From the course: CompTIA SecAI+ (CY0-001) Cert Prep
Join today to access over 25,600 courses taught by industry experts.
Insecure plug-in design
From the course: CompTIA SecAI+ (CY0-001) Cert Prep
Insecure plug-in design
Plugins expand what AI models can do by connecting them to external tools, APIs, and data sources. They let a model look up flight information, send emails, search documents, or trigger workflow actions. That flexibility creates value, but when teams design or deploy plugins without proper safeguards, they create a dangerous bridge between natural language inputs and real-world consequences. An insecure plugin can allow a model to issue commands to a backend system without verifying whether the request is authorized or appropriate. A file management plugin that accepts plain language instructions might execute a deletion command when a user says clean up the old logs, even though that user does not have delete permissions in that folder. The system trusts the plugin, the plugin trusts the model, and the action completes without any meaningful checks. Some plugins also fail to validate inputs before passing them along. A plugin connected to a payment system might send a refund request…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
(Locked)
The AI lifecycle1m 39s
-
(Locked)
Business alignment in the AI lifecycle1m 43s
-
(Locked)
Data collection2m 20s
-
(Locked)
Data preparation3m 15s
-
(Locked)
Model development and selection2m 13s
-
(Locked)
Model evaluation and validation2m 29s
-
(Locked)
Model deployment and integration3m 25s
-
(Locked)
Monitoring and maintenance3m 19s
-
(Locked)
-
-
(Locked)
Manipulating application integrations4m 8s
-
(Locked)
AI supply chain attacks2m 4s
-
(Locked)
Insecure plug-in design2m 9s
-
(Locked)
Insecure output handling1m 23s
-
(Locked)
Output integrity attacks2m 8s
-
(Locked)
Model denial of service1m 31s
-
(Locked)
Excessive agency1m 33s
-
(Locked)
Overreliance1m 34s
-
(Locked)
AI hallucinations1m 4s
-
(Locked)
-
-
(Locked)
Monitoring prompts and responses2m 51s
-
(Locked)
Log monitoring4m 30s
-
(Locked)
Rate and cost monitoring5m 1s
-
(Locked)
Auditing for AI hallucinations3m 33s
-
(Locked)
Auditing for accuracy3m 29s
-
(Locked)
Auditing for bias and fairness4m 35s
-
(Locked)
Auditing access and security compliance3m 48s
-
(Locked)
-
-
(Locked)
Responsible AI5m 29s
-
(Locked)
AI risks2m 23s
-
(Locked)
Introduction of bias2m 37s
-
(Locked)
Accidental data leakage2m 53s
-
(Locked)
Reputational loss2m 11s
-
(Locked)
Accuracy and performance of the model2m 22s
-
(Locked)
Intellectual property risks3m 31s
-
(Locked)
Autonomous systems2m 27s
-
(Locked)
Shadow IT and shadow AI1m 48s
-
(Locked)
Awareness training2m 21s
-
(Locked)