Gandalf the Red: Adaptive Security for LLMs
Authors:
Niklas Pfister,
Václav Volhejn,
Manuel Knott,
Santiago Arias,
Julia Bazińska,
Mykhailo Bichurin,
Alan Commike,
Janet Darling,
Peter Dienes,
Matthew Fiedler,
David Haber,
Matthias Kraft,
Marco Lancini,
Max Mathys,
Damián Pascual-Ortiz,
Jakub Podolak,
Adrià Romero-López,
Kyriacos Shiarlis,
Andreas Signer,
Zsolt Terek,
Athanasios Theocharis,
Daniel Timbrell,
Samuel Trautwein,
Samuel Watts,
Yun-Han Wu
, et al. (1 additional authors not shown)
Abstract:
Current evaluations of defenses against prompt attacks in large language model (LLM) applications often overlook two critical factors: the dynamic nature of adversarial behavior and the usability penalties imposed on legitimate users by restrictive defenses. We propose D-SEC (Dynamic Security Utility Threat Model), which explicitly separates attackers from legitimate users, models multi-step inter…
▽ More
Current evaluations of defenses against prompt attacks in large language model (LLM) applications often overlook two critical factors: the dynamic nature of adversarial behavior and the usability penalties imposed on legitimate users by restrictive defenses. We propose D-SEC (Dynamic Security Utility Threat Model), which explicitly separates attackers from legitimate users, models multi-step interactions, and expresses the security-utility in an optimizable form. We further address the shortcomings in existing evaluations by introducing Gandalf, a crowd-sourced, gamified red-teaming platform designed to generate realistic, adaptive attack. Using Gandalf, we collect and release a dataset of 279k prompt attacks. Complemented by benign user data, our analysis reveals the interplay between security and utility, showing that defenses integrated in the LLM (e.g., system prompts) can degrade usability even without blocking requests. We demonstrate that restricted application domains, defense-in-depth, and adaptive defenses are effective strategies for building secure and useful LLM applications.
△ Less
Submitted 2 February, 2025; v1 submitted 14 January, 2025;
originally announced January 2025.
Cached Operator Reordering: A Unified View for Fast GNN Training
Authors:
Julia Bazinska,
Andrei Ivanov,
Tal Ben-Nun,
Nikoli Dryden,
Maciej Besta,
Siyuan Shen,
Torsten Hoefler
Abstract:
Graph Neural Networks (GNNs) are a powerful tool for handling structured graph data and addressing tasks such as node classification, graph classification, and clustering. However, the sparse nature of GNN computation poses new challenges for performance optimization compared to traditional deep neural networks. We address these challenges by providing a unified view of GNN computation, I/O, and m…
▽ More
Graph Neural Networks (GNNs) are a powerful tool for handling structured graph data and addressing tasks such as node classification, graph classification, and clustering. However, the sparse nature of GNN computation poses new challenges for performance optimization compared to traditional deep neural networks. We address these challenges by providing a unified view of GNN computation, I/O, and memory. By analyzing the computational graphs of the Graph Convolutional Network (GCN) and Graph Attention (GAT) layers -- two widely used GNN layers -- we propose alternative computation strategies. We present adaptive operator reordering with caching, which achieves a speedup of up to 2.43x for GCN compared to the current state-of-the-art. Furthermore, an exploration of different caching schemes for GAT yields a speedup of up to 1.94x. The proposed optimizations save memory, are easily implemented across various hardware platforms, and have the potential to alleviate performance bottlenecks in training large-scale GNN models.
△ Less
Submitted 23 August, 2023;
originally announced August 2023.
