METHOD FOR CRITICALITY ANALYSIS OF VULNERABILITIES IN LARGE LANGUAGE MODELS

Abstract

The article presents an improved method for analyzing the criticality of vulnerabilities in large language models (LLMs) deployed for use. The main steps of this method are defined, namely: collecting exploits for model vulnerabilities, which are used to analyze the criticality of risks; determining the severity of the effects of attacking LLMs, based on the severity of penalties under European Union law; conducting attack simulations to determine a statistical score of the probability and success of an attack; determining the criticality level of risks as a combination of , statistical probability score and the severity of the effects of an attack.

The results of using the vulnerability criticality analysis method on Mistral AI’s Mistral local test model are presented. The location of vulnerabilities in low, medium, and high-risk areas is analyzed. Directions for future research on assessing and ensuring the cybersecurity of LLMs using the Intrusion Modes Effects Criticality Analysis (IMECA) method are proposed.