The primary use case of Propscreen is to prevent an organization using an LLM trained on proprietary data from falling victim to the OWASP Top 10 for LLM #6 Sensitive Information Disclosure. "LLM applications have the potential to reveal sensitive information, proprietary algorithms, or other confidential details through their output. This can result in unauthorized access to sensitive data, intellectual property, privacy violations, and other security breaches." (OWASP Top 10 for LLM) The method in which PropScreen achieves this use case is by scanning the responses an LLM sends to the user and checks to see if there is any explicitly prohibited data in the response. If there is prohibited data detected then then Propscreen returns an error message to the user instead of the actual response, otherwise Propscreen returns the repones to the user.
PropScreen possesses the functionality to log every LLM response scan and interdiction that it performs. These responses, the prompt, and other details can be logged into a database in order for the organization to analyze all events. This analysis can be for the purposes of determining attempts of unauthorized access, determining the effectiveness of their context word library, or any other way the organization wants to utilize the logs.
Organizations that utilize a SIEM or operate a Security Operations Center can enjoy real time alters for true positives detected by Propscreen. The ability to provide real time alerts give the ability for security teams to respond to policy violations in real time as opposed to having to wait to audit logs or generate reports.
Different members of an origination have different levels of privilege to information based on their roles. A RBAC based approach would allow for different filtering criteria for LLM responses based on the role that the user who sent the prompt has.
Last updated