Security and Privacy Challenges of Large Language Models: A Survey

TL;DR

This survey reviews the security and privacy challenges of Large Language Models, analyzing vulnerabilities, attacks, defenses, and future research directions across various application domains.

Contribution

It provides a comprehensive overview of security and privacy issues in LLMs, including vulnerabilities, attack types, defense mechanisms, and identifies research gaps and future directions.

Findings

LLMs are vulnerable to jailbreaking, data poisoning, and PII leakage attacks.

Existing defenses are limited and need further development.

Security and privacy challenges vary across domains like healthcare and transportation.

Abstract

Large Language Models (LLMs) have demonstrated extraordinary capabilities and contributed to multiple fields, such as generating and summarizing text, language translation, and question-answering. Nowadays, LLM is becoming a very popular tool in computerized language processing tasks, with the capability to analyze complicated linguistic patterns and provide relevant and appropriate responses depending on the context. While offering significant advantages, these models are also vulnerable to security and privacy attacks, such as jailbreaking attacks, data poisoning attacks, and Personally Identifiable Information (PII) leakage attacks. This survey provides a thorough review of the security and privacy challenges of LLMs for both training data and users, along with the application-based risks in various domains, such as transportation, education, and healthcare. We assess the extent of LLM vulnerabilities, investigate emerging security and privacy attacks for LLMs, and review the potential defense mechanisms. Additionally, the survey outlines existing research gaps in this domain and highlights future research directions.