize threat modeling, AI asset inventory, and specialized security training. It recommends AI red team exercises to identify vulnerabilities before exploitation and warns organizations about “Shadow AI”— the risk of employees using unapproved AI tools that bypass standard security protocols.

With the EU AI Act and evolving regulatory frameworks, compliance requirements for AI systems are becoming increasingly rigorous. Organizations that methodically integrate LLM security protocols with established frameworks such as MITRE ATT&CK and MITRE ATLAS gain strategic advantages in identifying, evaluating, and mitigating AI-specific threats while leveraging these technologies’ transformative potential. The strategic imperative is establishing comprehensive security protocols before adversaries exploit existing vulnerabilities.

Security and Ethical Risks of Using Large Language Models for Code Generation

July 1, 2023July 1, 2023 / bugejajoseph / Leave a comment

The rise of Large Language Models (LLMs) has revolutionized software development, offering developers the ability to generate code at an unprecedented scale. While LLMs like ChatGPT have proven to be powerful tools, they come with security and ethical risks that developers must be cautious about.

Vulnerable code: LLMs are trained on extensive datasets, including code with potentially known vulnerabilities. This makes them prone to inadvertently produce code susceptible to attacks like SQL injection. Additionally, LLM-generated code might contain malicious elements like viruses or worms, and inadvertently leak sensitive data such as passwords or credit card numbers, putting users and organizations at grave risk.
Challenges in code maintenance and comprehensibility: LLMs have the capability to generate intricate code that can be challenging to comprehend and maintain. The complexity introduced by such code can pose significant obstacles for security professionals when it comes to identifying and addressing potential security flaws effectively.
Ethical and legal concerns: The use of LLMs for code generation raises ethical issues regarding code plagiarism, where developers might copy others’ work without proper attribution. Moreover, generating code that infringes on copyright can lead to severe legal consequences, hindering innovation and discouraging original contributions.

In conclusion, LLMs revolutionize software development with unprecedented code generation capabilities. However, caution is crucial due to security and ethical risks. Collaborative efforts for better comprehension and flaw identification are essential. Respecting intellectual property fosters an ethical coding community. By acknowledging risks and adopting responsible practices, developers can maximize LLMs’ benefits while safeguarding software integrity and security in this era of advancement.

Exploring Some Misconceptions and Complexities of Artificial Intelligence

January 13, 2023January 8, 2023 / bugejajoseph / Leave a comment

Artificial intelligence (AI) is a rapidly advancing field that has the potential to revolutionize many aspects of our daily lives. However, as with any complex subject, there are often misunderstandings and misconceptions about what AI is and what it can do. In this article, we will explore some of these misconceptions.

The intersection of reasoning and learning in AI techniques. AI techniques can be broadly grouped into two categories based on their ability to reason and learn. However, these techniques are not mutually exclusive. For example, expert systems, which involve reasoning, may also incorporate elements of learning, such as the ability to adjust the rules or weightings based on past performance or feedback.

The versatility of machine learning. Machine learning is a technique that enables AI systems to learn how to solve problems that cannot be precisely specified or whose solution method cannot be described by symbolic reasoning rules. However, machine learning is not limited to solving these types of problems. It can also be used to learn from structured data and can be combined with symbolic reasoning techniques to achieve a wider range of capabilities.

The diversity of machine learning techniques. Machine learning definitions and sometimes taxonomies only mention supervised, unsupervised, and reinforcement learning. However, there are other types of machine learning, such as semi-supervised learning and active learning. These different types of machine learning each have their own unique characteristics and are suited to different types of problems and data.

The relationship between AI and robotics. AI and robotics are closely related fields that often overlap, but they are distinct areas of study. While robotics can be considered a subfield of AI, it is possible to study robotics independently of AI. Similarly, AI can be studied without necessarily delving into the field of robotics.

In conclusion, the field of AI is vast and complex, with many nuances and misconceptions that are important to understand. Despite these complexities, the potential for AI to revolutionize many aspects of our lives makes it a field worth exploring and understanding.

Exploring the Interdependencies between AI and Cybersecurity

December 30, 2022December 18, 2022 / bugejajoseph / Leave a comment

With the increasing prevalence of AI technology in our lives, it is important to understand the relationship between AI and cybersecurity. This relationship is complex, with a range of interdependencies between AI and cybersecurity. From the cybersecurity of AI systems to the use of AI in bolstering cyber defenses, and even the malicious use of AI, there are a number of different dimensions to explore.

Protecting AI Systems from Cyber Threats: As AI is increasingly used in a variety of applications, the security of the AI technology and its systems is paramount. This includes the implementation of measures such as data encryption, authentication protocols, and access control to ensure the safety and integrity of AI systems.

Using AI to Support Cybersecurity: AI-based technologies are being used to detect cyber threats and anomalies that may not be detected by traditional security tools. AI-powered security tools are being developed to analyze data and detect malicious activities, such as malware and phishing attacks.

AI-Facilitated Cybercrime: AI-powered tools can be used in malicious ways, from deepfakes used to spread misinformation to botnets used to launch DDoS attacks. The potential for malicious use of AI is a major concern for cybersecurity professionals.

In conclusion, AI and cybersecurity have a multi-dimensional relationship with a number of interdependencies. AI is being used to bolster cybersecurity, while at the same time it is being used for malicious activities. Cybersecurity professionals must be aware of the potential for malicious use of AI and ensure that the security of AI systems is maintained.

A Research Proposal about Poisoning Attacks

July 2, 2021 / bugejajoseph / Leave a comment

On Tuesday, 29th June, I did my last presentation before taking my Summer vacation. In the presentation, I talked about a potential research proposal concentrated on data poisoning attacks. Specifically, I discussed how this attack class could target an IoT-based system, such as a smart building, resulting in potentially severe consequences to a business. While poisoning attacks have been researched for a bit, they are relatively understudied especially in contexts involving online learning and interactive learning.

Here is a link to a redacted version of my presentation:

Research Proposal Download

In case you want to know more about cyber security especially its application to the IoT and Machine Learning based systems you are welcome to drop me a message.

Interesting Book Showed Up In My Mailbox

April 9, 2020April 10, 2020 / bugejajoseph / Leave a comment

Today, I am happy to have received a hardcopy of the book – Privacy and Identity Management. Data for Better Living: AI and Privacy. There is a chapter in this book, which I have authored together with my academic advisor titled: “On the Design of a Privacy-Centered Data Lifecycle for Smart Living Spaces.” In that article, I have identified how the software development process can be enhanced to manage privacy threats, amongst other things.

Hardcopy of the book “Privacy and Identity Management. Data for Better Living: AI and Privacy”

All the articles included in the book are certainly worth a read covering various aspects of privacy ranging from a technical, compliance, and law perspective.

Human-centered AI Course

January 13, 2020January 13, 2020 / bugejajoseph / Leave a comment

In the fall of 2019, I enrolled in the PhD course titled “Introduction to Human-centered AI. ” The course is delivered and managed by Cecilia Ovesdotter Alm from RIT university.

Human-centered AI is essentially a perspective on AI and ML that algorithms must be designed with awareness that they are part of a larger system consisting of human stakeholders. According to Mark O. Riedl, the main requirements of human-centered AI can be broken into two aspects: (a) AI systems that have an understanding of human sociocultural norms as part of a theory of mind about people, and (b) AI systems that are capable of producing explanations that non-experts in AI or computer science can understand.

Course introduction lecture held at Malmö University (2019).

One of the course learning outcomes is to be able to demonstrate critical thinking concerning bias and fairness in data analysis, including but not limited to gender aspects. With regard to this, I have put together a 10 minutes presentation of the article “50 Years of Test (Un)fairness: Lessons for Machine Learning” written by Ben Hutchinson and Margaret Mitchell.

Joseph Bugeja

Security, Privacy, and Trust

Artificial Intelligence