GUARD-D-LLM: An LLM-Based Risk Assessment Engine for the Downstream uses of LLMs

sundaraparipurnan Narayanan,Sandeep Vishwakarma
2024-04-02
Abstract:Amidst escalating concerns about the detriments inflicted by AI systems, risk management assumes paramount importance, notably for high-risk applications as demanded by the European Union AI Act. Guidelines provided by ISO and NIST aim to govern AI risk management; however, practical implementations remain scarce in scholarly works. Addressing this void, our research explores risks emanating from downstream uses of large language models (LLMs), synthesizing a taxonomy grounded in earlier research. Building upon this foundation, we introduce a novel LLM-based risk assessment engine (GUARD-D-LLM: Guided Understanding and Assessment for Risk Detection for Downstream use of LLMs) designed to pinpoint and rank threats relevant to specific use cases derived from text-based user inputs. Integrating thirty intelligent agents, this innovative approach identifies bespoke risks, gauges their severity, offers targeted suggestions for mitigation, and facilitates risk-aware development. The paper also documents the limitations of such an approach along with way forward suggestions to augment experts in such risk assessment thereby leveraging GUARD-D-LLM in identifying risks early on and enabling early mitigations. This paper and its associated code serve as a valuable resource for developers seeking to mitigate risks associated with LLM-based applications.
Computers and Society,Human-Computer Interaction
What problem does this paper attempt to address?
The problem that this paper attempts to solve is various risks faced by large - language models (LLMs) in downstream applications, especially the identification, assessment, and management of these risks. Specifically: 1. **Insufficient risk identification**: Although organizations such as ISO and NIST have proposed AI risk - management frameworks, in practical applications, the specific risk identification and assessment for the downstream use of LLMs still lack systematicness and comprehensiveness. 2. **Lack of customized risk - assessment tools**: Existing risk - assessment methods fail to fully consider the specific needs in different application scenarios, resulting in the inability to accurately identify and assess the potential risks of LLMs in specific use scenarios. 3. **Dynamics and complexity of risk assessment**: With the development of technology and the change of application scenarios, the risks of LLMs are constantly evolving, and an assessment tool that can dynamically adapt to changes and timely capture new risks is required. To solve these problems, the author introduced a risk - assessment engine based on LLM - - **GUARD - D - LLM** (Guided Understanding and Assessment for Risk Detection for Downstream use of LLMs). This tool aims to improve the risk management of LLMs' downstream applications in the following ways: - **Constructing a risk classification system**: Based on existing research, a three - dimensional risk classification system covering process risks, component risks, and use - case risks was established. - **Intelligent risk assessment**: Utilize thirty intelligent agents to automatically identify and assess risks related to specific use cases according to the text input provided by users and rank them. - **Dynamic risk collection**: Design a dynamic risk - collection agent to obtain the latest risk information through network searches and other means to ensure the timeliness and accuracy of the assessment. - **Risk - mitigation suggestions**: Provide specific governance measures and mitigation suggestions for each identified risk to help users effectively respond to potential threats. Through these methods, GUARD - D - LLM can not only more comprehensively identify and assess the risks in LLMs' downstream applications but also provide users with practical risk - management and - mitigation strategies, thereby promoting the responsible development and application of AI.