Investiating the Security and Privacy Risk in Third-Party LLM API Provider
Project Description
Nowadays, LLM has a profound impact on our daily lives. Common LLM API usage includes closed-weight models like Google Gemini Pro, OpenAI GPT, Claude Sonnet, Grok, or open-weight models like QWEN, DeepSeek, Mistral. Due to certain policy issues, many advanced and state-of-the-art LLM services are not directly available in some regions, and third-party LLM API providers fill the gap by providing LLM services as proxies. Despite the benefit of these third-party LLM API providers, they open potentially large attack surfaces where attackers can exploit to cause security and privacy issues. This project is designed to conduct a comprehensive investigation into the security and privacy of third-party LLM API providers like OpenRouter, PoE.
Supervisor
SHE, Dongdong
Quota
2
Course type
UROP1100
UROP2100
Applicant's Roles
1. Basic knowledge in machine learning, LLM and cybersecurity.
2. Lead a research project.
3. Conduct research experiments and regualar weekly report.
2. Lead a research project.
3. Conduct research experiments and regualar weekly report.
Applicant's Learning Objectives
1. Learn the ecosystem of the third-party LLM API provider.
2. Acquire Red-teaming skills for the LLM system.
3. Professional experiment skills (including experiment design, planning, execution, data managament, data analysis)
4. Academic paper writing.
2. Acquire Red-teaming skills for the LLM system.
3. Professional experiment skills (including experiment design, planning, execution, data managament, data analysis)
4. Academic paper writing.
Complexity of the project
Moderate