Publicação
Navigating the Risks and Safeguards of Large Language Models (LLMs): Addressing Data Privacy, Security, and Ethical Concerns
| datacite.subject.fos | Ciências Naturais::Ciências da Computação e da Informação | pt_PT |
| dc.contributor.advisor | Rio, José Américo Alves Sustelo | |
| dc.contributor.author | Jarząbkowski, Mikołaj | |
| dc.date.accessioned | 2025-11-12T16:03:47Z | |
| dc.date.embargo | 2026-10-29 | |
| dc.date.issued | 2025-10-29 | |
| dc.description | Dissertation presented as the partial requirement for obtaining a Master's degree in Data Science and Advanced Analytics, specialization in Data Science | pt_PT |
| dc.description.abstract | This thesis explores the privacy, security, and ethical risks of large language models (LLMs) and proposes practical defenses to reduce these risks when using LLMs in real-world settings. After reviewing existing research, three representative vulnerabilities - cognitive prompt injection via persona roleplay, data extraction through repeated token sequences, and fine‑tuning backdoors activated by rare triggers - were examined through experiment on a state‑of‑the‑art LLM. For each scenario, specific defenses were designed and tested: an extra output-scanning step to catch policy violations, an inference‑time filter to block excessive token repetitions, and a combined rare‑token filter with a prompt‑classification step. The results showed that these defenses significantly lowered the success rate of attacks, although none offered complete protection, although no single approach achieves perfect scores. Expert consultations with security and quality‑assurance professionals supported these findings and pointed out on-going challenges in stress‑testing, red‑teaming, and maintaining usability while ensuring strong safeguards. Based on both experimental results and expert feedback, the thesis provides practical recommendations for safely integrating LLMs. These include prompt engineering guidelines, layered output checks, input sanitization, access controls, privacy-focused training methods, ongoing red-teaming, and governance measures that comply with GDPR, CCPA, and other upcoming AI regulations. | pt_PT |
| dc.identifier.tid | 204075360 | |
| dc.identifier.uri | http://hdl.handle.net/10362/190605 | |
| dc.language.iso | eng | pt_PT |
| dc.rights.uri | http://creativecommons.org/licenses/by/4.0/ | pt_PT |
| dc.subject | Large Language Models | pt_PT |
| dc.subject | LLM Security | pt_PT |
| dc.subject | Prompt Injection | pt_PT |
| dc.subject | Data Extraction | pt_PT |
| dc.subject | Backdoor Attacks | pt_PT |
| dc.subject | Defense Mechanisms | pt_PT |
| dc.subject | Output Scanning | pt_PT |
| dc.subject | Input Validation | pt_PT |
| dc.subject | Differential Privacy | pt_PT |
| dc.subject | Ethical AI | pt_PT |
| dc.subject | AI Governance | pt_PT |
| dc.subject | Design Science Research | pt_PT |
| dc.subject | Empirical Evaluation | pt_PT |
| dc.subject | Red-Teaming | pt_PT |
| dc.subject | Regulatory Compliance | pt_PT |
| dc.subject | SDG 9 - Industry, innovation and infrastructure | pt_PT |
| dc.subject | SDG 16 - Peace, justice and strong institutions | pt_PT |
| dc.subject | SDG 17 - Partnerships for the goals | pt_PT |
| dc.title | Navigating the Risks and Safeguards of Large Language Models (LLMs): Addressing Data Privacy, Security, and Ethical Concerns | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.embargofct | Without loss of any copyright regarding my dissertation and the right to use it in future works (such as articles or books), I declare that: I grant NOVA University Lisbon and its agents, through its institutional repository, a non-exclusive license to archive and make my dissertation accessible under the conditions stated below. I authorize NOVA University Lisbon to archive, without further content changes, and make any file conversions necessary for long-term preservation and access. My dissertation can be made available on NOVA's Institutional Repository in the following way: | pt_PT |
| rcaap.rights | embargoedAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Mestrado em Ciência de Dados e Métodos Analíticos Avançados, especialização em Data Science | pt_PT |