Skip to main content

A Comprehensive Survey of Security and Privacy in Large Language Models: Vulnerabilities, Defenses,

Page 1

International Research Journal of Engineering and Technology (IRJET)

e-ISSN: 2395-0056

Volume: 12 Issue: 09 | Sep 2025

p-ISSN: 2395-0072

www.irjet.net

A Comprehensive Survey of Security and Privacy in Large Language Models: Vulnerabilities, Defenses, and Future Directions Sandeep Vishwakarma Master of Technology, Computer Science and Engineering, Lucknow Institute of Technology, Lucknow, India ---------------------------------------------------------------------***---------------------------------------------------------------------

Abstract - LLMs are finding new applications across

Rapid mergers of LLMs, however, have been found to be ill equipped as far as security is concerned. Conventional methods of cybersecurity were not established to manage the kinds of risks that these systems carry. Another event, similar, but that occurred in 2023 with an LLM interface releasing corporate information unintentionally underlines the significance of being more fundamental when approaching these model executions. Although LLMs can help improve the security procedure by assisting in the detection of threats as well as responding to them, they are also exploited to perform malicious tasks, such as phishing and fueling misinformation. There is an urgent need to make sure that the model as well as the ecosystem in which it operates, through APIs, plugins and the systems associated to it are decoupled. This dual-use nature of LLMs constitutes the nature of the new security environment under investigation in this paper.

numerous areas, opening up new opportunities to automate, analyze, and make decisions. Although such systems demonstrates excellent capabilities in the artificial language generation and processing of complex tasks, there are also troubling new security and privacy challenges. These risks are not typically priced by standard cybersecurity methods due to the size and creation of LLMs. In this paper, the security and privacy problems associated with LLMs are discussed by first taking a look at the structure and life cycle of the system. In this paper, we further illustrate how design choices lead to different attack levels and categorize vulnerabilities according to OWASP Top 10 for LLM application. It delves into such threats as prompt injection, data poisoning, insecure supply networks, and model theft. Defense mechanisms, including a defense scheme derived from NIST AI Risk Management Framework, and technical defenses to reduce a set of specific vulnerabilities are also analyzed in the study.

1.1 Emergence of a New Security Paradigm That same complexity and power transformative to the point that it has created a new vulnerability to security that cannot be handled by conventional cybersecurity. Application of the technologies is often quick, consumer-driven and it is normally quicker than development of workable security control. This has been causing a grave and imminent danger to the organisations which are using strong AI applications without even comprehending or dealing with their vulnerabilities. The most apparent instances of the Gap between Adoption and Security Preparedness, including the leaked information through Samsung in 2023, where its workers unconsciously transferred a highly confidential company information to the ChatGPT service can, possibly, be deemed high profile. Weak security settings of many selfhosted or locally deployed LLM solutions are deployed with default settings that often expose sensitive data, and they have not been designed with privacy concerns in mind.

Finally, the paper addresses future challenges such as governance issues, regulations, and future research that are expected to play a role in developing more secure and reliable AI systems. Key Words: Large Language Models, LLM Security, Artificial Intelligence Security, OWASP Top 10 for LLMs, Prompt Injection, Data Poisoning, NIST AI Risk Management Framework, Generative AI, Cybersecurity

1.INTRODUCTION Large Language Models (LLM) are extensively trained AI models designed to understand and generate human natural language using giant textual data as input. These also have the basis of deep learning architecture and can learn grammar, meaning, and context by using massive amounts of book, article, and web information. In late 2022, the usage of tools such as OpenAI ChatGPT accelerated the use of these capabilities, making them more widely used by globally. This is because today, LLMs are utilized in the fields of search engines, automated writing, programming assistance, translation, and data processing. This development includes a development in the Natural Language Processing (NLP) to higher generality platforms which are in service of reason, and adaptable to circumstances, than are specifications.

© 2025, IRJET

|

Impact Factor value: 8.315

The dilemma of dual-use of this new security situation. On the one hand, LLMs are becoming a necessity when it comes to cybersecurity. They are capable of processing big data, in order to enhance threat intelligence, vulnerability discovery and accelerate incident response. Conversely, bad actors are also using the same patterns to develop seemingly legitimate phishing messages and compose novel malicious and fake information than previously. In this context, one important distinction is that the security of the trained model, and its

|

ISO 9001:2008 Certified Journal

|

Page 141


Turn static files into dynamic content formats.

Create a flipbook
A Comprehensive Survey of Security and Privacy in Large Language Models: Vulnerabilities, Defenses, by IRJET Journal - Issuu