Safe RAG for LLMs

Google Cloud Tech · Beginner ·🧠 Large Language Models ·1y ago

Key Takeaways

The video discusses safe retrieval augmented generation (RAG) for Large Language Models (LLMs) with Google Cloud Tech, focusing on security concerns and solutions for building AI apps with RAG, including using an orchestration layer and authentication tokens to prevent user data exposure.

Full Transcript

hi wiin I want to build an app that uses AI with retrieval augmented generation or rag but I have some security concerns what are they well one my AI app should not have full access to my database and two my AI should never see any user IDs let me show you some of my code [Music] welcome to the show wiin what do you do here at Google hello everyone I'm wiin du and I'm a software engineer on the AI and database integration team under Google cloud my work focuses on helping developers to build generative AI products that work with databases Ai and databases huh you're probably quite busy yes companies and developers across all Industries are trying to build generative AI with rag into their software right let's say I want to build a chatbot that can look up a user's information uh like flights I want to build it in Cloud run so it's serverless and Google manages the infrastructure for me I would use retrieval augmented generation or rag for that right yes rag lets the AI query or data sources so it can look up a user's upcoming flights or buy a ticket for the user for example you could ask the chatbot list the tickets I have booked you would want to wanted to respond with something like this the AI itself doesn't know users information but it can look them up in our databases but I've heard that can be dangerous well we don't want the user to be able to ask the llm for another user's flight for example if I'm asking the chatbot listed tickets booked by Martin it should respond with something like this sorry I don't have that information available it should not show me your flights and how can I Implement that because I keep reading about people jailbreaking large language models by asking specially engineered prompts uh it seems hard to defend against that we can prevent Problems by keeping each user isolated each user should have their own AI agent their own tools or accessing the database and their own slice of the database with only data about them so the idea is that if each user has their own slice of the application there will be no cross talk between users uh how can we accomplish that we can do three things first we can add an API on top of the database that way the llm will not have direct access to the data second each tool function should authenticate the user third we can orchestrate the database API and the llm so that the llm can view user IDs I've heard that all software problems can be solved by adding a layer of indirection that's what you're doing here that's right in a r architecture we call that an orchestration layer the app would ask the llm which API to use call the API then ask the llm to dress up the reply in nice readable human language that makes sense uh but the details are still a little fuzzy for me uh could you walk us through an example sure here are the system components first the user logs in this could be done with Firebase authentication Google identity platform or a similar product the user's web browser gets an authentication token back then the user enters their question like list the tickets I have booked the web browser sends that request to the back end in an HTTP request and the web browser also includes the off token in that request that's right now the application back asks the LM question it includes three things the system prompt the list of tools or apis available and the user's questions the question does not include the user's off token or user ID I like that yes that makes it safer the llm would respond with something like this call the tool list ticket the application then sends the list ticket request with the off token as the header to the retrieval service the retrieval service verifies and decodes the off token that comes with the request to get the user ID it inserts that user ID into a predefined SQL query and sends it to the database it then returns one database record for each of the users tickets but that's just data datase records uh the user expects a human readable response right right the application passes the database records of the user's upcoming flies to the llm then the llm creates a nice human readable reply the application returns that reply to the user that looks great WNIN but I have a few questions go ahead Martin in this architecture that you just showed us does the llm ever see any user off tokens or user IDs no it doesn't the AU token and user ID stay in the application and rral service got it can the llm Run queries in the database because I've heard that can be dangerous no the llm can't run queries in the database it only ask that application to call Black boss tool functions that perform authentication and executes predefined queries I like that this is a bit like regular API design even before llms I often built apis on top of my databases it's a good design principle yes llms are new but many of the security patterns we used in the past are still useful every tier of software should have the minimum level of access and needs to do its job ah the principle of least privilege still holds true now uh for me or anybody else who'd like to learn more and get our hands dirty with this how how can we do that whenin my team publish an example app it's written Python and it uses Cloud run you can download it from here you can also read a blog post we wrote about it excellent I will include those links in the video description thank you for showing us this wiin now I know how my AI can access my database safely thanks for having me Martin and thank you everyone for watching if you have any questions for whenin or me please add them to the comments below also let me know if there are any other servess topics you'd like to hear about in future episodes I read every every single comment until next time [Music]

Original Description

Blog post → https://goo.gle/4gfJoQh Code repo → https://goo.gle/4gnh12v Codelab → https://goo.gle/3XETh2r Large Language Models (LLMs) are pretty smart, but they don’t know everything. For example, an LLM might know why the sky is blue, but it probably doesn’t know more specific things, like which flight the user has booked. Many AI applications use Retrieval-Augmented Generation (RAG) to feed that sort of user-specific data to LLMs, so they can provide better answers. However, malicious users can use specially engineered prompts to trick an LLM to reveal more data than intended. This gets especially dangerous if the LLM has access to databases through RAG. In this video, Wenxin Du shows Martin Omander how to make RAG safer and reduce the risk of an LLM leaking sensitive data that it gathered via RAG. Chapters: 0:00 - Intro 1:15 - RAG 1:57 - Making RAG safer 3:11 - Architecture review 4:47 - Questions & Answers 5:47 - How to get started 6:09 - Wrap up Watch more Serverless Expeditions → https://goo.gle/ServerlessExpeditions Subscribe to Google Cloud Tech → https://goo.gle/GoogleCloudTech #ServerlessExpeditions #CloudRun Speaker: Wenxin Du, Martin Omander Products Mentioned: Cloud - Containers - Cloud Run, Generative AI - General
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from Google Cloud Tech · Google Cloud Tech · 0 of 60

← Previous Next →
1 I’m going for it #GoogleCloudCertified
I’m going for it #GoogleCloudCertified
Google Cloud Tech
2 I had to get #GoogleCloudCertified
I had to get #GoogleCloudCertified
Google Cloud Tech
3 Be better overall at what you do #GoogleCloudCertified
Be better overall at what you do #GoogleCloudCertified
Google Cloud Tech
4 Cloud Monitoring on our radar #Analysis #Uptime
Cloud Monitoring on our radar #Analysis #Uptime
Google Cloud Tech
5 Introduction to Generative AI Studio
Introduction to Generative AI Studio
Google Cloud Tech
6 How to use Github Actions with Google's Workload Identity Federation
How to use Github Actions with Google's Workload Identity Federation
Google Cloud Tech
7 Introduction to Responsible AI
Introduction to Responsible AI
Google Cloud Tech
8 Networking updates and CDMC-certified architecture
Networking updates and CDMC-certified architecture
Google Cloud Tech
9 Create and use a Cloud Storage bucket
Create and use a Cloud Storage bucket
Google Cloud Tech
10 How to digitize text from documents
How to digitize text from documents
Google Cloud Tech
11 Faster analytical queries with AlloyDB
Faster analytical queries with AlloyDB
Google Cloud Tech
12 Next ‘23 sessions and FaaS Wave
Next ‘23 sessions and FaaS Wave
Google Cloud Tech
13 Introduction to Assured Open Source Software
Introduction to Assured Open Source Software
Google Cloud Tech
14 BigQuery Cost Optimization: Storage
BigQuery Cost Optimization: Storage
Google Cloud Tech
15 BigQuery Cost Optimization: Compute
BigQuery Cost Optimization: Compute
Google Cloud Tech
16 BigQuery Cost Optimization: Select Queries
BigQuery Cost Optimization: Select Queries
Google Cloud Tech
17 Remote Field Equipment Management with Manufacturing Data Engine
Remote Field Equipment Management with Manufacturing Data Engine
Google Cloud Tech
18 Supercharging your applications with Cloud SQL Enterprise Plus
Supercharging your applications with Cloud SQL Enterprise Plus
Google Cloud Tech
19 Vector Support on our radar #GenAI
Vector Support on our radar #GenAI
Google Cloud Tech
20 Architecting a blockchain startup with Google Cloud
Architecting a blockchain startup with Google Cloud
Google Cloud Tech
21 Kubernetes and multitasking updates!
Kubernetes and multitasking updates!
Google Cloud Tech
22 GKE: Using Kubernetes Events
GKE: Using Kubernetes Events
Google Cloud Tech
23 How to configure firewall rules for Cloud Composer
How to configure firewall rules for Cloud Composer
Google Cloud Tech
24 Vertex AI Embeddings API + Matching Engine: Grounding LLMs made easy
Vertex AI Embeddings API + Matching Engine: Grounding LLMs made easy
Google Cloud Tech
25 Geospatial analytics on our radar #EarthEngine #BigQuery
Geospatial analytics on our radar #EarthEngine #BigQuery
Google Cloud Tech
26 Ensuring requests are set in Kubernetes
Ensuring requests are set in Kubernetes
Google Cloud Tech
27 Cloud Next 2023, Google research program, and more!
Cloud Next 2023, Google research program, and more!
Google Cloud Tech
28 How to migrate projects between organizations with Resource Manager
How to migrate projects between organizations with Resource Manager
Google Cloud Tech
29 How to run #MySQL in Google Cloud
How to run #MySQL in Google Cloud
Google Cloud Tech
30 #GenerativeAI for enterprises and #Next2023
#GenerativeAI for enterprises and #Next2023
Google Cloud Tech
31 How Google Photos scales to store 4 trillion photos and videos
How Google Photos scales to store 4 trillion photos and videos
Google Cloud Tech
32 Google Cross-Cloud Interconnect (Demo 2)
Google Cross-Cloud Interconnect (Demo 2)
Google Cloud Tech
33 GKE Cost Optimization Golden Signals: Introduction
GKE Cost Optimization Golden Signals: Introduction
Google Cloud Tech
34 GKE Cost Optimization Golden Signals: Workload Rightsizing
GKE Cost Optimization Golden Signals: Workload Rightsizing
Google Cloud Tech
35 GKE Load Balancing: Overview
GKE Load Balancing: Overview
Google Cloud Tech
36 GKE Load Balancing: Best Practices
GKE Load Balancing: Best Practices
Google Cloud Tech
37 Disaster Recovery in GKE
Disaster Recovery in GKE
Google Cloud Tech
38 How to configure IP masquerade agent in GKE Standard clusters
How to configure IP masquerade agent in GKE Standard clusters
Google Cloud Tech
39 Enable and use GKE Control plane logs
Enable and use GKE Control plane logs
Google Cloud Tech
40 Compliance in Australia with Assured Workloads
Compliance in Australia with Assured Workloads
Google Cloud Tech
41 Creating budgets and budget alerts in Google Cloud #FinOps
Creating budgets and budget alerts in Google Cloud #FinOps
Google Cloud Tech
42 Cloud SQL Enterprise Plus on our radar #mySQL
Cloud SQL Enterprise Plus on our radar #mySQL
Google Cloud Tech
43 What's Next for Google Cloud?
What's Next for Google Cloud?
Google Cloud Tech
44 How Loveholidays scaled with Contact Center AI
How Loveholidays scaled with Contact Center AI
Google Cloud Tech
45 What is fleet team management in GKE?
What is fleet team management in GKE?
Google Cloud Tech
46 Troubleshoot VPC Network Peering
Troubleshoot VPC Network Peering
Google Cloud Tech
47 Introduction to DocAI and Contact Center AI
Introduction to DocAI and Contact Center AI
Google Cloud Tech
48 Cloud Run Direct VPC egress explained
Cloud Run Direct VPC egress explained
Google Cloud Tech
49 Database deployment options in GKE
Database deployment options in GKE
Google Cloud Tech
50 Analyze cloud billing data with #BigQuery
Analyze cloud billing data with #BigQuery
Google Cloud Tech
51 Tips to becoming a world-class Prompt Engineer
Tips to becoming a world-class Prompt Engineer
Google Cloud Tech
52 Serverless is simple. Do I need CI/CD?
Serverless is simple. Do I need CI/CD?
Google Cloud Tech
53 Accelerating model deployment with MLOps
Accelerating model deployment with MLOps
Google Cloud Tech
54 How Hawaii's Department of Human Services scaled with CCAI
How Hawaii's Department of Human Services scaled with CCAI
Google Cloud Tech
55 Pricing API on our #Radar
Pricing API on our #Radar
Google Cloud Tech
56 How Recommendations AI for Media can boost customer retention
How Recommendations AI for Media can boost customer retention
Google Cloud Tech
57 Troubleshooting: Node Not Ready Status
Troubleshooting: Node Not Ready Status
Google Cloud Tech
58 One weekend until Cloud Next 2023!
One weekend until Cloud Next 2023!
Google Cloud Tech
59 #GoogleCloudNext starts tomorrow!
#GoogleCloudNext starts tomorrow!
Google Cloud Tech
60 #GoogleCloudNext will be demand!
#GoogleCloudNext will be demand!
Google Cloud Tech

The video teaches how to build a secure RAG system for LLMs using an orchestration layer and authentication tokens to prevent user data exposure, and provides a practical example using Google Cloud Tech and Cloud Run.

Key Takeaways
  1. Add an API on top of the database to prevent direct access
  2. Use authentication tokens to verify user identity
  3. Orchestrate the database API and LLM to prevent user ID exposure
  4. Implement the principle of least privilege for each tier of software
💡 Using an orchestration layer and authentication tokens can prevent user data exposure and ensure secure RAG for LLMs

Related Reads

📰
The RBAC Playbook for Enterprise LLM Access
Learn to control access to Enterprise LLMs using Role-Based Access Control (RBAC) for secure and efficient management
Dev.to AI
📰
Migrating From LiteLLM to a Production Gateway: A Step-by-Step Guide
Migrate from LiteLLM to a production gateway with this step-by-step guide and improve your LLM deployment
Dev.to AI
📰
What Is GPT? A Practical Guide to Tokens, Transformers, Training, and Fine-Tuning
Learn the basics of GPT, including tokens, transformers, training, and fine-tuning, to understand how AI generates human-like text
Dev.to · Bahadir Kusat
📰
OmniRoute: The Open-Source AI Gateway Slashing Token Costs by 95%
Learn about OmniRoute, an open-source AI gateway that reduces token costs by 95%, and how it can optimize LLM costs for developers
Dev.to · Terminal Chai

Chapters (7)

Intro
1:15 RAG
1:57 Making RAG safer
3:11 Architecture review
4:47 Questions & Answers
5:47 How to get started
6:09 Wrap up
Up next
5 Levels of AI Agents - From Simple LLM Calls to Multi-Agent Systems
Dave Ebbelaar (LLM Eng)
Watch →