Security Approaches for Granting LLMs Access to SSH and Database Systems
By
nico
A baker's-dozen of insight crammed into one ring.
Summary
The article discusses approaches for safely granting Large Language Models (LLMs) access to sensitive systems like SSH and databases. It presents a solution where LLMs work with local development databases and output scripts that are version-controlled, audited, and reviewed before being run against production systems. The discussion emphasizes the importance of not giving LLMs direct access to Personally Identifiable Information (PII) and mentions tools like Microsoft's Presidio for redacting PII from production data before LLM processing. The conversation focuses on security best practices, risk mitigation, and practical implementation strategies for integrating LLMs into development workflows while maintaining security and compliance standards.
Key quotes
· 3 pulledOur solve is to allow it to work with a local dev database and it's output is a script. Then that script gets checked into version control (auditable and reviewed). Then that script can be run against production.
Giving LLM even read access to PII is a big 'no' in my book.
On PII, if you need LLMs to work on production extracted data then https://github.com/microsoft/presidio is a pretty good tool to redact PII. Still needs a bit of an audit but as a first pass does a terrific job.
You might also wanna read
MaskLLM: Secure Rotation and Logging for LLM API Keys
MaskLLM is a tool designed to secure and manage LLM API keys by masking them for secure rotation and sharing across various development envi
Product Hunt·9mo ago
Why Treating LLMs as Black-Box Problem Solvers Fails: Lessons from Processing 100 Compliance PDFs
The article discusses the author's experience transforming 100 messy compliance PDFs into structured JSON rules. It critiques the common app
towardsdatascience.com·4d ago