1:"$Sreact.fragment"
2:I[69286,["/_next/static/chunks/e70cf233ca02384a.js","/_next/static/chunks/c72270908abd0eb3.js","/_next/static/chunks/d27307698ed538b1.js"],"default"]
3:I[83977,["/_next/static/chunks/e70cf233ca02384a.js","/_next/static/chunks/c72270908abd0eb3.js","/_next/static/chunks/d27307698ed538b1.js"],"Image"]
e:I[99456,["/_next/static/chunks/b292ef59945299fb.js","/_next/static/chunks/db1ed03dad8fa1ad.js"],"OutletBoundary"]
f:"$Sreact.suspense"
0:{"buildId":"hEyQdfANp7GcGtypER5lV","rsc":["$","$1","c",{"children":[["$","article",null,{"className":"container py-12 md:py-20","children":["$","div",null,{"className":"max-w-3xl mx-auto","children":[["$","$L2",null,{"ref":null,"href":"/fr/blog","localeCookie":{"name":"NEXT_LOCALE","sameSite":"lax"},"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-arrow-left mr-2 h-4 w-4","aria-hidden":"true","children":[["$","path","1l729n",{"d":"m12 19-7-7 7-7"}],["$","path","x3x0zl",{"d":"M19 12H5"}],"$undefined"]}]," Retour au blog"],"data-slot":"button","className":"inline-flex items-center justify-center gap-2 whitespace-nowrap rounded-md text-sm font-medium disabled:pointer-events-none disabled:opacity-50 [&_svg]:pointer-events-none [&_svg:not([class*='size-'])]:size-4 shrink-0 [&_svg]:shrink-0 outline-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive dark:hover:bg-accent/50 h-9 px-4 py-2 has-[>svg]:px-3 mb-8 pl-0 hover:pl-0 hover:bg-transparent text-slate-500 hover:text-primary transition-colors"}],["$","div",null,{"className":"space-y-6 mb-12","children":[["$","div",null,{"className":"flex flex-wrap gap-2","children":["$","span",null,{"data-slot":"badge","className":"inline-flex items-center justify-center rounded-full border font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden border-transparent [a&]:hover:bg-primary/90 bg-primary/10 text-primary hover:bg-primary/20 border-none text-sm px-3 py-1"}]}],["$","h1",null,{"className":"text-3xl md:text-5xl font-bold leading-tight","children":"Sécuriser vos LLMs : Top 5 des vulnérabilités (OWASP Top 10 for LLMs)"}],["$","div",null,{"className":"relative w-full aspect-video rounded-xl overflow-hidden my-8 shadow-lg","children":["$","$L3",null,{"src":"/images/blog_securiser_llms.png","alt":"Sécuriser vos LLMs : Top 5 des vulnérabilités (OWASP Top 10 for LLMs)","fill":true,"className":"object-cover","priority":true}]}],["$","div",null,{"className":"flex flex-wrap items-center gap-6 text-slate-500 text-sm border-b border-slate-100 dark:border-slate-800 pb-8","children":[["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":16,"height":16,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-user","aria-hidden":"true","children":[["$","path","975kel",{"d":"M19 21v-2a4 4 0 0 0-4-4H9a4 4 0 0 0-4 4v2"}],["$","circle","17ys0d",{"cx":"12","cy":"7","r":"4"}],"$undefined"]}],["$","span",null,{"className":"font-medium text-slate-900 dark:text-slate-200","children":"Guillaume Hochard"}]]}],["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":16,"height":16,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-calendar","aria-hidden":"true","children":[["$","path","1cmpym",{"d":"M8 2v4"}],["$","path","4m81vk",{"d":"M16 2v4"}],["$","rect","1hopcy",{"width":"18","height":"18","x":"3","y":"4","rx":"2"}],["$","path","8toen8",{"d":"M3 10h18"}],"$undefined"]}],["$","span",null,{"children":"2025-06-20"}]]}],["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":16,"height":16,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-clock","aria-hidden":"true","children":["$L4","$L5","$undefined"]}],"$L6"]}]]}]]}],"$L7","$L8"]}]}],null,"$L9"]}],"loading":null,"isPartial":false}
4:["$","path","mmk7yg",{"d":"M12 6v6l4 2"}]
5:["$","circle","1mglay",{"cx":"12","cy":"12","r":"10"}]
6:["$","span",null,{"children":"5 min"}]
7:["$","div",null,{"className":"prose prose-lg dark:prose-invert max-w-none","children":["$","article",null,{"className":"prose prose-lg max-w-none prose-headings:font-heading prose-a:text-primary hover:prose-a:text-primary-700","children":[["$","h2","h2-0",{"className":"text-3xl font-semibold mb-4 mt-12 text-gray-800 border-b pb-2","children":"L'insécurité par design ?"}],"\n",["$","p","p-0",{"className":"mb-4 text-gray-600 leading-relaxed","children":"Les Large Language Models (LLMs) sont par nature non déterministes et difficiles à contrôler. Lorsqu'on les connecte à des systèmes critiques ou à des données sensibles, on expose l'entreprise à des risques nouveaux. L'OWASP a publié un Top 10 spécifique aux LLMs. Voici les 5 plus critiques."}],"\n",["$","h2","h2-1",{"className":"text-3xl font-semibold mb-4 mt-12 text-gray-800 border-b pb-2","children":"1. Prompt Injection"}],"\n",["$","p","p-1",{"className":"mb-4 text-gray-600 leading-relaxed","children":"C'est la faille reine. Un attaquant manipule les instructions du modèle pour lui faire contourner ses garde-fous."}],"\n",["$","ul","ul-0",{"className":"list-disc pl-6 mb-4 space-y-2","children":["\n",["$","li","li-0",{"className":"text-gray-600","children":[["$","strong","strong-0",{"children":"Risque"}]," : Exécution de code arbitraire, vol de données, génération de contenu haineux."]}],"\n",["$","li","li-1",{"className":"text-gray-600","children":[["$","strong","strong-0",{"children":"Parade"}]," : Séparer strictement les instructions système des données utilisateur, utiliser des délimiteurs clairs, et valider les inputs."]}],"\n"]}],"\n",["$","h2","h2-2",{"className":"text-3xl font-semibold mb-4 mt-12 text-gray-800 border-b pb-2","children":"2. Insecure Output Handling"}],"\n",["$","p","p-2",{"className":"mb-4 text-gray-600 leading-relaxed","children":"Faire confiance aveuglément à la sortie d'un LLM est dangereux. Si le LLM génère du JavaScript qui est exécuté directement dans le navigateur d'un utilisateur, c'est une faille XSS (Cross-Site Scripting)."}],"\n",["$","ul","ul-1",{"className":"list-disc pl-6 mb-4 space-y-2","children":["\n",["$","li","li-0",{"className":"text-gray-600","children":[["$","strong","strong-0",{"children":"Parade"}]," : Traiter les outputs de LLM comme des données non fiables. Encoder, assainir et valider avant toute utilisation."]}],"\n"]}],"\n",["$","h2","h2-3",{"className":"text-3xl font-semibold mb-4 mt-12 text-gray-800 border-b pb-2","children":"3. Training Data Poisoning"}],"\n",["$","p","p-3",{"className":"mb-4 text-gray-600 leading-relaxed","children":"Si vous fine-tunez un modèle sur des données externes, un attaquant peut \"empoisonner\" ces données pour introduire des biais ou des backdoors."}],"\n",["$","ul","ul-2",{"className":"list-disc pl-6 mb-4 space-y-2","children":["\n",["$","li","li-0",{"className":"text-gray-600","children":[["$","strong","strong-0",{"children":"Parade"}]," : Vérifier rigoureusement la provenance et l'intégrité des datasets d'entraînement (Supply Chain Security)."]}],"\n"]}],"\n",["$","h2","h2-4",{"className":"text-3xl font-semibold mb-4 mt-12 text-gray-800 border-b pb-2","children":"4. Model Denial of Service (DoS)"}],"\n",["$","p","p-4",{"className":"mb-4 text-gray-600 leading-relaxed","children":"Les LLMs sont coûteux en ressources. Un attaquant peut envoyer des requêtes complexes conçues pour surcharger le serveur et faire exploser la facture."}],"\n",["$","ul","ul-3",{"className":"list-disc pl-6 mb-4 space-y-2","children":["\n",["$","li","li-0",{"className":"text-gray-600","children":[["$","strong","strong-0",{"children":"Parade"}]," : Rate limiting strict, plafonnement des coûts, et timeouts sur les requêtes."]}],"\n"]}],"\n",["$","h2","h2-5",{"className":"text-3xl font-semibold mb-4 mt-12 text-gray-800 border-b pb-2","children":"5. Sensitive Information Disclosure"}],"\n","$La","\n","$Lb","\n","$Lc","\n","$Ld"]}]}]
8:["$","div",null,{"className":"mt-12 pt-8 border-t border-slate-100 dark:border-slate-800","children":[["$","h3",null,{"className":"text-lg font-semibold mb-4","children":"Tags"}],["$","div",null,{"className":"flex flex-wrap gap-2","children":[["$","span","Sécurité",{"data-slot":"badge","className":"inline-flex items-center justify-center rounded-full border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-slate-600","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":12,"height":12,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-tag mr-1","aria-hidden":"true","children":[["$","path","vktsd0",{"d":"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"}],["$","circle","kqv944",{"cx":"7.5","cy":"7.5","r":".5","fill":"currentColor"}],"$undefined"]}]," ","Sécurité"]}],["$","span","LLM",{"data-slot":"badge","className":"inline-flex items-center justify-center rounded-full border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-slate-600","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":12,"height":12,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-tag mr-1","aria-hidden":"true","children":[["$","path","vktsd0",{"d":"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"}],["$","circle","kqv944",{"cx":"7.5","cy":"7.5","r":".5","fill":"currentColor"}],"$undefined"]}]," ","LLM"]}],["$","span","Cybersécurité",{"data-slot":"badge","className":"inline-flex items-center justify-center rounded-full border px-2 py-0.5 text-xs font-medium w-fit whitespace-nowrap shrink-0 [&>svg]:size-3 gap-1 [&>svg]:pointer-events-none focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px] aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive transition-[color,box-shadow] overflow-hidden [a&]:hover:bg-accent [a&]:hover:text-accent-foreground text-slate-600","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":12,"height":12,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-tag mr-1","aria-hidden":"true","children":[["$","path","vktsd0",{"d":"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"}],["$","circle","kqv944",{"cx":"7.5","cy":"7.5","r":".5","fill":"currentColor"}],"$undefined"]}]," ","Cybersécurité"]}]]}]]}]
9:["$","$Le",null,{"children":["$","$f",null,{"name":"Next.MetadataOutlet","children":"$@10"}]}]
a:["$","p","p-5",{"className":"mb-4 text-gray-600 leading-relaxed","children":"Le modèle peut révéler des secrets (clés API, données personnelles) présents dans ses données d'entraînement ou dans le contexte de la conversation."}]
b:["$","ul","ul-4",{"className":"list-disc pl-6 mb-4 space-y-2","children":["\n",["$","li","li-0",{"className":"text-gray-600","children":[["$","strong","strong-0",{"children":"Parade"}]," : Nettoyage des données (Data Sanitization) et mise en place de filtres de sortie pour détecter les patterns sensibles (emails, numéros de carte bleue)."]}],"\n"]}]
c:["$","h2","h2-6",{"className":"text-3xl font-semibold mb-4 mt-12 text-gray-800 border-b pb-2","children":"Conclusion"}]
d:["$","p","p-6",{"className":"mb-4 text-gray-600 leading-relaxed","children":"La sécurité des LLMs est un champ de bataille en évolution rapide. Ne déployez jamais un modèle en production sans une stratégie de défense en profondeur."}]
10:null