Skip to main content

The Problem

There is no way to know just when malicious code will arrive in an LLM’s response, but it’s a safe bet that it will eventually happen. For example, an engineer asks the LLM for an example of code that will help them get past an obstacle in the code they are writing. One of two outcomes occurs: The LLM provides an accurate example of source code, but the code contains malicious imports that are not obvious to the engineer. Or the code provided by the LLM works and is not malware, but it is a poor-quality solution that then becomes an integral part of the product and causes functionality issues down the line.

The Challenge

In either case, untested code is introduced into the organization’s source code and deployed with no oversight or due diligence. The potential exists for damage to the system dependent on the code, whether that system is a product, a technical operation, or infrastructure controls, which could lead to reputational harm, financial losses, and diminished consumer trust, if not even more serious issues, such as security breaches or data exfiltration.

The Solution

CalypsoAI Moderator scans every incoming response for malicious code, such as spyware or malware. If such content is detected, it is blocked from entering the system. All details of the interaction are recorded, providing full auditability and attribution, aiding in root cause analyses.